Vulnerabilities (CVE)

Vendor filter

Microsoft Subscribe

Product filter

Exchange Server Subscribe

Filter

120 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-1084 1 Microsoft 9 Exchange Server, Lync, Lync Basic and 6 more 2019-07-22 4.0
An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display...
CVE-2019-1137 1 Microsoft 1 Exchange Server 2019-07-19 3.5
A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Server Spoofing Vulnerability'.
CVE-2019-1136 1 Microsoft 1 Exchange Server 2019-07-19 5.1
An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'.
CVE-2016-0032 1 Microsoft 1 Exchange Server 2019-06-01 4.3
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, 2013 Cumulative Update 11, and 2016 allows remote attackers to inject arbitrary web script or HTML via a...
CVE-2016-0031 1 Microsoft 1 Exchange Server 2019-06-01 4.3
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability," a different...
CVE-2016-0030 1 Microsoft 1 Exchange Server 2019-06-01 4.3
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange...
CVE-2016-0029 1 Microsoft 1 Exchange Server 2019-06-01 4.3
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability," a different...
CVE-2013-5072 1 Microsoft 1 Exchange Server 2019-06-01 4.3
Cross-site scripting (XSS) vulnerability in Outlook Web Access in Microsoft Exchange Server 2010 SP2 and SP3 and 2013 Cumulative Update 2 and 3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS Vulnerability."
CVE-2012-4791 1 Microsoft 1 Exchange Server 2019-06-01 3.5
Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS Feed May Cause Exchange DoS Vulnerability."
CVE-2010-3937 1 Microsoft 1 Exchange Server 2019-06-01 4.0
Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote authenticated users to cause a denial of service (infinite loop and MSExchangeIS outage) via a crafted RPC request, aka "Exchange Server Infinite Loop Vulnerability."
CVE-2008-2248 1 Microsoft 3 Outlook Web Access, Exchange Server, Exchange Srv 2019-06-01 4.3
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified HTML, a different vulnerability than CVE-2008-2247.
CVE-2005-0563 1 Microsoft 1 Exchange Server 2019-06-01 4.3
Cross-site scripting (XSS) vulnerability in Microsoft Outlook Web Access (OWA) component in Exchange Server 5.5 allows remote attackers to inject arbitrary web script or HTML via an email message with an encoded javascript: URL...
CVE-2005-0044 1 Microsoft 7 Windows 98, Windows 2003 Server, Windows 98se and 4 more 2019-04-30 7.5
The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the "Input...
CVE-2004-0574 1 Microsoft 4 Windows Nt, Exchange Server, Windows 2003 Server and 1 more 2019-04-30 10.0
The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns,...
CVE-2002-0055 1 Microsoft 3 Windows Xp, Exchange Server, Windows 2000 2019-04-30 5.0
SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request.
CVE-2002-0054 1 Microsoft 2 Exchange Server, Windows 2000 2019-04-30 7.5
SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command...
CVE-2019-0817 1 Microsoft 1 Exchange Server 2019-04-11 5.8
A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0858.
CVE-2019-0858 1 Microsoft 1 Exchange Server 2019-04-11 4.3
A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0817.
CVE-2017-8537 1 Microsoft 9 Windows Defender, Forefront Security, Malware Protection Engine and 6 more 2019-03-19 4.3
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511,...
CVE-2017-8536 1 Microsoft 9 Windows Defender, Forefront Security, Malware Protection Engine and 6 more 2019-03-19 4.3
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511,...