VYPR

Exchange Server

by Microsoft

CVEs (233)

  • CVE-2016-0029MedJan 13, 2016
    risk 0.40cvss 6.1epss 0.08

    Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability," a different vulnerability than CVE-2016-0031.

  • CVE-2016-0028MedJun 16, 2016
    risk 0.38cvss 5.5epss 0.23

    Outlook Web Access (OWA) in Microsoft Exchange Server 2013 SP1, Cumulative Update 11, and Cumulative Update 12 and 2016 Gold and Cumulative Update 1 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML…

  • CVE-2018-0941MedMar 14, 2018
    risk 0.37cvss 5.5epss 0.13

    Microsoft Exchange Server 2016 Cumulative Update 7 and Microsoft Exchange Server 2016 Cumulative Update 8 allow an information disclosure vulnerability due to how data is imported, aka "Microsoft Exchange Information Disclosure Vulnerability". This CVE is unique from…

  • CVE-2025-25007MedAug 12, 2025
    risk 0.35cvss 5.3epss 0.01

    Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2025-25006MedAug 12, 2025
    risk 0.35cvss 5.3epss 0.01

    Improper handling of additional special element in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2018-8448MedOct 10, 2018
    risk 0.35cvss 5.4epss 0.03

    An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.

  • CVE-2018-8159MedMay 9, 2018
    risk 0.35cvss 5.4epss 0.03

    An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.

  • CVE-2018-8153MedMay 9, 2018
    risk 0.35cvss 5.4epss 0.03

    A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Spoofing Vulnerability." This affects Microsoft Exchange Server.

  • CVE-2018-8152MedMay 9, 2018
    risk 0.35cvss 5.4epss 0.03

    An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.

  • CVE-2017-11761MedSep 13, 2017
    risk 0.35cvss 5.3epss 0.07

    Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016 allow an input sanitization issue with Microsoft Exchange that could potentially result in unintended Information Disclosure, aka "Microsoft Exchange Information Disclosure Vulnerability"

  • CVE-2025-64667MedDec 9, 2025
    risk 0.34cvss 5.3epss 0.01

    User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2026-45502MedJun 9, 2026
    risk 0.33cvss 5.0epss 0.00

    Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.

  • CVE-2022-41040KEVOct 3, 2022
    risk 0.29cvss epss 1.00

    Microsoft Exchange Server Elevation of Privilege Vulnerability

  • CVE-2021-34523KEVJul 14, 2021
    risk 0.29cvss epss 1.00

    Microsoft Exchange Server Elevation of Privilege Vulnerability

  • CVE-2021-34473KEVJul 14, 2021
    risk 0.29cvss epss 1.00

    Microsoft Exchange Server Remote Code Execution Vulnerability

  • CVE-2021-31207KEVMay 11, 2021
    risk 0.29cvss epss 1.00

    Microsoft Exchange Server Security Feature Bypass Vulnerability

  • CVE-2021-27065KEVMar 2, 2021
    risk 0.29cvss epss 1.00

    Microsoft Exchange Server Remote Code Execution Vulnerability

  • CVE-2021-26855KEVMar 2, 2021
    risk 0.29cvss epss 1.00

    Microsoft Exchange Server Remote Code Execution Vulnerability

  • CVE-2020-0688KEVFeb 11, 2020
    risk 0.29cvss epss 1.00

    A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.

  • CVE-2018-8151MedMay 9, 2018
    risk 0.29cvss 4.3epss 0.08

    An information disclosure vulnerability exists when Microsoft Exchange improperly handles objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server. This CVE ID is unique from CVE-2018-8154.

Page 3 of 12