Vulnerabilities > Microsoft > Sharepoint Server > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-08-17 | CVE-2020-1583 | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. | 8.8 |
2020-08-17 | CVE-2020-1495 | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. | 8.8 |
2020-04-15 | CVE-2020-0971 | Unrestricted Upload of File with Dangerous Type vulnerability in Microsoft products A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. | 8.8 |
2019-06-12 | CVE-2019-1035 | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. | 7.8 |
2019-03-05 | CVE-2019-0604 | Improper Input Validation vulnerability in Microsoft products A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. | 7.5 |
2013-03-13 | CVE-2013-0085 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to cause a denial of service (W3WP process crash and site outage) via a crafted URL, aka "Buffer Overflow Vulnerability." | 7.8 |
2013-03-13 | CVE-2013-0084 | Path Traversal vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "SharePoint Directory Traversal Vulnerability." | 7.5 |
2013-03-13 | CVE-2013-0080 | Permissions, Privileges, and Access Controls vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "Callback Function Vulnerability." | 7.5 |
2010-12-16 | CVE-2010-3964 | Unspecified vulnerability in Microsoft Sharepoint Server 2007 Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082, aka "Malformed Request Code Execution Vulnerability." Additional information from Microsoft can be found here: http://blogs.technet.com/b/srd/archive/2010/12/14/ms10-104-sharepoint-2007-vulnerability.aspx Per: http://cwe.mitre.org/data/definitions/434.html 'CWE-434: Unrestricted Upload of File with Dangerous Type' | 7.5 |