Filtered by vendor Microsoft
Subscriptions
Filtered by product Sharepoint Server
Subscriptions
Total
423 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-1203 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2024-08-04 | N/A |
| A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests. | ||||
| CVE-2019-1134 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2024-08-04 | N/A |
| A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. | ||||
| CVE-2019-1035 | 1 Microsoft | 4 Office, Office 365 Proplus, Office Online Server and 1 more | 2024-08-04 | 7.8 High |
| A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1034. | ||||
| CVE-2019-1034 | 1 Microsoft | 7 Office, Office 365 Proplus, Office Online Server and 4 more | 2024-08-04 | N/A |
| A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1035. | ||||
| CVE-2019-1032 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2024-08-04 | N/A |
| A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2019-1031, CVE-2019-1033, CVE-2019-1036. | ||||
| CVE-2019-1031 | 1 Microsoft | 4 Project Server, Sharepoint Enterprise Server, Sharepoint Foundation and 1 more | 2024-08-04 | N/A |
| A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2019-1032, CVE-2019-1033, CVE-2019-1036. | ||||
| CVE-2019-1036 | 1 Microsoft | 4 Project Server, Sharepoint Enterprise Server, Sharepoint Foundation and 1 more | 2024-08-04 | N/A |
| A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2019-1031, CVE-2019-1032, CVE-2019-1033. | ||||
| CVE-2019-1033 | 1 Microsoft | 4 Project Server, Sharepoint Enterprise Server, Sharepoint Foundation and 1 more | 2024-08-04 | N/A |
| A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2019-1031, CVE-2019-1032, CVE-2019-1036. | ||||
| CVE-2019-1006 | 1 Microsoft | 13 .net Framework, Identitymodel, Sharepoint Enterprise Server and 10 more | 2024-08-04 | N/A |
| An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'. | ||||
| CVE-2019-0950 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2024-08-04 | N/A |
| A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0949, CVE-2019-0951. | ||||
| CVE-2019-0958 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2024-08-04 | N/A |
| An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0957. | ||||
| CVE-2019-0949 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2024-08-04 | N/A |
| A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0950, CVE-2019-0951. | ||||
| CVE-2019-0957 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2024-08-04 | N/A |
| An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0958. | ||||
| CVE-2019-0831 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-08-04 | N/A |
| A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2019-0830. | ||||
| CVE-2019-0830 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-08-04 | N/A |
| A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2019-0831. | ||||
| CVE-2019-0585 | 1 Microsoft | 8 Office, Office 365 Proplus, Office Online Server and 5 more | 2024-08-04 | N/A |
| A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Word, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft SharePoint, Microsoft Office Online Server, Microsoft Word, Microsoft SharePoint Server. | ||||
| CVE-2019-0604 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-08-04 | 9.8 Critical |
| A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594. | ||||
| CVE-2019-0562 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2024-08-04 | N/A |
| An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. | ||||
| CVE-2019-0561 | 1 Microsoft | 6 Office, Office 365 Proplus, Office Web Apps Server and 3 more | 2024-08-04 | N/A |
| An information disclosure vulnerability exists when Microsoft Word macro buttons are used improperly, aka "Microsoft Word Information Disclosure Vulnerability." This affects Microsoft Word, Office 365 ProPlus, Microsoft Office, Word. | ||||
| CVE-2019-0594 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-08-04 | N/A |
| A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0604. | ||||