Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Exchange_server
(Microsoft)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 216 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 1999-08-06 | CVE-1999-0682 | Microsoft Exchange 5.5 allows a remote attacker to relay email (i.e. spam) using encapsulated SMTP addresses, even if the anti-relaying features are enabled. | Exchange_server | N/A | ||
| 2001-03-12 | CVE-1999-0945 | Buffer overflow in Internet Mail Service (IMS) for Microsoft Exchange 5.5 and 5.0 allows remote attackers to conduct a denial of service via AUTH or AUTHINFO commands. | Exchange_server | N/A | ||
| 2002-08-12 | CVE-2002-0698 | Buffer overflow in Internet Mail Connector (IMC) for Microsoft Exchange Server 5.5 allows remote attackers to execute arbitrary code via an EHLO request from a system with a long name as obtained through a reverse DNS lookup, which triggers the overflow in IMC's hello response. | Exchange_server | N/A | ||
| 2005-10-13 | CVE-2005-1987 | Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string. | Exchange_server, Windows_2000, Windows_server_2003, Windows_xp | N/A | ||
| 1998-01-01 | CVE-1999-0284 | Denial of service to NT mail servers including Ipswitch, Mdaemon, and Exchange through a buffer overflow in the SMTP HELO command. | Lotus_domino_mail_server, Exchange_server | N/A | ||
| 1999-12-13 | CVE-1999-0993 | Modifications to ACLs (Access Control Lists) in Microsoft Exchange 5.5 do not take effect until the directory store cache is refreshed. | Exchange_server | N/A | ||
| 2018-04-04 | CVE-2018-0986 | A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption, aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability." This affects Windows Defender, Windows Intune Endpoint Protection, Microsoft Security Essentials, Microsoft System Center Endpoint Protection, Microsoft Exchange Server, Microsoft System Center, Microsoft Forefront Endpoint Protection. | Exchange_server, Forefront_endpoint_protection_2010, Intune_endpoint_protection, Security_essentials, System_center_endpoint_protection, Windows_defender | 8.8 | ||
| 2020-02-11 | CVE-2020-0692 | An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'. | Exchange_server | 8.1 | ||
| 1998-11-12 | CVE-1999-1322 | The installation of 1ArcServe Backup and Inoculan AV client modules for Exchange create a log file, exchverify.log, which contains usernames and passwords in plaintext. | Arcserve_backup, Inoculan, Exchange_server | N/A | ||
| 2018-03-14 | CVE-2018-0941 | Microsoft Exchange Server 2016 Cumulative Update 7 and Microsoft Exchange Server 2016 Cumulative Update 8 allow an information disclosure vulnerability due to how data is imported, aka "Microsoft Exchange Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0924. | Exchange_server | 5.5 |