Sharepoint Server
by Microsoft
CVEs (575)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-16979 | 0.01 | — | 0.03 | Nov 11, 2020 | Microsoft SharePoint Information Disclosure Vulnerability | |||
| CVE-2020-16929 | 0.01 | — | 0.03 | Oct 16, 2020 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is… | |||
| CVE-2020-1338 | 0.01 | — | 0.04 | Sep 11, 2020 | A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current… | |||
| CVE-2020-1335 | 0.01 | — | 0.04 | Sep 11, 2020 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is… | |||
| CVE-2020-1218 | 0.01 | — | 0.04 | Sep 11, 2020 | A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current… | |||
| CVE-2020-1495 | 0.01 | — | 0.04 | Aug 17, 2020 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is… | |||
| CVE-2020-1444 | 0.01 | — | 0.09 | Jul 14, 2020 | A remote code execution vulnerability exists in the way Microsoft SharePoint software parses specially crafted email messages, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. | |||
| CVE-2020-1025 | 0.01 | — | 0.06 | Jul 14, 2020 | An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access. To exploit… | |||
| CVE-2020-1295 | 0.01 | — | 0.03 | Jun 9, 2020 | An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. | |||
| CVE-2020-1178 | 0.01 | — | 0.03 | Jun 9, 2020 | An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted authentication request to an affected SharePoint server, aka 'Microsoft SharePoint Server Elevation of Privilege Vulnerability'. | |||
| CVE-2020-1103 | 0.01 | — | 0.03 | May 21, 2020 | An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF).When users are simultaneously logged in to Microsoft SharePoint… | |||
| CVE-2019-1446 | 0.01 | — | 0.08 | Nov 12, 2019 | An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'. | |||
| CVE-2019-1443 | 0.01 | — | 0.05 | Nov 12, 2019 | An information disclosure vulnerability exists in Microsoft SharePoint when an attacker uploads a specially crafted file to the SharePoint Server.An authenticated attacker who successfully exploited this vulnerability could potentially leverage SharePoint functionality to obtain… | |||
| CVE-2019-1442 | 0.01 | — | 0.02 | Nov 12, 2019 | A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka 'Microsoft Office Security Feature Bypass Vulnerability'. | |||
| CVE-2019-1330 | 0.01 | — | 0.02 | Oct 10, 2019 | An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1329. | |||
| CVE-2019-1260 | 0.01 | — | 0.02 | Sep 11, 2019 | An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. | |||
| CVE-2019-1201 | 0.01 | — | 0.05 | Aug 14, 2019 | A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user.… | |||
| CVE-2019-1205 | 0.01 | — | 0.04 | Aug 14, 2019 | A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user.… | |||
| CVE-2019-1034 | 0.01 | — | 0.05 | Jun 12, 2019 | A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user.… | |||
| CVE-2019-1035 | 0.01 | — | 0.07 | Jun 12, 2019 | A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user.… |
- CVE-2020-16979Nov 11, 2020risk 0.01cvss —epss 0.03
Microsoft SharePoint Information Disclosure Vulnerability
- CVE-2020-16929Oct 16, 2020risk 0.01cvss —epss 0.03
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is…
- CVE-2020-1338Sep 11, 2020risk 0.01cvss —epss 0.04
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current…
- CVE-2020-1335Sep 11, 2020risk 0.01cvss —epss 0.04
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is…
- CVE-2020-1218Sep 11, 2020risk 0.01cvss —epss 0.04
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current…
- CVE-2020-1495Aug 17, 2020risk 0.01cvss —epss 0.04
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is…
- CVE-2020-1444Jul 14, 2020risk 0.01cvss —epss 0.09
A remote code execution vulnerability exists in the way Microsoft SharePoint software parses specially crafted email messages, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'.
- CVE-2020-1025Jul 14, 2020risk 0.01cvss —epss 0.06
An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access. To exploit…
- CVE-2020-1295Jun 9, 2020risk 0.01cvss —epss 0.03
An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'.
- CVE-2020-1178Jun 9, 2020risk 0.01cvss —epss 0.03
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted authentication request to an affected SharePoint server, aka 'Microsoft SharePoint Server Elevation of Privilege Vulnerability'.
- CVE-2020-1103May 21, 2020risk 0.01cvss —epss 0.03
An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF).When users are simultaneously logged in to Microsoft SharePoint…
- CVE-2019-1446Nov 12, 2019risk 0.01cvss —epss 0.08
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.
- CVE-2019-1443Nov 12, 2019risk 0.01cvss —epss 0.05
An information disclosure vulnerability exists in Microsoft SharePoint when an attacker uploads a specially crafted file to the SharePoint Server.An authenticated attacker who successfully exploited this vulnerability could potentially leverage SharePoint functionality to obtain…
- CVE-2019-1442Nov 12, 2019risk 0.01cvss —epss 0.02
A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka 'Microsoft Office Security Feature Bypass Vulnerability'.
- CVE-2019-1330Oct 10, 2019risk 0.01cvss —epss 0.02
An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1329.
- CVE-2019-1260Sep 11, 2019risk 0.01cvss —epss 0.02
An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'.
- CVE-2019-1201Aug 14, 2019risk 0.01cvss —epss 0.05
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user.…
- CVE-2019-1205Aug 14, 2019risk 0.01cvss —epss 0.04
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user.…
- CVE-2019-1034Jun 12, 2019risk 0.01cvss —epss 0.05
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user.…
- CVE-2019-1035Jun 12, 2019risk 0.01cvss —epss 0.07
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user.…
Page 16 of 29