Product:

Sharepoint_server

(Microsoft)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 420
Date Id Summary Products Score Patch Annotated
2024-09-10 CVE-2024-38227 Microsoft SharePoint Server Remote Code Execution Vulnerability Sharepoint_server 7.2
2024-09-10 CVE-2024-38228 Microsoft SharePoint Server Remote Code Execution Vulnerability Sharepoint_server 7.2
2024-09-10 CVE-2024-43464 Microsoft SharePoint Server Remote Code Execution Vulnerability Sharepoint_server 7.2
2024-09-10 CVE-2024-43466 Microsoft SharePoint Server Denial of Service Vulnerability Sharepoint_server 7.5
2019-08-14 CVE-2019-1205 A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. The file could then take actions on behalf of the logged-on user with the same permissions as the current user. To exploit the vulnerability, a user must open a specially crafted file with an affected version of... Office, Office_365_proplus, Office_online_server, Sharepoint_server 7.8
2019-08-14 CVE-2019-1201 A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. The file could then take actions on behalf of the logged-on user with the same permissions as the current user. To exploit the vulnerability, a user must open a specially crafted file with an affected version of... Office, Office_365_proplus, Office_online_server, Office_web_apps, Office_web_apps_server, Sharepoint_enterprise_server, Sharepoint_server, Word 7.8
2019-08-14 CVE-2019-1202 An information disclosure vulnerability exists in the way Microsoft SharePoint handles session objects. An authenticated attacker who successfully exploited the vulnerability could hijack the session of another user. To exploit this vulnerability, the attacker could run a specially crafted application. The security update corrects how SharePoint handles session objects to prevent user session hijacking. Sharepoint_enterprise_server, Sharepoint_foundation, Sharepoint_server 4.4
2019-08-14 CVE-2019-1203 A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The... Sharepoint_enterprise_server, Sharepoint_server 5.4
2010-06-08 CVE-2010-1257 Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services 3.0 SP1 and SP2; and Internet Explorer 8 allows remote attackers to inject arbitrary web script or HTML via vectors related to sanitization. Internet_explorer, Office_infopath, Sharepoint_server, Sharepoint_services N/A
2013-01-09 CVE-2013-0007 Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT Vulnerability." Expression_web, Groove_server, Office, Office_compatibility_pack, Sharepoint_server, Windows_7, Windows_8, Windows_rt, Windows_server_2003, Windows_server_2008, Windows_server_2012, Windows_vista, Windows_xp, Word_viewer, Xml_core_services N/A