Total
947 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-1084 | 1 Microsoft | 9 Exchange Server, Lync, Lync Basic and 6 more | 2020-05-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients., aka 'Microsoft Exchange Information Disclosure Vulnerability'. | |||||
| CVE-2006-0002 | 1 Microsoft | 3 Exchange Server, Office, Outlook | 2020-04-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation. | |||||
| CVE-2020-0696 | 1 Microsoft | 3 Office, Office 365 Proplus, Outlook | 2020-02-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| A security feature bypass vulnerability exists in Microsoft Outlook software when it improperly handles the parsing of URI formats, aka 'Microsoft Outlook Security Feature Bypass Vulnerability'. | |||||
| CVE-2019-1463 | 1 Microsoft | 2 Office, Office 365 Proplus | 2019-12-16 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory, aka 'Microsoft Access Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1400. | |||||
| CVE-2019-1400 | 1 Microsoft | 2 Office, Office 365 Proplus | 2019-12-13 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory, aka 'Microsoft Access Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1463. | |||||
| CVE-2019-1402 | 1 Microsoft | 2 Office, Office 365 | 2019-11-14 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Information Disclosure Vulnerability'. | |||||
| CVE-2017-0281 | 1 Microsoft | 8 Office, Office Online Server, Office Web Apps and 5 more | 2019-10-03 | 9.3 HIGH | 7.8 HIGH |
| Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, Sharepoint Server 2010 SP2, Word 2016, and Skype for Business 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0261 and CVE-2017-0262. | |||||
| CVE-2018-1026 | 1 Microsoft | 1 Office | 2019-10-03 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Office. This CVE ID is unique from CVE-2018-1030. | |||||
| CVE-2018-0819 | 1 Microsoft | 1 Office | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Microsoft Office 2016 for Mac allows an attacker to send a specially crafted email attachment to a user in an attempt to launch a social engineering attack, such as phishing, due to how Outlook for Mac displays encoded email addresses, aka "Spoofing Vulnerability in Microsoft Office for Mac." | |||||
| CVE-2018-1030 | 1 Microsoft | 1 Office | 2019-10-03 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Office. This CVE ID is unique from CVE-2018-1026. | |||||
| CVE-2018-0850 | 1 Microsoft | 2 Office, Outlook | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run allow an elevation of privilege vulnerability due to how the format of incoming message is validated, aka "Microsoft Outlook Elevation of Privilege Vulnerability". | |||||
| CVE-2018-0907 | 1 Microsoft | 2 Excel, Office | 2019-10-03 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, Microsoft Excel 2013 SP1, Microsoft Excel 2016, Microsoft Office 2016 Click-to-Run and Microsoft Office 2016 for Mac allow a security feature bypass vulnerability due to how macro settings are enforced, aka "Microsoft Office Excel Security Feature Bypass". | |||||
| CVE-2018-8332 | 1 Microsoft | 6 Office, Office For Mac, Windows 10 and 3 more | 2019-10-03 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Win32k Graphics Remote Code Execution Vulnerability." This affects Windows 7, Microsoft Office, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. | |||||
| CVE-2017-8511 | 1 Microsoft | 6 Office, Office Online Server, Office Web Apps and 3 more | 2019-10-03 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506. | |||||
| CVE-2017-0014 | 1 Microsoft | 8 Office, Windows 10, Windows 7 and 5 more | 2019-10-03 | 7.6 HIGH | 7.5 HIGH |
| The Windows Graphics Component in Microsoft Office 2010 SP2; Windows Server 2008 R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Graphics Component Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0108. | |||||
| CVE-2018-0841 | 1 Microsoft | 1 Office | 2019-10-03 | 9.3 HIGH | 8.8 HIGH |
| Microsoft Office 2016 Click-to-Run allows a remote code execution vulnerability due to how objects are handled in memory, aka "Office Remote Code Execution Vulnerability" | |||||
| CVE-2018-8504 | 1 Microsoft | 5 Office, Office 365 Proplus, Office Web Apps and 2 more | 2019-10-03 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists in Microsoft Word software when the software fails to properly handle objects in Protected View, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Microsoft SharePoint Server, Office 365 ProPlus, Microsoft Office, Microsoft Word. | |||||
| CVE-2017-8512 | 1 Microsoft | 7 Office, Office Online Server, Office Web Apps and 4 more | 2019-10-03 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-0260, and CVE-2017-8506. | |||||
| CVE-2017-0260 | 1 Microsoft | 3 Office, Windows 7, Windows Server 2008 | 2019-10-03 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, and CVE-2017-8506. | |||||
| CVE-2018-8501 | 1 Microsoft | 4 Office, Office 365 Proplus, Powerpoint and 1 more | 2019-10-03 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in Protected View, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Office 365 ProPlus, PowerPoint Viewer, Microsoft Office, Microsoft PowerPoint. | |||||