Microsoft Sharepoint Server
Recent Microsoft Sharepoint Server Security Advisories
Advisory | Title | Published |
---|---|---|
CVE-2022-29108 | Microsoft SharePoint Server Remote Code Execution Vulnerability | May 10, 2022 |
CVE-2022-24472 | Microsoft SharePoint Server Spoofing Vulnerability | April 12, 2022 |
CVE-2022-21968 | Microsoft SharePoint Server Security Feature BypassVulnerability | February 8, 2022 |
CVE-2022-22005 | Microsoft SharePoint Server Remote Code Execution Vulnerability | February 8, 2022 |
CVE-2022-21987 | Microsoft SharePoint Server Spoofing Vulnerability | February 8, 2022 |
CVE-2022-21837 | Microsoft SharePoint Server Remote Code Execution Vulnerability | January 11, 2022 |
CVE-2021-42294 | Microsoft SharePoint Server Remote Code Execution Vulnerability | December 14, 2021 |
CVE-2021-42320 | Microsoft SharePoint Server Spoofing Vulnerability | December 14, 2021 |
CVE-2021-42309 | Microsoft SharePoint Server Remote Code Execution Vulnerability | December 14, 2021 |
CVE-2021-43242 | Microsoft SharePoint Server Spoofing Vulnerability | December 14, 2021 |
@sharepoint Tweets

Tue May 24 19:53:10 +0000 2022

Tue May 24 17:30:02 +0000 2022

Tue May 24 16:30:01 +0000 2022

Tue May 24 14:30:01 +0000 2022

Mon May 23 19:45:01 +0000 2022
By the Year
In 2022 there have been 8 vulnerabilities in Microsoft Sharepoint Server with an average score of 7.3 out of ten. Last year Sharepoint Server had 48 security vulnerabilities published. Right now, Sharepoint Server is on track to have less security vulnerabilities in 2022 than it did last year. However, the average CVE base score of the vulnerabilities in 2022 is greater by 0.21.
Year | Vulnerabilities | Average Score |
---|---|---|
2022 | 8 | 7.34 |
2021 | 48 | 7.13 |
2020 | 113 | 6.71 |
2019 | 33 | 6.77 |
2018 | 25 | 6.46 |
It may take a day or so for new Sharepoint Server vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Sharepoint Server Security Vulnerabilities
Microsoft SharePoint Server Remote Code Execution Vulnerability.
CVE-2022-29108
8.8 - High
- May 10, 2022
Microsoft SharePoint Server Remote Code Execution Vulnerability.
Microsoft SharePoint Server Spoofing Vulnerability.
CVE-2022-24472
5.7 - Medium
- April 15, 2022
Microsoft SharePoint Server Spoofing Vulnerability.
Microsoft Excel Information Disclosure Vulnerability.
CVE-2022-22716
5.5 - Medium
- February 09, 2022
Microsoft Excel Information Disclosure Vulnerability.
Exposure of Resource to Wrong Sphere
Microsoft SharePoint Server Remote Code Execution Vulnerability.
CVE-2022-22005
8.8 - High
- February 09, 2022
Microsoft SharePoint Server Remote Code Execution Vulnerability.
Marshaling, Unmarshaling
Microsoft SharePoint Server Security Feature BypassVulnerability.
CVE-2022-21968
4.3 - Medium
- February 09, 2022
Microsoft SharePoint Server Security Feature BypassVulnerability.
authentification
Microsoft SharePoint Server Spoofing Vulnerability.
CVE-2022-21987
8 - High
- February 09, 2022
Microsoft SharePoint Server Spoofing Vulnerability.
Microsoft Office Remote Code Execution Vulnerability.
CVE-2022-21840
8.8 - High
- January 11, 2022
Microsoft Office Remote Code Execution Vulnerability.
Code Injection
Microsoft SharePoint Server Remote Code Execution Vulnerability.
CVE-2022-21837
8.8 - High
- January 11, 2022
Microsoft SharePoint Server Remote Code Execution Vulnerability.
Code Injection
Microsoft SharePoint Elevation of Privilege Vulnerability.
CVE-2021-43876
8.8 - High
- December 29, 2021
Microsoft SharePoint Elevation of Privilege Vulnerability.
Improper Privilege Management
Microsoft SharePoint Server Spoofing Vulnerability
CVE-2021-43242
5.7 - Medium
- December 15, 2021
Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-42320.
Improper Input Validation
Microsoft SharePoint Server Spoofing Vulnerability
CVE-2021-42320
5.7 - Medium
- December 15, 2021
Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-43242.
Authentication Bypass by Spoofing
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2021-42294
7.2 - High
- December 15, 2021
Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-42309.
Code Injection
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2021-42309
8.8 - High
- December 15, 2021
Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-42294.
