CVSS: 9.3EPSS: 65%CPEs: 17EXPL: 2CVE-2017-8541 – Microsoft MsMpEng - Use-After-Free via Saved Callers
https://notcve.org/view.php?id=CVE-2017-8541
26 May 2017 — The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than... • https://packetstorm.news/files/id/142753 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 1%CPEs: 3EXPL: 0CVE-2017-0110
https://notcve.org/view.php?id=CVE-2017-0110
17 Mar 2017 — Cross-site scripting (XSS) vulnerability in Microsoft Exchange Outlook Web Access (OWA) allows remote attackers to inject arbitrary web script or HTML via a crafted email or chat client, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." Vulnerabilidad de XSS en Microsoft Exchange Outlook Web Access (OWA) permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un email o chat de cliente manipulado, vulnerabilidad también conocida como "Microsoft Exch... • http://www.securityfocus.com/bid/96621 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.4EPSS: 2%CPEs: 5EXPL: 1CVE-2016-3378 – Microsoft Exchange Open Redirect
https://notcve.org/view.php?id=CVE-2016-3378
14 Sep 2016 — Open redirect vulnerability in Microsoft Exchange Server 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "Microsoft Exchange Open Redirect Vulnerability." Vulnerabilidad de redirección abierta en Microsoft Exchange Server 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1 y 2016 Cumula... • https://packetstorm.news/files/id/146928 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 16%CPEs: 7EXPL: 0CVE-2016-0138
https://notcve.org/view.php?id=CVE-2016-0138
14 Sep 2016 — Microsoft Exchange Server 2007 SP3, 2010 SP3, 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 misparses e-mail messages, which allows remote authenticated users to obtain sensitive Outlook application information by leveraging the Send As right, aka "Microsoft Exchange Information Disclosure Vulnerability." " Microsoft Exchange Server 2007 SP3, 2010 SP3, 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Upda... • http://www.securityfocus.com/bid/92806 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 7%CPEs: 2EXPL: 0CVE-2016-3379
https://notcve.org/view.php?id=CVE-2016-3379
14 Sep 2016 — Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2016 Cumulative Update 1 and 2 allows remote attackers to inject arbitrary web script or HTML via a meeting-invitation request, aka "Microsoft Exchange Elevation of Privilege Vulnerability." Vulnerabilidad de XSS en Microsoft Exchange Server 2016 Cumulative Update 1 y 2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una solicitud de invitación a reunión, vulnerabilidad también conocida como ... • http://www.securityfocus.com/bid/92836 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 21%CPEs: 6EXPL: 0CVE-2016-0028
https://notcve.org/view.php?id=CVE-2016-0028
16 Jun 2016 — Outlook Web Access (OWA) in Microsoft Exchange Server 2013 SP1, Cumulative Update 11, and Cumulative Update 12 and 2016 Gold and Cumulative Update 1 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, aka "Microsoft Exchange Information Disclosure Vulnerability." Outlook Web Access (OWA) en Microsoft Exchange Server 2013 SP1, Cumulative Update 11 y Cumulative Update 12 y 2016 Gold y Cumulative Update 1 no restringe ... • http://www.securitytracker.com/id/1036106 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 1%CPEs: 3EXPL: 0CVE-2016-0030
https://notcve.org/view.php?id=CVE-2016-0030
13 Jan 2016 — Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability." Vulnerabilidad de XSS en Outlook Web Access (OWA) en Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10 y 2016 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada, también co... • http://www.securityfocus.com/bid/79890 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 0CVE-2016-0031
https://notcve.org/view.php?id=CVE-2016-0031
13 Jan 2016 — Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability," a different vulnerability than CVE-2016-0029. Vulnerabilidad de XSS en Outlook Web Access (OWA) en Microsoft Exchange Server 2016 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada, también conocida como "Exchange Spoofing Vu... • http://www.securityfocus.com/bid/79888 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 4EXPL: 0CVE-2016-0032
https://notcve.org/view.php?id=CVE-2016-0032
13 Jan 2016 — Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, 2013 Cumulative Update 11, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability." Vulnerabilidad de XSS en Outlook Web Access (OWA) en Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, 2013 Cumulative Update 11 y 2016 permite a atacantes remotos inyectar secuencias de comandos web o HTML ... • http://www.securityfocus.com/bid/79884 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 0CVE-2016-0029
https://notcve.org/view.php?id=CVE-2016-0029
13 Jan 2016 — Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability," a different vulnerability than CVE-2016-0031. Vulnerabilidad de XSS en Outlook Web Access (OWA) en Microsoft Exchange Server 2016 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada, también conocido como "Exchange Spoofing Vu... • http://www.securityfocus.com/bid/79889 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •