CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2016-0138
https://notcve.org/view.php?id=CVE-2016-0138
Microsoft Exchange Server 2007 SP3, 2010 SP3, 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 misparses e-mail messages, which allows remote authenticated users to obtain sensitive Outlook application information by leveraging the Send As right, aka "Microsoft Exchange Information Disclosure Vulnerability." " Microsoft Exchange Server 2007 SP3, 2010 SP3, 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1 y 2016 Cumulative Update 2 no analiza correctamente la gramática de mensajes de e-mail, lo que permite a usuarios remotos autenticados obtener información sensible de la aplicación de Outlook aprovechando el derecho Send As, vulnerabilidad también conocida como ""Microsoft Exchange Information Disclosure Vulnerability""." • http://www.securityfocus.com/bid/92806 http://www.securitytracker.com/id/1036778 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-108 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2014-6319
https://notcve.org/view.php?id=CVE-2014-6319
Outlook Web App (OWA) in Microsoft Exchange Server 2007 SP3, 2010 SP3, and 2013 SP1 and Cumulative Update 6 does not properly validate tokens in requests, which allows remote attackers to spoof the origin of e-mail messages via unspecified vectors, aka "Outlook Web App Token Spoofing Vulnerability." Outlook Web App (OWA) en Microsoft Exchange Server 2007 SP3, 2010 SP3, y 2013 SP1 y Cumulative Update 6 no valida correctamente los tokens en solicitudes, lo que permite a atacantes remotos suplantar el origen de mensajes email a través de vectores no especificaods, también conocido como 'vulnerabilidad de la suplantación de tokens de la aplicación web de Outlook.' • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-075 • CWE-284: Improper Access Control •
CVSS: 6.8EPSS: 28%CPEs: 4EXPL: 0CVE-2013-0418 – Oracle Outside In CorelDRAW File Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0418
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-0393. NOTE: the previous information was obtained from the January 2013 CPU. Oracle has not commented on claims from an independent researcher that this is a heap-based buffer overflow in the Paradox database stream filter (vspdx.dll) that can be triggered using a table header with a crafted "number of fields" value. Una vulnerabilidad no especificada en el componente "Oracle Outside In Technology" de Oracle Fusion Middleware v8.3.7 y v8.4 permite afectar a la disponibilidad a atacantes, dependiendo del contexto, a través de vectores desconocidos relacionados con Outside In Filters. Se trata de una vulnerabilidad diferente a CVE-2013-0393. • http://archives.neohapsis.com/archives/bugtraq/2013-01/0073.html http://www-01.ibm.com/support/docview.wss?uid=swg21660640 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html http://www.us-cert.gov/cas/techalerts/TA13-043B.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-012 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16251 •
CVSS: 3.5EPSS: 6%CPEs: 3EXPL: 0CVE-2012-4791
https://notcve.org/view.php?id=CVE-2012-4791
Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS Feed May Cause Exchange DoS Vulnerability." Microsoft Exchange Server 2007 SP3 y 2010 SP1 y SP2 permite a usuarios remotos autenticados provocar una denegación de servicio (bloqueo del servicio Information Store) al suscribirse a un feed RSS manipulado, también conocido como "Feed RSS puede provocar vulnerabilidad DoS en Exchange". • http://www.securityfocus.com/bid/56836 http://www.us-cert.gov/cas/techalerts/TA12-346A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-080 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16158 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2010-3937 – Microsoft Exchange 2007 Infinite Loop Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2010-3937
Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote authenticated users to cause a denial of service (infinite loop and MSExchangeIS outage) via a crafted RPC request, aka "Exchange Server Infinite Loop Vulnerability." Microsoft Exchange Server 2007 SP2 sobre plataformas x64 permite a usuarios autenticados remotamente provocar una denegación de servicio (bucle infinito y agotamiento MSExchangeIS) a través de una petición RPC manipulada. También conocida como "Exchange Server Infinite Loop Vulnerability". This vulnerability allows attackers to deny services on vulnerable installations of Microsoft Exchange Server 2007. Authentication is required to exploit this vulnerability. The specific flaw exists within store.exe during the handling of a particular MAPI call. • http://www.securityfocus.com/bid/45297 http://www.securitytracker.com/id?1024888 http://www.us-cert.gov/cas/techalerts/TA10-348A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-106 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12019 • CWE-399: Resource Management Errors •