Code Injection
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2021-41344
8.8 - High
- October 13, 2021
Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40487.
Microsoft SharePoint Server Information Disclosure Vulnerability
CVE-2021-40482
7.5 - High
- October 13, 2021
Microsoft SharePoint Server Information Disclosure Vulnerability
Microsoft SharePoint Server Spoofing Vulnerability
CVE-2021-40483
3.5 - Low
- October 13, 2021
Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-40484.
Microsoft SharePoint Server Spoofing Vulnerability
CVE-2021-40484
3.5 - Low
- October 13, 2021
Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-40483.
Microsoft Word Remote Code Execution Vulnerability
CVE-2021-40486
7.8 - High
- October 13, 2021
Microsoft Word Remote Code Execution Vulnerability
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2021-40487
8.8 - High
- October 13, 2021
Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41344.
Microsoft SharePoint Server Spoofing Vulnerability
CVE-2021-38651
3.5 - Low
- September 15, 2021
Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-38652.
Microsoft SharePoint Server Spoofing Vulnerability
CVE-2021-36940
4.3 - Medium
- August 12, 2021
Microsoft SharePoint Server Spoofing Vulnerability
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2021-34467
8.8 - High
- July 16, 2021
Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34468, CVE-2021-34520.
Microsoft SharePoint Server Spoofing Vulnerability
CVE-2021-34517
5.3 - Medium
- July 14, 2021
Microsoft SharePoint Server Spoofing Vulnerability
Microsoft SharePoint Server Information Disclosure Vulnerability
CVE-2021-34519
3.5 - Low
- July 14, 2021
Microsoft SharePoint Server Information Disclosure Vulnerability
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2021-34520
8.8 - High
- July 14, 2021
Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34467, CVE-2021-34468.
Marshaling, Unmarshaling
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2021-34468
8 - High
- July 14, 2021
Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34467, CVE-2021-34520.
Microsoft SharePoint Server Spoofing Vulnerability
CVE-2021-31948
8.1 - High
- June 08, 2021
Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-31950, CVE-2021-31964.
Improper Input Validation
Microsoft SharePoint Server Spoofing Vulnerability
CVE-2021-31950
8.1 - High
- June 08, 2021
Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-31948, CVE-2021-31964.
XSPA
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2021-31963
8.8 - High
- June 08, 2021
Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26420, CVE-2021-31966.
Microsoft SharePoint Server Spoofing Vulnerability
CVE-2021-31964
8.1 - High
- June 08, 2021
Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-31948, CVE-2021-31950.
Microsoft SharePoint Server Information Disclosure Vulnerability
CVE-2021-31965
6.5 - Medium
- June 08, 2021
Microsoft SharePoint Server Information Disclosure Vulnerability
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2021-31966
7.2 - High
- June 08, 2021
Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26420, CVE-2021-31963.
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2021-26420
8.8 - High
- June 08, 2021
Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31963, CVE-2021-31966.
Microsoft SharePoint Spoofing Vulnerability
CVE-2021-26418
7.1 - High
- May 11, 2021
Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2021-28478, CVE-2021-31172.
AuthZ
Microsoft SharePoint Spoofing Vulnerability
CVE-2021-28478
7.1 - High
- May 11, 2021
Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2021-26418, CVE-2021-31172.
Microsoft SharePoint Spoofing Vulnerability
CVE-2021-31172
7.1 - High
- May 11, 2021
Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2021-26418, CVE-2021-28478.
Microsoft SharePoint Server Information Disclosure Vulnerability
CVE-2021-31173
6.5 - Medium
- May 11, 2021
Microsoft SharePoint Server Information Disclosure Vulnerability
Information Disclosure
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2021-28474
8.8 - High
- May 11, 2021
Microsoft SharePoint Server Remote Code Execution Vulnerability
Command Injection
Microsoft SharePoint Information Disclosure Vulnerability
CVE-2021-31171
4.4 - Medium
- May 11, 2021
Microsoft SharePoint Information Disclosure Vulnerability
Information Disclosure
Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2021-31181
8.8 - High
- May 11, 2021
Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Word Remote Code Execution Vulnerability
CVE-2021-28453
7.8 - High
- April 13, 2021
Microsoft Word Remote Code Execution Vulnerability
Microsoft SharePoint Denial of Service Update
CVE-2021-28450
6.5 - Medium
- April 13, 2021
Microsoft SharePoint Denial of Service Update
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2021-27076
8.8 - High
- March 11, 2021
Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft SharePoint Server Information Disclosure Vulnerability
CVE-2021-27052
6.5 - Medium
- March 11, 2021
Microsoft SharePoint Server Information Disclosure Vulnerability
Microsoft SharePoint Spoofing Vulnerability
CVE-2021-24104
5.4 - Medium
- March 11, 2021
Microsoft SharePoint Spoofing Vulnerability
Improper Input Validation
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2021-24072
8.8 - High
- February 25, 2021
Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft SharePoint Information Disclosure Vulnerability
CVE-2021-24071
6.5 - Medium
- February 25, 2021
Microsoft SharePoint Information Disclosure Vulnerability
Information Disclosure
Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2021-24066
8.8 - High
- February 25, 2021
Microsoft SharePoint Remote Code Execution Vulnerability
Marshaling, Unmarshaling
Microsoft SharePoint Spoofing Vulnerability
CVE-2021-1726
8 - High
- February 25, 2021
Microsoft SharePoint Spoofing Vulnerability
Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2021-1719
8 - High
- January 12, 2021
Microsoft SharePoint Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1712.
