Product:

Exchange_server

(Microsoft)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 215
Date Id Summary Products Score Patch Annotated
2023-10-10 CVE-2023-36778 Microsoft Exchange Server Remote Code Execution Vulnerability Exchange_server 8.0
2023-11-14 CVE-2023-36035 Microsoft Exchange Server Spoofing Vulnerability Exchange_server 8.0
2023-11-14 CVE-2023-36039 Microsoft Exchange Server Spoofing Vulnerability Exchange_server 8.0
2023-11-14 CVE-2023-36050 Microsoft Exchange Server Spoofing Vulnerability Exchange_server 8.0
2023-11-14 CVE-2023-36439 Microsoft Exchange Server Remote Code Execution Vulnerability Exchange_server 8.0
2021-03-03 CVE-2021-26855 Microsoft Exchange Server Remote Code Execution Vulnerability Exchange_server 9.1
2020-02-11 CVE-2020-0688 A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'. Exchange_server 8.8
2021-07-14 CVE-2021-34523 Microsoft Exchange Server Elevation of Privilege Vulnerability Exchange_server 9.0
2020-09-11 CVE-2020-16875 <p>A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments.</p> <p>An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. Exploitation of the vulnerability requires an authenticated user in a certain Exchange role to be compromised.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Exchange handles cmdlet arguments.</p> Exchange_server 8.4
2020-10-16 CVE-2020-16969 <p>An information disclosure vulnerability exists in how Microsoft Exchange validates tokens when handling certain messages. An attacker who successfully exploited the vulnerability could use this to gain further information from a user.</p> <p>To exploit the vulnerability, an attacker could include specially crafted OWA messages that could be loaded, without warning or filtering, from the attacker-controlled URL. This callback vector provides an information disclosure tactic used in web... Exchange_server 7.1