Sharepoint Foundation
by Microsoft
CVEs (185)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-27076 | 0.01 | — | 0.14 | Mar 11, 2021 | Microsoft SharePoint Server Remote Code Execution Vulnerability | |||
| CVE-2021-24072 | 0.01 | — | 0.02 | Feb 25, 2021 | Microsoft SharePoint Server Remote Code Execution Vulnerability | |||
| CVE-2021-24071 | 0.01 | — | 0.03 | Feb 25, 2021 | Microsoft SharePoint Information Disclosure Vulnerability | |||
| CVE-2021-24066 | 0.01 | — | 0.06 | Feb 25, 2021 | Microsoft SharePoint Remote Code Execution Vulnerability | |||
| CVE-2021-1726 | 0.01 | — | 0.02 | Feb 25, 2021 | Microsoft SharePoint Server Spoofing Vulnerability | |||
| CVE-2021-1707 | 0.01 | — | 0.04 | Jan 12, 2021 | Microsoft SharePoint Server Remote Code Execution Vulnerability | |||
| CVE-2020-17061 | 0.01 | — | 0.04 | Nov 11, 2020 | Microsoft SharePoint Remote Code Execution Vulnerability | |||
| CVE-2020-17017 | 0.01 | — | 0.04 | Nov 11, 2020 | Microsoft SharePoint Information Disclosure Vulnerability | |||
| CVE-2020-16979 | 0.01 | — | 0.03 | Nov 11, 2020 | Microsoft SharePoint Information Disclosure Vulnerability | |||
| CVE-2020-1444 | 0.01 | — | 0.09 | Jul 14, 2020 | A remote code execution vulnerability exists in the way Microsoft SharePoint software parses specially crafted email messages, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. | |||
| CVE-2020-1025 | 0.01 | — | 0.06 | Jul 14, 2020 | An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access. To exploit… | |||
| CVE-2020-1103 | 0.01 | — | 0.03 | May 21, 2020 | An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF).When users are simultaneously logged in to Microsoft SharePoint… | |||
| CVE-2019-1443 | 0.01 | — | 0.05 | Nov 12, 2019 | An information disclosure vulnerability exists in Microsoft SharePoint when an attacker uploads a specially crafted file to the SharePoint Server.An authenticated attacker who successfully exploited this vulnerability could potentially leverage SharePoint functionality to obtain… | |||
| CVE-2019-1330 | 0.01 | — | 0.02 | Oct 10, 2019 | An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1329. | |||
| CVE-2019-1260 | 0.01 | — | 0.02 | Sep 11, 2019 | An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. | |||
| CVE-2019-0958 | 0.01 | — | 0.03 | May 16, 2019 | An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0957. | |||
| CVE-2019-0950 | 0.01 | — | 0.02 | May 16, 2019 | A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0949, CVE-2019-0951. | |||
| CVE-2019-0949 | 0.01 | — | 0.02 | May 16, 2019 | A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0950, CVE-2019-0951. | |||
| CVE-2019-0956 | 0.01 | — | 0.05 | May 16, 2019 | An information disclosure vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Server Information Disclosure Vulnerability'. | |||
| CVE-2015-6039 | 0.01 | — | 0.09 | Oct 14, 2015 | Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via crafted content in an Office Marketplace instance, aka "Microsoft SharePoint Security… |
- CVE-2021-27076Mar 11, 2021risk 0.01cvss —epss 0.14
Microsoft SharePoint Server Remote Code Execution Vulnerability
- CVE-2021-24072Feb 25, 2021risk 0.01cvss —epss 0.02
Microsoft SharePoint Server Remote Code Execution Vulnerability
- CVE-2021-24071Feb 25, 2021risk 0.01cvss —epss 0.03
Microsoft SharePoint Information Disclosure Vulnerability
- CVE-2021-24066Feb 25, 2021risk 0.01cvss —epss 0.06
Microsoft SharePoint Remote Code Execution Vulnerability
- CVE-2021-1726Feb 25, 2021risk 0.01cvss —epss 0.02
Microsoft SharePoint Server Spoofing Vulnerability
- CVE-2021-1707Jan 12, 2021risk 0.01cvss —epss 0.04
Microsoft SharePoint Server Remote Code Execution Vulnerability
- CVE-2020-17061Nov 11, 2020risk 0.01cvss —epss 0.04
Microsoft SharePoint Remote Code Execution Vulnerability
- CVE-2020-17017Nov 11, 2020risk 0.01cvss —epss 0.04
Microsoft SharePoint Information Disclosure Vulnerability
- CVE-2020-16979Nov 11, 2020risk 0.01cvss —epss 0.03
Microsoft SharePoint Information Disclosure Vulnerability
- CVE-2020-1444Jul 14, 2020risk 0.01cvss —epss 0.09
A remote code execution vulnerability exists in the way Microsoft SharePoint software parses specially crafted email messages, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'.
- CVE-2020-1025Jul 14, 2020risk 0.01cvss —epss 0.06
An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access. To exploit…
- CVE-2020-1103May 21, 2020risk 0.01cvss —epss 0.03
An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF).When users are simultaneously logged in to Microsoft SharePoint…
- CVE-2019-1443Nov 12, 2019risk 0.01cvss —epss 0.05
An information disclosure vulnerability exists in Microsoft SharePoint when an attacker uploads a specially crafted file to the SharePoint Server.An authenticated attacker who successfully exploited this vulnerability could potentially leverage SharePoint functionality to obtain…
- CVE-2019-1330Oct 10, 2019risk 0.01cvss —epss 0.02
An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1329.
- CVE-2019-1260Sep 11, 2019risk 0.01cvss —epss 0.02
An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'.
- CVE-2019-0958May 16, 2019risk 0.01cvss —epss 0.03
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0957.
- CVE-2019-0950May 16, 2019risk 0.01cvss —epss 0.02
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0949, CVE-2019-0951.
- CVE-2019-0949May 16, 2019risk 0.01cvss —epss 0.02
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0950, CVE-2019-0951.
- CVE-2019-0956May 16, 2019risk 0.01cvss —epss 0.05
An information disclosure vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Server Information Disclosure Vulnerability'.
- CVE-2015-6039Oct 14, 2015risk 0.01cvss —epss 0.09
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via crafted content in an Office Marketplace instance, aka "Microsoft SharePoint Security…
Page 4 of 10