Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

CVSS: 8.1 · CWE: CWE-79

View on NVD

Server-side request forgery (ssrf) in Microsoft Exchange allows an authorized attacker to elevate privileges over a network.

CVSS: 9.9 · CWE: CWE-918

View on NVD

In Microsoft Exchange through 2019, Exchange ActiveSync (EAS) configurations on on-premises servers may transmit sensitive data from Samsung mobile devices in cleartext, including the user's name, e-mail address, device ID, bearer token, and base64-encoded password.

CVSS: 7.5 · CWE: CWE-319

View on NVD

Improper input validation in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.

CVSS: 7.5 · CWE: CWE-20

View on NVD

Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.

CVSS: 8.8 · CWE: CWE-1390

View on NVD

Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

CVSS: 7.5 · CWE: CWE-20

View on NVD

Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally.

CVSS: 8.4 · CWE: CWE-303

View on NVD

Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an unauthorized attacker to disclose information over a network.

CVSS: 7.5 · CWE: CWE-200

View on NVD

Microsoft Exchange Server Spoofing Vulnerability

CVSS: 7.5 · CWE: CWE-451

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-426

View on NVD

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS: 9.8 · CWE: CWE-287

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.0 · CWE: CWE-502

View on NVD

Microsoft Exchange Server Spoofing Vulnerability

CVSS: 8.0 · CWE: CWE-502

View on NVD

Microsoft Exchange Server Spoofing Vulnerability

CVSS: 8.0 · CWE: CWE-502

View on NVD

Microsoft Exchange Server Spoofing Vulnerability

CVSS: 8.0 · CWE: CWE-502

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.0 · CWE: CWE-426

View on NVD

Microsoft Exchange Server Spoofing Vulnerability

CVSS: 8.0 · CWE: CWE-502

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.0 · CWE: CWE-502

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.0 · CWE: CWE-502

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.0 · CWE: CWE-502

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-23

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.0 · CWE: CWE-502

View on NVD

Microsoft Exchange Server Spoofing Vulnerability

CVSS: 8.8 · CWE: CWE-502

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.0 · CWE: CWE-502

View on NVD

Microsoft Exchange Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-20

View on NVD

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS: 9.8 · CWE: CWE-307

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-502

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.0 · CWE: CWE-502

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 7.2 · CWE: CWE-502

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-502

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-502

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-502

View on NVD

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS: 7.8 · CWE: CWE-426

View on NVD

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS: 7.8 · CWE: CWE-426

View on NVD

Microsoft Exchange Server Spoofing Vulnerability

CVSS: 8.0 · CWE: CWE-502

View on NVD

Microsoft Exchange Server Information Disclosure Vulnerability

CVSS: 7.5 · CWE: CWE-918

View on NVD

Microsoft Exchange Server Spoofing Vulnerability

CVSS: 8.0 · CWE: CWE-502

View on NVD

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS: 7.8 · CWE: N/A

View on NVD

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS: 8.8 · CWE: N/A

View on NVD

Microsoft Exchange Server Spoofing Vulnerability

CVSS: 8.0 · CWE: N/A

View on NVD

Microsoft Exchange Server Spoofing Vulnerability

CVSS: 8.0 · CWE: N/A

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.0 · CWE: CWE-502

View on NVD

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS: 8.8 · CWE: CWE-918

View on NVD

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS: 8.0 · CWE: N/A

View on NVD

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS: 8.0 · CWE: N/A

View on NVD

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS: 8.0 · CWE: N/A

View on NVD

Local privilege escalation in Windows products of ESET allows user who is logged into the system to exploit repair feature of the installer to run malicious code with higher privileges. This issue affects: ESET, spol. s r.o. ESET NOD32 Antivirus 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Internet Security 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Smart Security Prem…

CVSS: 7.3 · CWE: CWE-280

View on NVD

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS: 8.2 · CWE: N/A

View on NVD

Privilege escalation vulnerability in Windows products of ESET, spol. s r.o. allows attacker to exploit "Repair" and "Uninstall" features what may lead to arbitrary file deletion. This issue affects: ESET, spol. s r.o. ESET NOD32 Antivirus 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Internet Security 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Smart Security Premium 11…

