Microsoft Sharepoint Enterprise Server vulnerabilities

256 known vulnerabilities affecting microsoft/sharepoint_enterprise_server.

Total CVEs

256

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL3HIGH120MEDIUM129LOW4

Vulnerabilities

Page 11 of 13

CVE-2019-0778MEDIUMCVSS 5.4v20162019-04-09

CVE-2019-0778 [MEDIUM] CWE-79 CVE-2019-0778: A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.

nvd

CVE-2019-0604CRITICALCVSS 9.8KEVPoCv20162019-03-05

CVE-2019-0604 [CRITICAL] CVE-2019-0604: A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to chec A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594.

nvd

CVE-2019-0594HIGHCVSS 8.8v20162019-03-05

CVE-2019-0594 [HIGH] CWE-20 CVE-2019-0594: A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to chec A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0604.

nvd

CVE-2019-0668HIGHCVSS 8.8v2013v20162019-03-05

CVE-2019-0668 [HIGH] CWE-79 CVE-2019-0668: An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sa An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'.

nvd

CVE-2019-0670MEDIUMCVSS 6.1v20132019-03-05

CVE-2019-0670 [MEDIUM] CWE-20 CVE-2019-0670: A spoofing vulnerability exists in Microsoft SharePoint when the application does not properly parse A spoofing vulnerability exists in Microsoft SharePoint when the application does not properly parse HTTP content, aka 'Microsoft SharePoint Spoofing Vulnerability'.

nvd

CVE-2019-0562MEDIUMCVSS 5.4v2013v20162019-01-08

CVE-2019-0562 [MEDIUM] CVE-2019-0562: An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sa An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint.

nvd

CVE-2018-8628HIGHCVSS 7.8v20162018-12-12

CVE-2018-8628 [HIGH] CVE-2018-8628: A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fail A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Microsoft PowerPoint, Microsoft SharePoint, Microsoft PowerPoint Viewer, Office Online Server, Microsoft Sha

nvd

CVE-2018-8635HIGHCVSS 8.8v2013v20162018-12-12

CVE-2018-8635 [HIGH] CWE-20 CVE-2018-8635: An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sa An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted authentication request to an affected SharePoint server, aka "Microsoft SharePoint Server Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint.

nvd

CVE-2018-8650MEDIUMCVSS 5.4v20162018-12-12

CVE-2018-8650 [MEDIUM] CWE-79 CVE-2018-8650: A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint.

nvd

CVE-2018-8572MEDIUMCVSS 5.4v20162018-11-14

CVE-2018-8572 [MEDIUM] CVE-2018-8572: An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sa An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8568.

nvd

CVE-2018-8578MEDIUMCVSS 4.3v20132018-11-14

CVE-2018-8578 [MEDIUM] CVE-2018-8578: An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka "Microsoft SharePoint Information Disclosure Vulnerability." This affects Microsoft SharePoint.

nvd

CVE-2018-8568MEDIUMCVSS 5.4v20162018-11-14

CVE-2018-8568 [MEDIUM] CWE-79 CVE-2018-8568: An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sa An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8572.

nvd

CVE-2018-8488MEDIUMCVSS 5.4v2013v20162018-10-10

CVE-2018-8488 [MEDIUM] CVE-2018-8488: An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sa An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8480, CVE-2018-8498, CVE-2018-8518.

nvd

CVE-2018-8498MEDIUMCVSS 5.4v2013v20162018-10-10

CVE-2018-8498 [MEDIUM] CVE-2018-8498: An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sa An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8480, CVE-2018-8488, CVE-2018-8518.

nvd

CVE-2018-8518MEDIUMCVSS 5.4v2013v20162018-10-10

CVE-2018-8518 [MEDIUM] CVE-2018-8518: An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sa An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8480, CVE-2018-8488, CVE-2018-8498.

nvd

CVE-2018-8428MEDIUMCVSS 5.4v2013v20162018-09-13

CVE-2018-8428 [MEDIUM] CWE-79 CVE-2018-8428: An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sa An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8431.

nvd

CVE-2018-8431MEDIUMCVSS 5.4v2013v20162018-09-13

CVE-2018-8431 [MEDIUM] CVE-2018-8431: An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sa An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8428.

nvd

CVE-2018-8300HIGHCVSS 8.8v2013v20162018-07-11

CVE-2018-8300 [HIGH] CWE-20 CVE-2018-8300: A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to chec A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka "Microsoft SharePoint Remote Code Execution Vulnerability." This affects Microsoft SharePoint.

nvd

CVE-2018-8284HIGHCVSS 8.1v2013v20162018-07-11

CVE-2018-8284 [HIGH] CWE-94 CVE-2018-8284: A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate inp A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Mi

nvd

CVE-2018-8323MEDIUMCVSS 5.4v2013v20162018-07-11

CVE-2018-8323 [MEDIUM] CVE-2018-8323: An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sa An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8299.

nvd

← Previous11 / 13Next →