Sharepoint Server Security Vulnerabilities and Issues — Sharepoint Server CVE List

Lucene search

MicrosoftSharepoint Server

28 matches found

CVE•added 2018/12/12 12:29 a.m.•482 views

CVE-2018-8628

A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Microsoft PowerPoint, Microsoft SharePoint, ...

9.3CVSS6.1AI score0.35597EPSS

CVE•added 2018/04/12 1:29 a.m.•376 views

CVE-2018-1028

A remote code execution vulnerability exists when the Office graphics component improperly handles specially crafted embedded fonts, aka "Microsoft Office Graphics Remote Code Execution Vulnerability." This affects Word, Microsoft Office, Microsoft SharePoint, Excel, Microsoft SharePoint Server.

9.3CVSS8.3AI score0.29608EPSS

CVE•added 2018/08/15 5:29 p.m.•176 views

CVE-2018-8378

An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Word, Microsoft SharePoint Server, Microso...

5.5CVSS4.9AI score0.23003EPSS

CVE•added 2018/09/13 12:29 a.m.•175 views

CVE-2018-8426

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint.

5.4CVSS5.5AI score0.00257EPSS

CVE•added 2018/01/10 1:29 a.m.•170 views

CVE-2018-0797

Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF content is handled, aka "Microsoft Word Memory Corruption Vulnerability".

9.3CVSS8.2AI score0.44732EPSS

CVE•added 2018/01/10 1:29 a.m.•109 views

CVE-2018-0792

Microsoft Word 2016 in Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0794.

9.3CVSS8.8AI score0.60791EPSS

CVE•added 2018/01/10 1:29 a.m.•101 views

CVE-2018-0789

Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0790.

9CVSS8.5AI score0.14659EPSS

CVE•added 2018/07/11 12:29 a.m.•93 views

CVE-2018-8284

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microso...

9.3CVSS7.3AI score0.53408EPSS

CVE•added 2018/12/12 12:29 a.m.•85 views

CVE-2018-8627

An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Micros...

5.5CVSS4.9AI score0.19881EPSS

CVE•added 2018/11/14 1:29 a.m.•83 views

CVE-2018-8539

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Microsoft SharePoint Server, Microsoft Office. This CVE ID is unique from CVE-2018-8573.

9.3CVSS7.9AI score0.16422EPSS

CVE•added 2018/12/12 12:29 a.m.•77 views

CVE-2018-8580

An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF), aka "Microsoft SharePoint Information Disclosure Vulnerability." This affects Microso...

4.3CVSS4AI score0.06494EPSS

CVE•added 2018/11/14 1:29 a.m.•76 views

CVE-2018-8568

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoin...

5.4CVSS6.3AI score0.00427EPSS

CVE•added 2018/05/09 7:29 p.m.•74 views

CVE-2018-8161

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Word, Word, Microsoft Office, Microsoft SharePoint. This CVE ID is unique from C...

9.3CVSS7.7AI score0.24873EPSS

CVE•added 2018/09/13 12:29 a.m.•74 views

CVE-2018-8431

5.4CVSS5.6AI score0.00427EPSS

CVE•added 2018/03/14 5:29 p.m.•72 views

CVE-2018-0919

Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint...

4.3CVSS4.9AI score0.06725EPSS

CVE•added 2018/05/09 7:29 p.m.•71 views

CVE-2018-8160

An information disclosure vulnerability exists in Outlook when a message is opened, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Word, Microsoft Office.

6.5CVSS6.1AI score0.19761EPSS

CVE•added 2018/10/10 1:29 p.m.•70 views

CVE-2018-8504

A remote code execution vulnerability exists in Microsoft Word software when the software fails to properly handle objects in Protected View, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Microsoft SharePoint Server, Office 365 ProPlus, Microsoft Office, Microsoft Word.

9.3CVSS8.8AI score0.17486EPSS

CVE•added 2018/11/14 1:29 a.m.•69 views

CVE-2018-8572

5.4CVSS6.3AI score0.00427EPSS

CVE•added 2018/03/14 5:29 p.m.•68 views

CVE-2018-0922

Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013...

9.3CVSS7.8AI score0.19242EPSS

CVE•added 2018/12/12 12:29 a.m.•68 views

CVE-2018-8635

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted authentication request to an affected SharePoint server, aka "Microsoft SharePoint Server Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, M...

8.8CVSS4.9AI score0.12974EPSS

CVE•added 2018/05/09 7:29 p.m.•66 views

CVE-2018-8168

5.4CVSS5.5AI score0.00473EPSS

CVE•added 2018/06/14 12:29 p.m.•66 views

CVE-2018-8254

5.4CVSS5.5AI score0.00869EPSS

CVE•added 2018/05/09 7:29 p.m.•64 views

CVE-2018-8149

5.4CVSS5.5AI score0.00473EPSS

CVE•added 2018/05/09 7:29 p.m.•64 views

CVE-2018-8156

5.4CVSS5.5AI score0.00473EPSS

CVE•added 2018/06/14 12:29 p.m.•63 views

CVE-2018-8252

5.4CVSS5.5AI score0.00869EPSS

CVE•added 2018/04/12 1:29 a.m.•58 views

CVE-2018-1032

5.4CVSS5.5AI score0.00536EPSS

CVE•added 2018/05/09 7:29 p.m.•56 views

CVE-2018-8155

5.4CVSS5.5AI score0.00473EPSS

CVE•added 2018/02/15 2:29 a.m.•55 views

CVE-2018-0864

SharePoint Project Server 2013 and SharePoint Enterprise Server 2016 allow an information disclosure vulnerability due to how web requests are handled, aka "Microsoft SharePoint Information Disclosure Vulnerability".

5.4CVSS5.3AI score0.01094EPSS