Exchange Server
by Microsoft
CVEs (233)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-0138 | Med | 0.29 | 4.3 | 0.13 | Sep 14, 2016 | Microsoft Exchange Server 2007 SP3, 2010 SP3, 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 misparses e-mail messages, which allows remote authenticated users to obtain sensitive Outlook application… | ||
| CVE-2022-41082 | 0.28 | — | 1.00 | KEV | Oct 3, 2022 | Microsoft Exchange Server Remote Code Execution Vulnerability | ||
| CVE-2021-42321 | 0.28 | — | 0.90 | KEV | Nov 10, 2021 | Microsoft Exchange Server Remote Code Execution Vulnerability | ||
| CVE-2018-8374 | Med | 0.28 | 4.3 | 0.03 | Aug 15, 2018 | A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data, aka "Microsoft Exchange Server Tampering Vulnerability." This affects Microsoft Exchange Server. | ||
| CVE-2022-41080 | 0.26 | — | 0.77 | KEV | Nov 9, 2022 | Microsoft Exchange Server Elevation of Privilege Vulnerability | ||
| CVE-2018-8581 | 0.25 | — | 0.28 | KEV | Nov 14, 2018 | An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server. | ||
| CVE-2021-26858 | 0.24 | — | 0.90 | KEV | Mar 2, 2021 | Microsoft Exchange Server Remote Code Execution Vulnerability | ||
| CVE-2021-26857 | 0.21 | — | 0.94 | KEV | Mar 2, 2021 | Microsoft Exchange Server Remote Code Execution Vulnerability | ||
| CVE-2021-33766 | 0.20 | — | 0.97 | KEV | Jul 14, 2021 | Microsoft Exchange Server Information Disclosure Vulnerability | ||
| CVE-2020-17144 | 0.19 | — | 0.37 | KEV | Dec 9, 2020 | Microsoft Exchange Remote Code Execution Vulnerability | ||
| CVE-2024-21410 | 0.12 | — | 0.13 | KEV | Feb 13, 2024 | Microsoft Exchange Server Elevation of Privilege Vulnerability | ||
| CVE-2021-31196 | 0.12 | — | 0.46 | KEV | Jul 14, 2021 | Microsoft Exchange Server Remote Code Execution Vulnerability | ||
| CVE-2020-16875 | 0.10 | — | 0.47 | Sep 11, 2020 | A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. Exploitation of the… | |||
| CVE-2022-23277 | 0.09 | — | 0.41 | Mar 9, 2022 | Microsoft Exchange Server Remote Code Execution Vulnerability | |||
| CVE-2006-0027 | 0.09 | — | 0.79 | May 10, 2006 | Unspecified vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary code via e-mail messages with crafted (1) vCal or (2) iCal Calendar properties. | |||
| CVE-2005-0560 | 0.09 | — | 0.69 | May 2, 2005 | Heap-based buffer overflow in the SvrAppendReceivedChunk function in xlsasink.dll in the SMTP service of Exchange Server 2000 and 2003 allows remote attackers to execute arbitrary code via a crafted X-LINK2STATE extended verb request to the SMTP port. | |||
| CVE-2003-0714 | 0.09 | — | 0.76 | Nov 17, 2003 | The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 allows remote attackers to cause a denial of service (memory exhaustion) by directly connecting to the SMTP service and sending a certain extended verb request, possibly triggering a buffer overflow in Exchange… | |||
| CVE-2019-0724 | 0.08 | — | 0.24 | Mar 6, 2019 | An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0686. | |||
| CVE-2007-0213 | 0.08 | — | 0.66 | May 8, 2007 | Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message. | |||
| CVE-2004-0574 | 0.08 | — | 0.68 | Nov 3, 2004 | The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper… |
- risk 0.29cvss 4.3epss 0.13
Microsoft Exchange Server 2007 SP3, 2010 SP3, 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 misparses e-mail messages, which allows remote authenticated users to obtain sensitive Outlook application…
- risk 0.28cvss —epss 1.00
Microsoft Exchange Server Remote Code Execution Vulnerability
- risk 0.28cvss —epss 0.90
Microsoft Exchange Server Remote Code Execution Vulnerability
- risk 0.28cvss 4.3epss 0.03
A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data, aka "Microsoft Exchange Server Tampering Vulnerability." This affects Microsoft Exchange Server.
- risk 0.26cvss —epss 0.77
Microsoft Exchange Server Elevation of Privilege Vulnerability
- risk 0.25cvss —epss 0.28
An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.
- risk 0.24cvss —epss 0.90
Microsoft Exchange Server Remote Code Execution Vulnerability
- risk 0.21cvss —epss 0.94
Microsoft Exchange Server Remote Code Execution Vulnerability
- risk 0.20cvss —epss 0.97
Microsoft Exchange Server Information Disclosure Vulnerability
- risk 0.19cvss —epss 0.37
Microsoft Exchange Remote Code Execution Vulnerability
- risk 0.12cvss —epss 0.13
Microsoft Exchange Server Elevation of Privilege Vulnerability
- risk 0.12cvss —epss 0.46
Microsoft Exchange Server Remote Code Execution Vulnerability
- CVE-2020-16875Sep 11, 2020risk 0.10cvss —epss 0.47
A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. Exploitation of the…
- CVE-2022-23277Mar 9, 2022risk 0.09cvss —epss 0.41
Microsoft Exchange Server Remote Code Execution Vulnerability
- CVE-2006-0027May 10, 2006risk 0.09cvss —epss 0.79
Unspecified vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary code via e-mail messages with crafted (1) vCal or (2) iCal Calendar properties.
- CVE-2005-0560May 2, 2005risk 0.09cvss —epss 0.69
Heap-based buffer overflow in the SvrAppendReceivedChunk function in xlsasink.dll in the SMTP service of Exchange Server 2000 and 2003 allows remote attackers to execute arbitrary code via a crafted X-LINK2STATE extended verb request to the SMTP port.
- CVE-2003-0714Nov 17, 2003risk 0.09cvss —epss 0.76
The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 allows remote attackers to cause a denial of service (memory exhaustion) by directly connecting to the SMTP service and sending a certain extended verb request, possibly triggering a buffer overflow in Exchange…
- CVE-2019-0724Mar 6, 2019risk 0.08cvss —epss 0.24
An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0686.
- CVE-2007-0213May 8, 2007risk 0.08cvss —epss 0.66
Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message.
- CVE-2004-0574Nov 3, 2004risk 0.08cvss —epss 0.68
The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper…
Page 4 of 12