Exchange
CVEs (16)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-2415 | Med | 0.36 | 5.5 | 0.00 | Apr 18, 2016 | exchange/eas/EasAutoDiscover.java in the Autodiscover implementation in Exchange ActiveSync in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to obtain sensitive information via a crafted application that triggers a spoofed response to… | ||
| CVE-2020-0688 | 0.29 | — | 0.94 | KEV | Feb 11, 2020 | A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'. | ||
| CVE-2020-17132 | 0.09 | — | 0.80 | Dec 9, 2020 | Microsoft Exchange Remote Code Execution Vulnerability | |||
| CVE-2006-0027 | 0.09 | — | 0.72 | May 10, 2006 | Unspecified vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary code via e-mail messages with crafted (1) vCal or (2) iCal Calendar properties. | |||
| CVE-2006-0002 | 0.03 | — | 0.33 | Jan 10, 2006 | Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME… | |||
| CVE-2020-17141 | 0.02 | — | 0.28 | Dec 9, 2020 | Microsoft Exchange Remote Code Execution Vulnerability | |||
| CVE-2001-0660 | 0.02 | — | 0.20 | Oct 30, 2001 | Outlook Web Access (OWA) in Microsoft Exchange 5.5, SP4 and earlier, allows remote attackers to identify valid user email addresses by directly accessing a back-end function that processes the global address list (GAL). | |||
| CVE-2001-1319 | 0.01 | — | 0.11 | Jul 16, 2001 | Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite. | |||
| CVE-2001-0146 | 0.01 | — | 0.12 | Jun 2, 2001 | IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's. | |||
| CVE-2000-0216 | 0.01 | — | 0.13 | Feb 29, 2000 | Microsoft email clients in Outlook, Exchange, and Windows Messaging automatically respond to Read Receipt and Delivery Receipt tags, which could allow an attacker to flood a mail system with responses by forging a Read Receipt request that is redirected to a large distribution… | |||
| CVE-1999-0993 | 0.01 | — | 0.09 | Dec 13, 1999 | Modifications to ACLs (Access Control Lists) in Microsoft Exchange 5.5 do not take effect until the directory store cache is refreshed. | |||
| CVE-1999-0682 | 0.01 | — | 0.14 | Aug 6, 1999 | Microsoft Exchange 5.5 allows a remote attacker to relay email (i.e. spam) using encapsulated SMTP addresses, even if the anti-relaying features are enabled. | |||
| CVE-1999-0385 | 0.01 | — | 0.09 | Dec 1, 1998 | The LDAP bind function in Exchange 5.5 has a buffer overflow that allows a remote attacker to conduct a denial of service or execute commands. | |||
| CVE-2020-17142 | 0.00 | — | 0.01 | Dec 9, 2020 | Microsoft Exchange Remote Code Execution Vulnerability | |||
| CVE-2020-17117 | 0.00 | — | 0.06 | Dec 9, 2020 | Microsoft Exchange Remote Code Execution Vulnerability | |||
| CVE-2006-3718 | 0.00 | — | 0.04 | Jul 21, 2006 | Multiple unspecified vulnerabilities in Oracle Exchange for Oracle E-Business Suite and Applications 6.2.4 have unknown impact and attack vectors, aka Oracle Vuln# (1) APPS16 and (2) APPS17. |
- risk 0.36cvss 5.5epss 0.00
exchange/eas/EasAutoDiscover.java in the Autodiscover implementation in Exchange ActiveSync in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to obtain sensitive information via a crafted application that triggers a spoofed response to…
- risk 0.29cvss —epss 0.94
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.
- CVE-2020-17132Dec 9, 2020risk 0.09cvss —epss 0.80
Microsoft Exchange Remote Code Execution Vulnerability
- CVE-2006-0027May 10, 2006risk 0.09cvss —epss 0.72
Unspecified vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary code via e-mail messages with crafted (1) vCal or (2) iCal Calendar properties.
- CVE-2006-0002Jan 10, 2006risk 0.03cvss —epss 0.33
Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME…
- CVE-2020-17141Dec 9, 2020risk 0.02cvss —epss 0.28
Microsoft Exchange Remote Code Execution Vulnerability
- CVE-2001-0660Oct 30, 2001risk 0.02cvss —epss 0.20
Outlook Web Access (OWA) in Microsoft Exchange 5.5, SP4 and earlier, allows remote attackers to identify valid user email addresses by directly accessing a back-end function that processes the global address list (GAL).
- CVE-2001-1319Jul 16, 2001risk 0.01cvss —epss 0.11
Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite.
- CVE-2001-0146Jun 2, 2001risk 0.01cvss —epss 0.12
IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's.
- CVE-2000-0216Feb 29, 2000risk 0.01cvss —epss 0.13
Microsoft email clients in Outlook, Exchange, and Windows Messaging automatically respond to Read Receipt and Delivery Receipt tags, which could allow an attacker to flood a mail system with responses by forging a Read Receipt request that is redirected to a large distribution…
- CVE-1999-0993Dec 13, 1999risk 0.01cvss —epss 0.09
Modifications to ACLs (Access Control Lists) in Microsoft Exchange 5.5 do not take effect until the directory store cache is refreshed.
- CVE-1999-0682Aug 6, 1999risk 0.01cvss —epss 0.14
Microsoft Exchange 5.5 allows a remote attacker to relay email (i.e. spam) using encapsulated SMTP addresses, even if the anti-relaying features are enabled.
- CVE-1999-0385Dec 1, 1998risk 0.01cvss —epss 0.09
The LDAP bind function in Exchange 5.5 has a buffer overflow that allows a remote attacker to conduct a denial of service or execute commands.
- CVE-2020-17142Dec 9, 2020risk 0.00cvss —epss 0.01
Microsoft Exchange Remote Code Execution Vulnerability
- CVE-2020-17117Dec 9, 2020risk 0.00cvss —epss 0.06
Microsoft Exchange Remote Code Execution Vulnerability
- CVE-2006-3718Jul 21, 2006risk 0.00cvss —epss 0.04
Multiple unspecified vulnerabilities in Oracle Exchange for Oracle E-Business Suite and Applications 6.2.4 have unknown impact and attack vectors, aka Oracle Vuln# (1) APPS16 and (2) APPS17.