Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): Microsoft Project
- Search Type: Search All
- Match: Exact
- CPE Name Search: false
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2020-1449 |
A remote code execution vulnerability exists in Microsoft Project software when the software fails to check the source markup of a file, aka 'Microsoft Project Remote Code Execution Vulnerability'. Published: July 14, 2020; 7:15:20 PM -0400 |
V3.1: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2020-1322 |
An information disclosure vulnerability exists when Microsoft Project reads out of bound memory due to an uninitialized variable, aka 'Microsoft Project Information Disclosure Vulnerability'. Published: June 09, 2020; 4:15:21 PM -0400 |
V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-8575 |
A remote code execution vulnerability exists in Microsoft Project software when it fails to properly handle objects in memory, aka "Microsoft Project Remote Code Execution Vulnerability." This affects Microsoft Project, Office 365 ProPlus, Microsoft Project Server. Published: November 13, 2018; 8:29:01 PM -0500 |
V3.0: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2018-8254 |
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft Project Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8252. Published: June 14, 2018; 8:29:02 AM -0400 |
V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-8156 |
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint, Microsoft Project Server. This CVE ID is unique from CVE-2018-8149, CVE-2018-8155, CVE-2018-8168. Published: May 09, 2018; 3:29:02 PM -0400 |
V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-0944 |
Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923 and CVE-2018-0947. Published: March 14, 2018; 1:29:03 PM -0400 |
V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2018-0916 |
Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. Published: March 14, 2018; 1:29:02 PM -0400 |
V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2018-0915 |
Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0914, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. Published: March 14, 2018; 1:29:02 PM -0400 |
V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2018-0914 |
Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. Published: March 14, 2018; 1:29:02 PM -0400 |
V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2018-0913 |
Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. Published: March 14, 2018; 1:29:02 PM -0400 |
V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2018-0912 |
Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. Published: March 14, 2018; 1:29:02 PM -0400 |
V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2018-0911 |
Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910, CVE-2018-0912, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. Published: March 14, 2018; 1:29:02 PM -0400 |
V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2018-0910 |
Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0911, CVE-2018-0912, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. Published: March 14, 2018; 1:29:02 PM -0400 |
V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2018-0909 |
Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0910, CVE-2018-0911, CVE-2018-0912, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. Published: March 14, 2018; 1:29:02 PM -0400 |
V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2017-11876 |
Microsoft Project Server and Microsoft SharePoint Enterprise Server 2016 allow an attacker to use cross-site forgery to read content that they are not authorized to read, use the victim's identity to take actions on the web application on behalf of the victim, such as change permissions and delete content, and inject malicious content in the browser of the victim, aka "Microsoft Project Server Elevation of Privilege Vulnerability". Published: November 14, 2017; 10:29:01 PM -0500 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2015-1640 |
Cross-site scripting (XSS) vulnerability in Microsoft Project Server 2010 SP2 and 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability." Published: April 14, 2015; 4:59:04 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2009-0102 |
Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability." Published: December 09, 2009; 1:30:00 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2008-1088 |
Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a crafted Project file, related to improper validation of "memory resource allocations." Published: April 08, 2008; 7:05:00 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2006-6617 |
projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 allows remote authenticated users to obtain the MSProjectUser password for a SQL database via a GetInitializationData request, which includes the information in the UserName and Password tags of the response. Published: December 18, 2006; 6:28:00 AM -0500 |
V3.x:(not available) V2.0: 6.5 MEDIUM |