CVSS: 7.1 · CWE: CWE-280

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: N/A

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 9.0 · CWE: N/A

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 9.0 · CWE: N/A

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 9.0 · CWE: N/A

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: N/A

View on NVD

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS: 8.0 · CWE: CWE-269

View on NVD

Microsoft Exchange Server Denial of Service Vulnerability

CVSS: 7.5 · CWE: N/A

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 9.0 · CWE: N/A

View on NVD

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS: 9.0 · CWE: N/A

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 9.1 · CWE: CWE-918

View on NVD

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS: 8.0 · CWE: N/A

View on NVD

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS: 8.0 · CWE: N/A

View on NVD

Microsoft Exchange Server Information Disclosure Vulnerability

CVSS: 7.3 · CWE: N/A

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 7.6 · CWE: N/A

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 7.2 · CWE: N/A

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 7.8 · CWE: CWE-20

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 9.0 · CWE: N/A

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: N/A

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 9.8 · CWE: N/A

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 9.8 · CWE: N/A

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 9.1 · CWE: N/A

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 7.8 · CWE: CWE-22

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 7.8 · CWE: N/A

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 7.8 · CWE: CWE-502

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 9.1 · CWE: CWE-918

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 9.1 · CWE: N/A

View on NVD

Microsoft Exchange Remote Code Execution Vulnerability

CVSS: 8.4 · CWE: CWE-502

View on NVD

Microsoft Exchange Server Information Disclosure Vulnerability

CVSS: 8.8 · CWE: N/A

View on NVD

Microsoft Exchange Remote Code Execution Vulnerability

CVSS: 9.1 · CWE: N/A

View on NVD

Microsoft Exchange Remote Code Execution Vulnerability

CVSS: 8.4 · CWE: N/A

View on NVD

Microsoft Exchange Remote Code Execution Vulnerability

CVSS: 9.1 · CWE: N/A

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.5 · CWE: CWE-120

View on NVD

An information disclosure vulnerability exists in how Microsoft Exchange validates tokens when handling certain messages. An attacker who successfully exploited the vulnerability could use this to gain further information from a user.

To exploit the vulnerability, an attacker could include specially crafted OWA messages that could be loaded, without warning or filtering, from the attack…

CVSS: 7.1 · CWE: N/A

View on NVD

A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments.

An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. Exploitation of the vulnerability requires an authenticated user in a certain Exchange role to be compromised.

The security update addresses th…

CVSS: 8.4 · CWE: CWE-74

View on NVD

Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data Loss Prevention (DLP) before 11.6.1, IBM Notes 8.5.x, IBM Lotus Domino 8.5.x before 8.5.3 FP4, and other products, allow remote attackers to execute…

CVSS: 7.8 · CWE: N/A

View on NVD

An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'.

CVSS: 8.1 · CWE: N/A

View on NVD

A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.

CVSS: 8.8 · CWE: CWE-287

View on NVD

A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell, aka 'Microsoft Exchange Remote Code Execution Vulnerability'.

CVSS: 9.8 · CWE: CWE-502

View on NVD

A denial of service vulnerability exists in Microsoft Exchange Server software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Denial of Service Vulnerability'.

CVSS: 7.5 · CWE: N/A

View on NVD

An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'.

CVSS: 8.1 · CWE: N/A

View on NVD

An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0686.

CVSS: 8.1 · CWE: N/A

View on NVD

An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0724.

CVSS: 7.4 · CWE: N/A

View on NVD

A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server.

CVSS: 9.8 · CWE: CWE-787

View on NVD

An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.

CVSS: 7.4 · CWE: N/A

View on NVD

A remote code execution vulnerability exists in the way Microsoft Exchange software parses specially crafted email messages, aka "Microsoft Exchange Remote Code Execution Vulnerability." This affects Microsoft Exchange Server.

CVSS: 7.8 · CWE: CWE-20

View on NVD

Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page.

CVSS: 8.6 · CWE: CWE-918

View on NVD

A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server.

CVSS: 9.8 · CWE: CWE-787

View on NVD

A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server. This CVE ID is unique from CVE-2018-8151.

CVSS: 9.8 · CWE: CWE-787

View on NVD

A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption, aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability." This affects Windows Defender, Windows Intune Endpoint Protection, Microsoft Security Essentials, Microsoft System Center Endpoint Protection, Microsof…

CVSS: 8.8 · CWE: CWE-787

View on NVD

Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access (OWA) validates web requests, aka "Microsoft Exchange Spoofing Vulnerability".

CVSS: 8.1 · CWE: CWE-20

View on NVD

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to remote code execution. aka "Microsoft Malware Protection En…

CVSS: 7.8 · CWE: CWE-119

View on NVD