Improper Privilege Management
Microsoft SharePoint Spoofing Vulnerability
CVE-2021-1717
5.4 - Medium
- January 12, 2021
Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2021-1641.
Improper Input Validation
Microsoft Word Remote Code Execution Vulnerability
CVE-2021-1716
7.8 - High
- January 12, 2021
Microsoft Word Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1715.
Microsoft Word Remote Code Execution Vulnerability
CVE-2021-1715
7.8 - High
- January 12, 2021
Microsoft Word Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1716.
Memory Corruption
Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2021-1712
8 - High
- January 12, 2021
Microsoft SharePoint Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1719.
Improper Privilege Management
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2021-1707
8.8 - High
- January 12, 2021
Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft SharePoint Spoofing Vulnerability
CVE-2021-1641
5.4 - Medium
- January 12, 2021
Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2021-1717.
Improper Input Validation
Microsoft Excel Remote Code Execution Vulnerability
CVE-2020-17122
7.8 - High
- December 10, 2020
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17123, CVE-2020-17125, CVE-2020-17127, CVE-2020-17128, CVE-2020-17129.
Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2020-17121
8.8 - High
- December 10, 2020
Microsoft SharePoint Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17118.
Microsoft SharePoint Information Disclosure Vulnerability
CVE-2020-17120
6.5 - Medium
- December 10, 2020
Microsoft SharePoint Information Disclosure Vulnerability
Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2020-17118
9.8 - Critical
- December 10, 2020
Microsoft SharePoint Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17121.
Microsoft SharePoint Spoofing Vulnerability
CVE-2020-17115
8 - High
- December 10, 2020
Microsoft SharePoint Spoofing Vulnerability
Improper Input Validation
Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2020-17089
8 - High
- December 10, 2020
Microsoft SharePoint Elevation of Privilege Vulnerability
Improper Privilege Management
Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2020-17061
8.8 - High
- November 11, 2020
Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft SharePoint Spoofing Vulnerability
CVE-2020-17060
5.4 - Medium
- November 11, 2020
Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2020-17015, CVE-2020-17016.
Improper Input Validation
Microsoft SharePoint Information Disclosure Vulnerability
CVE-2020-17017
6.5 - Medium
- November 11, 2020
Microsoft SharePoint Information Disclosure Vulnerability This CVE ID is unique from CVE-2020-16979.
Information Disclosure
Microsoft SharePoint Spoofing Vulnerability
CVE-2020-17016
8.8 - High
- November 11, 2020
Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2020-17015, CVE-2020-17060.
Improper Input Validation
Microsoft SharePoint Spoofing Vulnerability
CVE-2020-17015
6.5 - Medium
- November 11, 2020
Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2020-17016, CVE-2020-17060.
Improper Input Validation
Microsoft SharePoint Information Disclosure Vulnerability
CVE-2020-16979
6.5 - Medium
- November 11, 2020
Microsoft SharePoint Information Disclosure Vulnerability This CVE ID is unique from CVE-2020-17017.
An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory
CVE-2020-16953
6.5 - Medium
- October 16, 2020
An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory, aka 'Microsoft SharePoint Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-16941, CVE-2020-16942, CVE-2020-16948, CVE-2020-16950.
Information Disclosure
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package
CVE-2020-16952
7.8 - High
- October 16, 2020
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16951.
Origin Validation Error
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package
CVE-2020-16951
7.8 - High
- October 16, 2020
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16952.
Origin Validation Error
An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory
CVE-2020-16950
5.5 - Medium
- October 16, 2020
An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory, aka 'Microsoft SharePoint Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-16941, CVE-2020-16942, CVE-2020-16948, CVE-2020-16953.
Information Disclosure
An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory
CVE-2020-16948
6.5 - Medium
- October 16, 2020
An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory, aka 'Microsoft SharePoint Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-16941, CVE-2020-16942, CVE-2020-16950, CVE-2020-16953.
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server
CVE-2020-16946
5.4 - Medium
- October 16, 2020
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-16945.
