Filtered by vendor Microsoft Subscriptions
Filtered by product Exchange Server Subscriptions
Total 228 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-49040 1 Microsoft 1 Exchange Server 2024-11-21 7.5 High
Microsoft Exchange Server Spoofing Vulnerability
CVE-2021-26412 1 Microsoft 1 Exchange Server 2024-11-19 9.1 Critical
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2020-17085 1 Microsoft 1 Exchange Server 2024-11-15 6.2 Medium
Microsoft Exchange Server Denial of Service Vulnerability
CVE-2022-21969 1 Microsoft 1 Exchange Server 2024-11-14 9 Critical
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2022-21855 1 Microsoft 1 Exchange Server 2024-11-14 9 Critical
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2022-21846 1 Microsoft 1 Exchange Server 2024-11-14 9 Critical
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2024-21410 1 Microsoft 1 Exchange Server 2024-10-09 9.8 Critical
Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2017-11932 1 Microsoft 1 Exchange Server 2024-09-17 N/A
Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access (OWA) validates web requests, aka "Microsoft Exchange Spoofing Vulnerability".
CVE-2017-11761 1 Microsoft 1 Exchange Server 2024-09-17 N/A
Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016 allow an input sanitization issue with Microsoft Exchange that could potentially result in unintended Information Disclosure, aka "Microsoft Exchange Information Disclosure Vulnerability"
CVE-2002-1790 1 Microsoft 3 Exchange Server, Internet Information Server, Internet Information Services 2024-09-17 N/A
The SMTP service in Microsoft Internet Information Services (IIS) 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682.
CVE-2017-8559 1 Microsoft 1 Exchange Server 2024-09-17 N/A
Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability". This CVE ID is unique from CVE-2017-8560.
CVE-2017-11940 1 Microsoft 9 Exchange Server, Forefront Endpoint Protection 2010, Malware Protection Engine and 6 more 2024-09-17 N/A
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to remote code execution. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability". This is different than CVE-2017-11937.
CVE-2018-0940 1 Microsoft 1 Exchange Server 2024-09-17 N/A
Microsoft Exchange Outlook Web Access (OWA) in Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumulative Update 7, and Microsoft Exchange Server 2016 Cumulative Update 8 allows an elevation of privilege vulnerability due to how links in the body of an email message are rewritten, aka "Microsoft Exchange Elevation of Privilege Vulnerability".
CVE-2010-1690 1 Microsoft 5 Exchange Server, Windows 2000, Windows Server 2003 and 2 more 2024-09-16 N/A
The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 does not verify that transaction IDs of responses match transaction IDs of queries, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.
CVE-2017-8621 1 Microsoft 1 Exchange Server 2024-09-16 N/A
Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an open redirect vulnerability that could lead to spoofing, aka "Microsoft Exchange Open Redirect Vulnerability".
CVE-2018-0924 1 Microsoft 1 Exchange Server 2024-09-16 N/A
Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumulative Update 7, and Microsoft Exchange Server 2016 Cumulative Update 8 allow an information disclosure vulnerability due to how URL redirects are handled, aka "Microsoft Exchange Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0941.
CVE-2002-1876 1 Microsoft 1 Exchange Server 2024-09-16 N/A
Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS.
CVE-2017-11937 1 Microsoft 9 Exchange Server, Forefront Endpoint Protection 2010, Malware Protection Engine and 6 more 2024-09-16 N/A
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to remote code execution. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability".
CVE-2010-1689 1 Microsoft 5 Exchange Server, Windows 2000, Windows Server 2003 and 2 more 2024-09-16 N/A
The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 uses predictable transaction IDs that are formed by incrementing a previous ID by 1, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.
CVE-2017-8560 1 Microsoft 1 Exchange Server 2024-09-16 N/A
Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability". This CVE ID is unique from CVE-2017-8559.