Sharepoint Server
by Microsoft
CVEs (575)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2011-1890 | 0.02 | — | 0.20 | Sep 15, 2011 | Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka "Editform Script Injection Vulnerability." | |||
| CVE-2010-1264 | 0.02 | — | 0.24 | Jun 8, 2010 | Unspecified vulnerability in Microsoft Windows SharePoint Services 3.0 SP1 and SP2 allows remote attackers to cause a denial of service (hang) via crafted requests to the Help page that cause repeated restarts of the application pool, aka "Sharepoint Help Page Denial of Service… | |||
| CVE-2010-1257 | 0.02 | — | 0.22 | Jun 8, 2010 | Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services 3.0 SP1 and SP2; and Internet Explorer 8 allows remote attackers to inject… | |||
| CVE-2010-0264 | 0.02 | — | 0.21 | Mar 10, 2010 | Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel DbOrParamQry… | |||
| CVE-2010-0263 | 0.02 | — | 0.26 | Mar 10, 2010 | Microsoft Office Excel 2007 SP1 and SP2; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; and Office SharePoint Server 2007 SP1 and SP2 do not… | |||
| CVE-2010-0262 | 0.02 | — | 0.21 | Mar 10, 2010 | Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers access of an uninitialized stack variable, aka "Microsoft Office Excel… | |||
| CVE-2010-0261 | 0.02 | — | 0.23 | Mar 10, 2010 | Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a MDXSET record is broken up… | |||
| CVE-2010-0260 | 0.02 | — | 0.23 | Mar 10, 2010 | Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in… | |||
| CVE-2009-0560 | 0.02 | — | 0.28 | Jun 10, 2009 | Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft… | |||
| CVE-2009-0559 | 0.02 | — | 0.29 | Jun 10, 2009 | Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "String Copy Stack-Based Overrun Vulnerability." | |||
| CVE-2009-0558 | 0.02 | — | 0.31 | Jun 10, 2009 | Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Array Indexing Memory Corruption… | |||
| CVE-2009-0549 | 0.02 | — | 0.28 | Jun 10, 2009 | Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Microsoft Office Excel Viewer 2003 SP3 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed… | |||
| CVE-2005-0049 | 0.02 | — | 0.20 | May 2, 2005 | Windows SharePoint Services and SharePoint Team Services for Windows Server 2003 does not properly validate an HTTP redirection query, which allows remote attackers to inject arbitrary HTML and web script via a cross-site scripting (XSS) attack, or to spoof the web cache. | |||
| CVE-2025-47163 | 0.01 | — | 0.12 | Jun 10, 2025 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||
| CVE-2025-29793 | 0.01 | — | 0.16 | Apr 8, 2025 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||
| CVE-2024-38024 | 0.01 | — | 0.51 | Jul 9, 2024 | Microsoft SharePoint Server Remote Code Execution Vulnerability | |||
| CVE-2024-38023 | 0.01 | — | 0.53 | Jul 9, 2024 | Microsoft SharePoint Server Remote Code Execution Vulnerability | |||
| CVE-2024-30044 | 0.01 | — | 0.84 | May 14, 2024 | Microsoft SharePoint Server Remote Code Execution Vulnerability | |||
| CVE-2023-33160 | 0.01 | — | 0.05 | Jul 11, 2023 | Microsoft SharePoint Server Remote Code Execution Vulnerability | |||
| CVE-2023-33157 | 0.01 | — | 0.44 | Jul 11, 2023 | Microsoft SharePoint Remote Code Execution Vulnerability |
- CVE-2011-1890Sep 15, 2011risk 0.02cvss —epss 0.20
Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka "Editform Script Injection Vulnerability."
- CVE-2010-1264Jun 8, 2010risk 0.02cvss —epss 0.24
Unspecified vulnerability in Microsoft Windows SharePoint Services 3.0 SP1 and SP2 allows remote attackers to cause a denial of service (hang) via crafted requests to the Help page that cause repeated restarts of the application pool, aka "Sharepoint Help Page Denial of Service…
- CVE-2010-1257Jun 8, 2010risk 0.02cvss —epss 0.22
Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services 3.0 SP1 and SP2; and Internet Explorer 8 allows remote attackers to inject…
- CVE-2010-0264Mar 10, 2010risk 0.02cvss —epss 0.21
Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel DbOrParamQry…
- CVE-2010-0263Mar 10, 2010risk 0.02cvss —epss 0.26
Microsoft Office Excel 2007 SP1 and SP2; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; and Office SharePoint Server 2007 SP1 and SP2 do not…
- CVE-2010-0262Mar 10, 2010risk 0.02cvss —epss 0.21
Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers access of an uninitialized stack variable, aka "Microsoft Office Excel…
- CVE-2010-0261Mar 10, 2010risk 0.02cvss —epss 0.23
Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a MDXSET record is broken up…
- CVE-2010-0260Mar 10, 2010risk 0.02cvss —epss 0.23
Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in…
- CVE-2009-0560Jun 10, 2009risk 0.02cvss —epss 0.28
Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft…
- CVE-2009-0559Jun 10, 2009risk 0.02cvss —epss 0.29
Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "String Copy Stack-Based Overrun Vulnerability."
- CVE-2009-0558Jun 10, 2009risk 0.02cvss —epss 0.31
Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Array Indexing Memory Corruption…
- CVE-2009-0549Jun 10, 2009risk 0.02cvss —epss 0.28
Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Microsoft Office Excel Viewer 2003 SP3 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed…
- CVE-2005-0049May 2, 2005risk 0.02cvss —epss 0.20
Windows SharePoint Services and SharePoint Team Services for Windows Server 2003 does not properly validate an HTTP redirection query, which allows remote attackers to inject arbitrary HTML and web script via a cross-site scripting (XSS) attack, or to spoof the web cache.
- CVE-2025-47163Jun 10, 2025risk 0.01cvss —epss 0.12
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- CVE-2025-29793Apr 8, 2025risk 0.01cvss —epss 0.16
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- CVE-2024-38024Jul 9, 2024risk 0.01cvss —epss 0.51
Microsoft SharePoint Server Remote Code Execution Vulnerability
- CVE-2024-38023Jul 9, 2024risk 0.01cvss —epss 0.53
Microsoft SharePoint Server Remote Code Execution Vulnerability
- CVE-2024-30044May 14, 2024risk 0.01cvss —epss 0.84
Microsoft SharePoint Server Remote Code Execution Vulnerability
- CVE-2023-33160Jul 11, 2023risk 0.01cvss —epss 0.05
Microsoft SharePoint Server Remote Code Execution Vulnerability
- CVE-2023-33157Jul 11, 2023risk 0.01cvss —epss 0.44
Microsoft SharePoint Remote Code Execution Vulnerability
Page 13 of 29