Filtered by vendor Microsoft Subscriptions
Filtered by product Sharepoint Foundation Subscriptions
Total 228 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-1101 1 Microsoft 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server 2024-11-21 5.4 Medium
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1099, CVE-2020-1100, CVE-2020-1106.
CVE-2020-1100 1 Microsoft 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server 2024-11-21 5.4 Medium
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1099, CVE-2020-1101, CVE-2020-1106.
CVE-2020-1069 1 Microsoft 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server 2024-11-21 8.8 High
A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'.
CVE-2020-1025 1 Microsoft 7 Lync, Lync Server, Sharepoint Enterprise Server and 4 more 2024-11-21 9.8 Critical
An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access. To exploit this vulnerability, an attacker would need to modify the token. The update addresses the vulnerability by modifying how Microsoft SharePoint Server and Skype for Business Server validate tokens.
CVE-2020-1024 1 Microsoft 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server 2024-11-21 8.8 High
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1023, CVE-2020-1102.
CVE-2020-1023 1 Microsoft 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server 2024-11-21 8.8 High
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1024, CVE-2020-1102.
CVE-2020-17121 1 Microsoft 2 Sharepoint Foundation, Sharepoint Server 2024-11-21 8.8 High
Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2020-17120 1 Microsoft 2 Sharepoint Foundation, Sharepoint Server 2024-11-21 5.3 Medium
Microsoft SharePoint Information Disclosure Vulnerability
CVE-2020-17118 1 Microsoft 2 Sharepoint Foundation, Sharepoint Server 2024-11-21 8.1 High
Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2020-17115 1 Microsoft 2 Sharepoint Foundation, Sharepoint Server 2024-11-21 8 High
Microsoft SharePoint Server Spoofing Vulnerability
CVE-2020-17089 1 Microsoft 2 Sharepoint Foundation, Sharepoint Server 2024-11-21 7.1 High
Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2020-17061 1 Microsoft 2 Sharepoint Foundation, Sharepoint Server 2024-11-21 8.8 High
Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2020-17017 1 Microsoft 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server 2024-11-21 5.3 Medium
Microsoft SharePoint Information Disclosure Vulnerability
CVE-2020-17016 1 Microsoft 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server 2024-11-21 8 High
Microsoft SharePoint Server Spoofing Vulnerability
CVE-2020-17015 1 Microsoft 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server 2024-11-21 4.3 Medium
Microsoft SharePoint Server Spoofing Vulnerability
CVE-2020-16979 1 Microsoft 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server 2024-11-21 5.3 Medium
Microsoft SharePoint Information Disclosure Vulnerability
CVE-2020-16953 1 Microsoft 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server 2024-11-21 6.5 Medium
<p>An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.</p> <p>To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.</p> <p>The security update addresses the vulnerability by correcting how Microsoft SharePoint Server handles objects in memory.</p>
CVE-2020-16952 1 Microsoft 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server 2024-11-21 8.6 High
<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p> <p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p> <p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p>
CVE-2020-16951 1 Microsoft 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server 2024-11-21 8.6 High
<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p> <p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p> <p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p>
CVE-2020-16948 1 Microsoft 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server 2024-11-21 6.5 Medium
<p>An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.</p> <p>To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.</p> <p>The security update addresses the vulnerability by correcting how Microsoft SharePoint Server handles objects in memory.</p>