Sharepoint Server Security Vulnerabilities and Issues — Sharepoint Server CVE List

Lucene search

MicrosoftSharepoint Server

112 matches found

CVE•added 2020/03/12 4:15 p.m.•409 views

CVE-2020-0894

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0893.

5.4CVSS5.1AI score0.00898EPSS

CVE•added 2022/06/15 10:15 p.m.•200 views

CVE-2022-30172

Microsoft Office Information Disclosure Vulnerability

5.5CVSS6AI score0.04622EPSS

CVE•added 2023/01/10 10:15 p.m.•189 views

CVE-2023-21743

Microsoft SharePoint Server Security Feature Bypass Vulnerability

5.3CVSS6.4AI score0.0263EPSS

CVE•added 2018/08/15 5:29 p.m.•176 views

CVE-2018-8378

An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Word, Microsoft SharePoint Server, Microso...

5.5CVSS4.9AI score0.23003EPSS

CVE•added 2018/09/13 12:29 a.m.•175 views

CVE-2018-8426

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint.

5.4CVSS5.5AI score0.00257EPSS

CVE•added 2020/04/15 3:15 p.m.•166 views

CVE-2020-0927

5.4CVSS5.2AI score0.01102EPSS

CVE•added 2021/03/11 4:15 p.m.•151 views

CVE-2021-24104

Microsoft SharePoint Server Spoofing Vulnerability

5.8CVSS4.9AI score0.00618EPSS

CVE•added 2021/07/14 6:15 p.m.•136 views

CVE-2021-34519

Microsoft SharePoint Server Information Disclosure Vulnerability

5.3CVSS5.2AI score0.01132EPSS

CVE•added 2013/09/11 2:3 p.m.•131 views

CVE-2013-0081

Microsoft SharePoint Portal Server 2003 SP3 and SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 do not properly process unassigned workflows, which allows remote attackers to cause a denial of service (W3WP process hang) via a crafted URL, aka "SharePoint Denial of Service Vulnerability."

5CVSS6.4AI score0.60252EPSS

CVE•added 2020/06/09 8:15 p.m.•131 views

CVE-2020-1148

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-1289.

5.4CVSS5.7AI score0.00605EPSS

CVE•added 2022/02/09 5:15 p.m.•130 views

CVE-2022-22716

Microsoft Excel Information Disclosure Vulnerability

5.5CVSS5.4AI score0.0158EPSS

CVE•added 2013/03/13 12:55 a.m.•128 views

CVE-2013-0086

Microsoft OneNote 2010 SP1 does not properly determine buffer sizes during memory allocation, which allows remote attackers to obtain sensitive information via a crafted OneNote file, aka "Buffer Size Validation Vulnerability."

5CVSS6.1AI score0.24539EPSS

CVE•added 2021/01/12 8:15 p.m.•125 views

CVE-2021-1641

Microsoft SharePoint Server Spoofing Vulnerability

5.8CVSS5.5AI score0.00978EPSS

CVE•added 2021/07/14 6:15 p.m.•125 views

CVE-2021-34517

Microsoft SharePoint Server Spoofing Vulnerability

5.3CVSS6.2AI score0.01211EPSS

CVE•added 2020/04/15 3:15 p.m.•122 views

CVE-2020-0973

5.4CVSS5.2AI score0.01102EPSS

CVE•added 2020/08/17 7:15 p.m.•119 views

CVE-2020-1501

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.The attacke...

5.5CVSS6.2AI score0.01772EPSS

CVE•added 2020/04/15 3:15 p.m.•116 views

CVE-2020-0976

5.4CVSS5.3AI score0.00612EPSS

CVE•added 2020/05/21 11:15 p.m.•116 views

CVE-2020-1107

5.4CVSS5.4AI score0.00675EPSS

CVE•added 2020/04/15 3:15 p.m.•115 views

CVE-2020-0954

5.4CVSS5.2AI score0.01102EPSS

CVE•added 2020/04/15 3:15 p.m.•114 views

CVE-2020-0930

5.4CVSS5.2AI score0.01102EPSS

CVE•added 2020/07/14 11:15 p.m.•113 views

CVE-2020-1342

An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1445.

5.5CVSS6AI score0.28299EPSS

CVE•added 2020/06/09 8:15 p.m.•110 views

CVE-2020-1177

5.4CVSS5.1AI score0.00773EPSS

CVE•added 2020/08/17 7:15 p.m.•110 views

CVE-2020-1503

An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.To exploit the vulnerability, an attacker could craft a special documen...

