Exchange Server
by Microsoft
CVEs (233)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2005-0044 | 0.03 | — | 0.33 | May 2, 2005 | The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the "Input Validation Vulnerability." | |||
| CVE-2002-0055 | 0.03 | — | 0.38 | Mar 8, 2002 | SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request. | |||
| CVE-2001-0146 | 0.03 | — | 0.37 | Jun 2, 2001 | IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's. | |||
| CVE-2023-38181 | 0.02 | — | 0.17 | Aug 8, 2023 | Microsoft Exchange Server Spoofing Vulnerability | |||
| CVE-2021-42305 | 0.02 | — | 0.08 | Nov 10, 2021 | Microsoft Exchange Server Spoofing Vulnerability | |||
| CVE-2021-27078 | 0.02 | — | 0.18 | Mar 2, 2021 | Microsoft Exchange Server Remote Code Execution Vulnerability | |||
| CVE-2021-26412 | 0.02 | — | 0.30 | Mar 2, 2021 | Microsoft Exchange Server Remote Code Execution Vulnerability | |||
| CVE-2019-0586 | 0.02 | — | 0.15 | Jan 8, 2019 | A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server. | |||
| CVE-2010-0025 | 0.02 | — | 0.21 | Apr 14, 2010 | The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by… | |||
| CVE-2009-0099 | 0.02 | — | 0.26 | Feb 10, 2009 | The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI… | |||
| CVE-2009-0098 | 0.02 | — | 0.25 | Feb 10, 2009 | Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption… | |||
| CVE-2008-2247 | 0.02 | — | 0.25 | Jul 8, 2008 | Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified e-mail fields, a different vulnerability than CVE-2008-2248. | |||
| CVE-2008-2248 | 0.02 | — | 0.25 | Jul 8, 2008 | Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified HTML, a different vulnerability than CVE-2008-2247. | |||
| CVE-2004-0203 | 0.02 | — | 0.21 | Nov 23, 2004 | Cross-site scripting (XSS) vulnerability in Outlook Web Access for Exchange Server 5.5 Service Pack 4 allows remote attackers to insert arbitrary script and spoof content in HTML email or web caches via an HTML redirect query. | |||
| CVE-2004-0840 | 0.02 | — | 0.30 | Nov 3, 2004 | The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a… | |||
| CVE-2002-0698 | 0.02 | — | 0.20 | Aug 12, 2002 | Buffer overflow in Internet Mail Connector (IMC) for Microsoft Exchange Server 5.5 allows remote attackers to execute arbitrary code via an EHLO request from a system with a long name as obtained through a reverse DNS lookup, which triggers the overflow in IMC's hello response. | |||
| CVE-2002-0054 | 0.02 | — | 0.22 | Mar 8, 2002 | SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials. | |||
| CVE-2001-1319 | 0.02 | — | 0.29 | Jul 16, 2001 | Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite. | |||
| CVE-1999-0945 | 0.02 | — | 0.20 | Mar 12, 2001 | Buffer overflow in Internet Mail Service (IMS) for Microsoft Exchange 5.5 and 5.0 allows remote attackers to conduct a denial of service via AUTH or AUTHINFO commands. | |||
| CVE-1999-0682 | 0.02 | — | 0.26 | Aug 6, 1999 | Microsoft Exchange 5.5 allows a remote attacker to relay email (i.e. spam) using encapsulated SMTP addresses, even if the anti-relaying features are enabled. |
- CVE-2005-0044May 2, 2005risk 0.03cvss —epss 0.33
The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the "Input Validation Vulnerability."
- CVE-2002-0055Mar 8, 2002risk 0.03cvss —epss 0.38
SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request.
- CVE-2001-0146Jun 2, 2001risk 0.03cvss —epss 0.37
IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's.
- CVE-2023-38181Aug 8, 2023risk 0.02cvss —epss 0.17
Microsoft Exchange Server Spoofing Vulnerability
- CVE-2021-42305Nov 10, 2021risk 0.02cvss —epss 0.08
Microsoft Exchange Server Spoofing Vulnerability
- CVE-2021-27078Mar 2, 2021risk 0.02cvss —epss 0.18
Microsoft Exchange Server Remote Code Execution Vulnerability
- CVE-2021-26412Mar 2, 2021risk 0.02cvss —epss 0.30
Microsoft Exchange Server Remote Code Execution Vulnerability
- CVE-2019-0586Jan 8, 2019risk 0.02cvss —epss 0.15
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server.
- CVE-2010-0025Apr 14, 2010risk 0.02cvss —epss 0.21
The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by…
- CVE-2009-0099Feb 10, 2009risk 0.02cvss —epss 0.26
The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI…
- CVE-2009-0098Feb 10, 2009risk 0.02cvss —epss 0.25
Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption…
- CVE-2008-2247Jul 8, 2008risk 0.02cvss —epss 0.25
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified e-mail fields, a different vulnerability than CVE-2008-2248.
- CVE-2008-2248Jul 8, 2008risk 0.02cvss —epss 0.25
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified HTML, a different vulnerability than CVE-2008-2247.
- CVE-2004-0203Nov 23, 2004risk 0.02cvss —epss 0.21
Cross-site scripting (XSS) vulnerability in Outlook Web Access for Exchange Server 5.5 Service Pack 4 allows remote attackers to insert arbitrary script and spoof content in HTML email or web caches via an HTML redirect query.
- CVE-2004-0840Nov 3, 2004risk 0.02cvss —epss 0.30
The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a…
- CVE-2002-0698Aug 12, 2002risk 0.02cvss —epss 0.20
Buffer overflow in Internet Mail Connector (IMC) for Microsoft Exchange Server 5.5 allows remote attackers to execute arbitrary code via an EHLO request from a system with a long name as obtained through a reverse DNS lookup, which triggers the overflow in IMC's hello response.
- CVE-2002-0054Mar 8, 2002risk 0.02cvss —epss 0.22
SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials.
- CVE-2001-1319Jul 16, 2001risk 0.02cvss —epss 0.29
Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite.
- CVE-1999-0945Mar 12, 2001risk 0.02cvss —epss 0.20
Buffer overflow in Internet Mail Service (IMS) for Microsoft Exchange 5.5 and 5.0 allows remote attackers to conduct a denial of service via AUTH or AUTHINFO commands.
- CVE-1999-0682Aug 6, 1999risk 0.02cvss —epss 0.26
Microsoft Exchange 5.5 allows a remote attacker to relay email (i.e. spam) using encapsulated SMTP addresses, even if the anti-relaying features are enabled.
Page 6 of 12