Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

CVSS: 8.1 · CWE: CWE-79

View on NVD

Server-side request forgery (ssrf) in Microsoft Exchange allows an authorized attacker to elevate privileges over a network.

CVSS: 9.9 · CWE: CWE-918

View on NVD

In Microsoft Exchange through 2019, Exchange ActiveSync (EAS) configurations on on-premises servers may transmit sensitive data from Samsung mobile devices in cleartext, including the user's name, e-mail address, device ID, bearer token, and base64-encoded password.

CVSS: 7.5 · CWE: CWE-319

View on NVD

User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

CVSS: 6.5 · CWE: CWE-345

View on NVD

User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

CVSS: 5.3 · CWE: CWE-451

View on NVD

Improper input validation in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.

CVSS: 7.5 · CWE: CWE-20

View on NVD

Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.

CVSS: 8.8 · CWE: CWE-1390

View on NVD

Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

CVSS: 7.5 · CWE: CWE-20

View on NVD

Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally.

CVSS: 8.4 · CWE: CWE-303

View on NVD

Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an unauthorized attacker to disclose information over a network.

CVSS: 7.5 · CWE: CWE-200

View on NVD

Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

CVSS: 5.3 · CWE: CWE-1286

View on NVD

Improper handling of additional special element in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

CVSS: 5.3 · CWE: CWE-167

View on NVD

Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tampering over a network.

CVSS: 6.5 · CWE: CWE-20

View on NVD

Microsoft Exchange Server Spoofing Vulnerability

CVSS: 7.5 · CWE: CWE-451

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-426

View on NVD

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS: 9.8 · CWE: CWE-287

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.0 · CWE: CWE-502

View on NVD

Microsoft Exchange Server Spoofing Vulnerability

CVSS: 8.0 · CWE: CWE-502

View on NVD

Microsoft Exchange Server Spoofing Vulnerability

CVSS: 8.0 · CWE: CWE-502

View on NVD

Microsoft Exchange Server Spoofing Vulnerability

CVSS: 8.0 · CWE: CWE-502

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.0 · CWE: CWE-426

View on NVD

Microsoft Exchange Server Information Disclosure Vulnerability

CVSS: 5.7 · CWE: CWE-502

View on NVD

Microsoft Exchange Server Spoofing Vulnerability

CVSS: 8.0 · CWE: CWE-502

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.0 · CWE: CWE-502

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.0 · CWE: CWE-502

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.0 · CWE: CWE-502

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-23

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.0 · CWE: CWE-502

View on NVD

Microsoft Exchange Server Spoofing Vulnerability

CVSS: 8.8 · CWE: CWE-502

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.0 · CWE: CWE-502

View on NVD

Microsoft Exchange Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-20

View on NVD

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS: 9.8 · CWE: CWE-307

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-502

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.0 · CWE: CWE-502

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 7.2 · CWE: CWE-502

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-502

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-502

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-502

View on NVD

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS: 7.8 · CWE: CWE-426

View on NVD

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS: 7.8 · CWE: CWE-426

View on NVD

Microsoft Exchange Server Spoofing Vulnerability

CVSS: 8.0 · CWE: CWE-502

View on NVD

Microsoft Exchange Server Information Disclosure Vulnerability

CVSS: 7.5 · CWE: CWE-918

View on NVD

Microsoft Exchange Server Spoofing Vulnerability

CVSS: 8.0 · CWE: CWE-502

View on NVD

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS: 7.8 · CWE: N/A

View on NVD

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS: 8.8 · CWE: N/A

View on NVD

Microsoft Exchange Server Spoofing Vulnerability

CVSS: 8.0 · CWE: N/A

View on NVD

Microsoft Exchange Server Spoofing Vulnerability

CVSS: 8.0 · CWE: N/A

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.0 · CWE: CWE-502

View on NVD

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS: 8.8 · CWE: CWE-918

View on NVD

Microsoft Exchange Server Information Disclosure Vulnerability

CVSS: 5.3 · CWE: CWE-200

View on NVD

Microsoft Exchange Server Information Disclosure Vulnerability

CVSS: 6.5 · CWE: N/A

View on NVD

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS: 8.0 · CWE: N/A

View on NVD

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS: 8.0 · CWE: N/A

View on NVD

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS: 8.0 · CWE: N/A

View on NVD

Microsoft Exchange Server Information Disclosure Vulnerability

CVSS: 4.8 · CWE: N/A

View on NVD

Local privilege escalation in Windows products of ESET allows user who is logged into the system to exploit repair feature of the installer to run malicious code with higher privileges. This issue affects: ESET, spol. s r.o. ESET NOD32 Antivirus 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Internet Security 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Smart Security Prem…

