Search Results (Refine Search)
- CPE Product Version: cpe:/a:microsoft:exchange_server:2016:cumulative_update_2
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-36777 |
Microsoft Exchange Server Information Disclosure Vulnerability Published: September 12, 2023; 1:15:14 PM -0400 |
V3.1: 5.7 MEDIUM V2.0:(not available) |
CVE-2023-21709 |
Microsoft Exchange Server Elevation of Privilege Vulnerability Published: August 08, 2023; 2:15:11 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2019-1137 |
A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Server Spoofing Vulnerability'. Published: July 15, 2019; 3:15:21 PM -0400 |
V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-1084 |
An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients., aka 'Microsoft Exchange Information Disclosure Vulnerability'. Published: July 15, 2019; 3:15:17 PM -0400 |
V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2016-3379 |
Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2016 Cumulative Update 1 and 2 allows remote attackers to inject arbitrary web script or HTML via a meeting-invitation request, aka "Microsoft Exchange Elevation of Privilege Vulnerability." Published: September 14, 2016; 6:59:53 AM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-3378 |
Open redirect vulnerability in Microsoft Exchange Server 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "Microsoft Exchange Open Redirect Vulnerability." Published: September 14, 2016; 6:59:52 AM -0400 |
V3.0: 7.4 HIGH V2.0: 5.8 MEDIUM |
CVE-2016-0138 |
Microsoft Exchange Server 2007 SP3, 2010 SP3, 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 misparses e-mail messages, which allows remote authenticated users to obtain sensitive Outlook application information by leveraging the Send As right, aka "Microsoft Exchange Information Disclosure Vulnerability." Published: September 14, 2016; 6:59:02 AM -0400 |
V3.0: 4.3 MEDIUM V2.0: 4.0 MEDIUM |