XSS
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server
CVE-2020-16945
5.4 - Medium
- October 16, 2020
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-16946.
XSS
This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server
CVE-2020-16944
5.4 - Medium
- October 16, 2020
This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka 'Microsoft SharePoint Reflective XSS Vulnerability'.
XSS
An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages
CVE-2020-16942
4.4 - Medium
- October 16, 2020
An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka 'Microsoft SharePoint Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-16941, CVE-2020-16948, CVE-2020-16950, CVE-2020-16953.
Information Disclosure
An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages
CVE-2020-16941
5.5 - Medium
- October 16, 2020
An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka 'Microsoft SharePoint Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-16942, CVE-2020-16948, CVE-2020-16950, CVE-2020-16953.
Information Disclosure
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory
CVE-2020-16929
7.8 - High
- October 16, 2020
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16930, CVE-2020-16931, CVE-2020-16932.
Dangling pointer
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory
CVE-2020-1335
8.8 - High
- September 11, 2020
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1193, CVE-2020-1332, CVE-2020-1594.
Buffer Overflow
A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected
CVE-2020-1595
8.8 - High
- September 11, 2020
A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1200, CVE-2020-1210, CVE-2020-1452, CVE-2020-1453, CVE-2020-1576.
Download of Code Without Integrity Check
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package
CVE-2020-1576
8.8 - High
- September 11, 2020
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1200, CVE-2020-1210, CVE-2020-1452, CVE-2020-1453, CVE-2020-1595.
Download of Code Without Integrity Check
A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data
CVE-2020-1523
4.3 - Medium
- September 11, 2020
A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data, aka 'Microsoft SharePoint Server Tampering Vulnerability'. This CVE ID is unique from CVE-2020-1440.
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server
CVE-2020-1514
5.4 - Medium
- September 11, 2020
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1198, CVE-2020-1227, CVE-2020-1345, CVE-2020-1482, CVE-2020-1575.
XSS
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server
CVE-2020-1482
6.1 - Medium
- September 11, 2020
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1198, CVE-2020-1227, CVE-2020-1345, CVE-2020-1514, CVE-2020-1575.
XSS
A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls
CVE-2020-1460
8.8 - High
- September 11, 2020
A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'.
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package
CVE-2020-1453
8.6 - High
- September 11, 2020
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1200, CVE-2020-1210, CVE-2020-1452, CVE-2020-1576, CVE-2020-1595.
Download of Code Without Integrity Check
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package
CVE-2020-1452
8.6 - High
- September 11, 2020
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1200, CVE-2020-1210, CVE-2020-1453, CVE-2020-1576, CVE-2020-1595.
Download of Code Without Integrity Check
A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data
CVE-2020-1440
4.3 - Medium
- September 11, 2020
A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data, aka 'Microsoft SharePoint Server Tampering Vulnerability'. This CVE ID is unique from CVE-2020-1523.
Improper Input Validation
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server
CVE-2020-1345
6.1 - Medium
- September 11, 2020
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1198, CVE-2020-1227, CVE-2020-1482, CVE-2020-1514, CVE-2020-1575.
XSS
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory
CVE-2020-1338
8.8 - High
- September 11, 2020
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1218.
Code Injection
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server
CVE-2020-1227
5.4 - Medium
- September 11, 2020
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1198, CVE-2020-1345, CVE-2020-1482, CVE-2020-1514, CVE-2020-1575.
XSS
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory
CVE-2020-1218
8.8 - High
- September 11, 2020
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1338.
Code Injection
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package
CVE-2020-1210
8.8 - High
- September 11, 2020
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1200, CVE-2020-1452, CVE-2020-1453, CVE-2020-1576, CVE-2020-1595.
Download of Code Without Integrity Check
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server
CVE-2020-1205
4.6 - Medium
- September 11, 2020
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'.
Improper Input Validation
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package
CVE-2020-1200
8.6 - High
- September 11, 2020
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1210, CVE-2020-1452, CVE-2020-1453, CVE-2020-1576, CVE-2020-1595.
Download of Code Without Integrity Check
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server
CVE-2020-1198
6.1 - Medium
- September 11, 2020
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1227, CVE-2020-1345, CVE-2020-1482, CVE-2020-1514, CVE-2020-1575.
XSS
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server
CVE-2020-1580
5.4 - Medium
- August 17, 2020
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1573.
XSS
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server
CVE-2020-1573
5.4 - Medium
- August 17, 2020
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1580.
XSS
An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory
CVE-2020-1505
5.5 - Medium
- August 17, 2020
An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory, aka 'Microsoft SharePoint Information Disclosure Vulnerability'.
Information Disclosure
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Sharepoint Server or by Microsoft? Click the Watch button to subscribe.
