Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Exchange_server
(Microsoft)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 215 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-10-10 | CVE-2023-36778 | Microsoft Exchange Server Remote Code Execution Vulnerability | Exchange_server | 8.0 | ||
| 2023-11-14 | CVE-2023-36035 | Microsoft Exchange Server Spoofing Vulnerability | Exchange_server | 8.0 | ||
| 2023-11-14 | CVE-2023-36039 | Microsoft Exchange Server Spoofing Vulnerability | Exchange_server | 8.0 | ||
| 2023-11-14 | CVE-2023-36050 | Microsoft Exchange Server Spoofing Vulnerability | Exchange_server | 8.0 | ||
| 2023-11-14 | CVE-2023-36439 | Microsoft Exchange Server Remote Code Execution Vulnerability | Exchange_server | 8.0 | ||
| 2021-03-03 | CVE-2021-26855 | Microsoft Exchange Server Remote Code Execution Vulnerability | Exchange_server | 9.1 | ||
| 2020-02-11 | CVE-2020-0688 | A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'. | Exchange_server | 8.8 | ||
| 2021-07-14 | CVE-2021-34523 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Exchange_server | 9.0 | ||
| 2020-09-11 | CVE-2020-16875 | <p>A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments.</p> <p>An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. Exploitation of the vulnerability requires an authenticated user in a certain Exchange role to be compromised.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Exchange handles cmdlet arguments.</p> | Exchange_server | 8.4 | ||
| 2020-10-16 | CVE-2020-16969 | <p>An information disclosure vulnerability exists in how Microsoft Exchange validates tokens when handling certain messages. An attacker who successfully exploited the vulnerability could use this to gain further information from a user.</p> <p>To exploit the vulnerability, an attacker could include specially crafted OWA messages that could be loaded, without warning or filtering, from the attacker-controlled URL. This callback vector provides an information disclosure tactic used in web... | Exchange_server | 7.1 |