5.5CVSS6.3AI score0.25763EPSS

CVE•added 2022/06/15 10:15 p.m.•109 views

CVE-2022-30171

Microsoft Office Information Disclosure Vulnerability

5.5CVSS6.2AI score0.04622EPSS

CVE•added 2020/03/12 4:15 p.m.•107 views

CVE-2020-0795

This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka 'Microsoft SharePoint R...

5.4CVSS5.3AI score0.00622EPSS

CVE•added 2020/04/15 3:15 p.m.•106 views

CVE-2020-0926

5.4CVSS5.2AI score0.01102EPSS

CVE•added 2020/10/16 11:15 p.m.•106 views

CVE-2020-16941

<p>An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages. An attacker who took advantage of this information disclosure could view the folder path of scripts loaded on the page.</p><p>To take advan...

5.5CVSS5.1AI score0.00344EPSS

CVE•added 2019/08/14 9:15 p.m.•104 views

CVE-2019-1203

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint ...

5.4CVSS5.2AI score0.00529EPSS

CVE•added 2019/04/09 3:29 a.m.•103 views

CVE-2019-0778

5.4CVSS5.7AI score0.00579EPSS

CVE•added 2020/04/15 3:15 p.m.•103 views

CVE-2020-0923

5.4CVSS5.2AI score0.01102EPSS

CVE•added 2022/11/09 10:15 p.m.•102 views

CVE-2022-41103

Microsoft Word Information Disclosure Vulnerability

5.5CVSS6.1AI score0.00285EPSS

CVE•added 2020/08/17 7:15 p.m.•100 views

CVE-2020-1502

5.5CVSS6.3AI score0.22521EPSS

CVE•added 2020/05/21 11:15 p.m.•99 views

CVE-2020-1099

5.4CVSS5.1AI score0.01851EPSS

CVE•added 2020/07/14 11:15 p.m.•99 views

CVE-2020-1456

5.4CVSS5.1AI score0.00656EPSS

CVE•added 2020/08/17 7:15 p.m.•98 views

CVE-2020-1499

5.5CVSS6.2AI score0.01717EPSS

CVE•added 2020/08/17 7:15 p.m.•97 views

CVE-2020-1573

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint ...

5.5CVSS6.1AI score0.01125EPSS

CVE•added 2019/04/09 9:29 p.m.•96 views

CVE-2019-0831

5.4CVSS5AI score0.00578EPSS

CVE•added 2021/01/12 8:15 p.m.•96 views

CVE-2021-1717

Microsoft SharePoint Server Spoofing Vulnerability

5.8CVSS5.5AI score0.00978EPSS

CVE•added 2020/04/15 3:15 p.m.•95 views

CVE-2020-0978

5.4CVSS5.2AI score0.01102EPSS

CVE•added 2020/06/09 8:15 p.m.•95 views

CVE-2020-1320

5.4CVSS5.1AI score0.00773EPSS

CVE•added 2017/04/12 2:59 p.m.•94 views

CVE-2017-0195

Microsoft Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1 and Office Online Server allows remote attackers to perform cross-site scripting and run script with local user ...

5.4CVSS5.2AI score0.01103EPSS

CVE•added 2019/11/12 7:15 p.m.•94 views

CVE-2019-1446

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.

5.5CVSS5.6AI score0.08477EPSS

CVE•added 2020/03/12 4:15 p.m.•94 views

CVE-2020-0893

5.4CVSS5.1AI score0.00898EPSS

CVE•added 2020/06/09 8:15 p.m.•94 views

CVE-2020-1297

5.4CVSS5.1AI score0.00773EPSS

CVE•added 2020/07/14 11:15 p.m.•94 views

CVE-2020-1445

An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1342.

5.5CVSS6.1AI score0.28299EPSS

CVE•added 2020/07/14 11:15 p.m.•94 views

CVE-2020-1450

5.4CVSS5.1AI score0.00656EPSS

CVE•added 2020/11/11 7:15 a.m.•94 views

CVE-2020-17060

Microsoft SharePoint Server Spoofing Vulnerability

5.8CVSS6.7AI score0.00617EPSS

CVE•added 2020/08/17 7:15 p.m.•93 views

CVE-2020-1505

An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.To exploit the vulnerability, an attacker would have...

5.5CVSS6.3AI score0.01174EPSS

CVE•added 2019/05/16 7:29 p.m.•92 views

CVE-2019-0949

5.7CVSS5.4AI score0.07161EPSS

CVE•added 2019/01/08 9:29 p.m.•91 views

CVE-2019-0558

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint, Micros...

5.4CVSS5.1AI score0.00485EPSS

Total number of security vulnerabilities112