CVSS: 7.3 · CWE: CWE-280

View on NVD

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS: 8.2 · CWE: N/A

View on NVD

Privilege escalation vulnerability in Windows products of ESET, spol. s r.o. allows attacker to exploit "Repair" and "Uninstall" features what may lead to arbitrary file deletion. This issue affects: ESET, spol. s r.o. ESET NOD32 Antivirus 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Internet Security 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Smart Security Premium 11…

CVSS: 7.1 · CWE: CWE-280

View on NVD

Microsoft Exchange Server Spoofing Vulnerability

CVSS: 6.5 · CWE: N/A

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: N/A

View on NVD

A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an attacker to cause an Out of Memory exception. This package is used to read TNEF files (Microsoft Outlook and Microsoft Exchange Server). If an application uses poi-scratchpad to parse TNEF files and the application allows untrusted users to supply them, then a carefully crafted file can cause an Out of Memory exception. Th…

CVSS: 5.5 · CWE: CWE-20

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 9.0 · CWE: N/A

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 9.0 · CWE: N/A

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 9.0 · CWE: N/A

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: N/A

View on NVD

Microsoft Exchange Server Spoofing Vulnerability

CVSS: 6.5 · CWE: N/A

View on NVD

Microsoft Exchange Server Spoofing Vulnerability

CVSS: 6.5 · CWE: N/A

View on NVD

Microsoft Exchange Server Spoofing Vulnerability

CVSS: 6.5 · CWE: N/A

View on NVD

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS: 8.0 · CWE: CWE-269

View on NVD

Microsoft Exchange Server Denial of Service Vulnerability

CVSS: 7.5 · CWE: N/A

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 9.0 · CWE: N/A

View on NVD

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS: 9.0 · CWE: N/A

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 9.1 · CWE: CWE-918

View on NVD

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS: 8.0 · CWE: N/A

View on NVD

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS: 8.0 · CWE: N/A

View on NVD

Microsoft Exchange Server Information Disclosure Vulnerability

CVSS: 7.3 · CWE: N/A

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 7.6 · CWE: N/A

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 7.2 · CWE: N/A

View on NVD

Microsoft Exchange Server Spoofing Vulnerability

CVSS: 6.5 · CWE: CWE-290

View on NVD

Microsoft Exchange Server Security Feature Bypass Vulnerability

CVSS: 6.6 · CWE: CWE-434

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 7.8 · CWE: CWE-20

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 6.5 · CWE: CWE-290

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 9.0 · CWE: N/A

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: N/A

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 9.8 · CWE: N/A

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 9.8 · CWE: N/A

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 9.1 · CWE: N/A

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 7.8 · CWE: CWE-22

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 7.8 · CWE: N/A

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 7.8 · CWE: CWE-502

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 9.1 · CWE: CWE-918

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 6.6 · CWE: N/A

View on NVD

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 9.1 · CWE: N/A

View on NVD

Microsoft Exchange Server Spoofing Vulnerability

CVSS: 6.5 · CWE: N/A

View on NVD

A spoofing vulnerability exists in Microsoft Exchange Server which could result in an attack that would allow a malicious actor to impersonate the user.

This update addresses this vulnerability.

To prevent these types of attacks, Microsoft recommends customers to download inline images from different DNSdomains than the rest of OWA. Please see further instructions in the FAQ to p…

CVSS: 5.4 · CWE: N/A

View on NVD

A local (authenticated) low-privileged user can exploit a behavior in an ESET installer to achieve arbitrary file overwrite (deletion) of any file via a symlink, due to insecure permissions. The possibility of exploiting this vulnerability is limited and can only take place during the installation phase of ESET products. Furthermore, exploitation can only succeed when Self-Defense is disabled. Af…

CVSS: 5.5 · CWE: CWE-276

View on NVD

Microsoft Exchange Remote Code Execution Vulnerability

CVSS: 8.4 · CWE: CWE-502

View on NVD

Microsoft Exchange Server Information Disclosure Vulnerability

CVSS: 8.8 · CWE: N/A

View on NVD

Microsoft Exchange Remote Code Execution Vulnerability

CVSS: 9.1 · CWE: N/A

View on NVD

Microsoft Exchange Remote Code Execution Vulnerability

CVSS: 8.4 · CWE: N/A

View on NVD