Sharepoint Server Microsoft Sharepoint Server

  1. Vendors
  2. Microsoft
  3. Sharepoint Server
Do you want an email whenever new security vulnerabilities are reported in Microsoft Sharepoint Server?

Recent Microsoft Sharepoint Server Security Advisories

Advisory Title Published
CVE-2021-40487 Microsoft SharePoint Server Remote Code Execution Vulnerability October 12, 2021
CVE-2021-40484 Microsoft SharePoint Server Spoofing Vulnerability October 12, 2021
CVE-2021-40482 Microsoft SharePoint Server Information Disclosure Vulnerability October 12, 2021
CVE-2021-40483 Microsoft SharePoint Server Spoofing Vulnerability October 12, 2021
CVE-2021-41344 Microsoft SharePoint Server Remote Code Execution Vulnerability October 12, 2021
CVE-2021-38651 Microsoft SharePoint Server Spoofing Vulnerability September 14, 2021
CVE-2021-38652 Microsoft SharePoint Server Spoofing Vulnerability September 14, 2021
CVE-2021-36940 Microsoft SharePoint Server Spoofing Vulnerability August 10, 2021
CVE-2021-34520 Microsoft SharePoint Server Remote Code Execution Vulnerability July 13, 2021
CVE-2021-34519 Microsoft SharePoint Server Information Disclosure Vulnerability July 13, 2021

@sharepoint Tweets

Sync the files in your #Microsoft 365 or Microsoft #SharePoint site libraries, so they’re always available on your… https://t.co/T3S5itdjna
Sat Oct 23 20:15:01 +0000 2021

Depending on the content you want to make available in the global navigation, you can configure your #SharePoint ho… https://t.co/NLk4Qo56wJ
Sat Oct 23 17:15:05 +0000 2021

#TheIntrazone ��️ "From paper to auto-classified documents" @GabrielKarawani [Co-Founder @ClearPeople], "… https://t.co/QjOc5bfrmC
Fri Oct 22 19:27:05 +0000 2021

#SharePoint site templates are flexible enough to address a variety of needs, make it easy to create and populate s… https://t.co/S56CXnRPWw
Fri Oct 22 19:07:02 +0000 2021

Custom #MicrosoftList Templates are a great way to extend the value of one solution to others with similar needs by… https://t.co/EWhYTJbRH4
Fri Oct 22 17:15:01 +0000 2021

By the Year

In 2021 there have been 43 vulnerabilities in Microsoft Sharepoint Server with an average score of 7.1 out of ten. Last year Sharepoint Server had 113 security vulnerabilities published. Right now, Sharepoint Server is on track to have less security vulnerabilities in 2021 than it did last year. However, the average CVE base score of the vulnerabilities in 2021 is greater by 0.40.

Year Vulnerabilities Average Score
2021 43 7.11
2020 113 6.71
2019 33 6.77
2018 25 6.46

It may take a day or so for new Sharepoint Server vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Sharepoint Server Security Vulnerabilities

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2021-40487 8.8 - High - October 13, 2021

Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41344.

Microsoft Word Remote Code Execution Vulnerability

CVE-2021-40486 7.8 - High - October 13, 2021

Microsoft Word Remote Code Execution Vulnerability

Microsoft SharePoint Server Spoofing Vulnerability

CVE-2021-40484 3.5 - Low - October 13, 2021

Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-40483.

Microsoft SharePoint Server Spoofing Vulnerability

CVE-2021-40483 3.5 - Low - October 13, 2021

Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-40484.

Microsoft SharePoint Server Information Disclosure Vulnerability

CVE-2021-40482 7.5 - High - October 13, 2021

Microsoft SharePoint Server Information Disclosure Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2021-41344 8.8 - High - October 13, 2021

Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40487.

Microsoft SharePoint Server Spoofing Vulnerability

CVE-2021-38651 3.5 - Low - September 15, 2021

Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-38652.

Microsoft SharePoint Server Spoofing Vulnerability

CVE-2021-36940 4.3 - Medium - August 12, 2021

Microsoft SharePoint Server Spoofing Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2021-34467 8.8 - High - July 16, 2021

Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34468, CVE-2021-34520.

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2021-34468 8 - High - July 14, 2021

Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34467, CVE-2021-34520.

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2021-34520 8.8 - High - July 14, 2021

Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34467, CVE-2021-34468.

Marshaling, Unmarshaling

Microsoft SharePoint Server Information Disclosure Vulnerability

CVE-2021-34519 3.5 - Low - July 14, 2021

Microsoft SharePoint Server Information Disclosure Vulnerability

Microsoft SharePoint Server Spoofing Vulnerability

CVE-2021-34517 5.3 - Medium - July 14, 2021

Microsoft SharePoint Server Spoofing Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2021-26420 8.8 - High - June 08, 2021

Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31963, CVE-2021-31966.

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2021-31966 7.2 - High - June 08, 2021

Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26420, CVE-2021-31963.

Microsoft SharePoint Server Information Disclosure Vulnerability

CVE-2021-31965 6.5 - Medium - June 08, 2021

Microsoft SharePoint Server Information Disclosure Vulnerability

Microsoft SharePoint Server Spoofing Vulnerability

CVE-2021-31964 8.1 - High - June 08, 2021

Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-31948, CVE-2021-31950.

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2021-31963 8.8 - High - June 08, 2021

Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26420, CVE-2021-31966.

Microsoft SharePoint Server Spoofing Vulnerability

CVE-2021-31950 8.1 - High - June 08, 2021

Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-31948, CVE-2021-31964.

XSPA

Microsoft SharePoint Server Spoofing Vulnerability

CVE-2021-31948 8.1 - High - June 08, 2021

Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-31950, CVE-2021-31964.

Improper Input Validation

Microsoft SharePoint Remote Code Execution Vulnerability

CVE-2021-31181 8.8 - High - May 11, 2021

Microsoft SharePoint Remote Code Execution Vulnerability

Microsoft SharePoint Information Disclosure Vulnerability

CVE-2021-31171 4.4 - Medium - May 11, 2021

Microsoft SharePoint Information Disclosure Vulnerability

Information Disclosure

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2021-28474 8.8 - High - May 11, 2021

Microsoft SharePoint Server Remote Code Execution Vulnerability

Command Injection

Microsoft SharePoint Server Information Disclosure Vulnerability

CVE-2021-31173 6.5 - Medium - May 11, 2021

Microsoft SharePoint Server Information Disclosure Vulnerability

Information Disclosure

Microsoft SharePoint Spoofing Vulnerability

CVE-2021-31172 7.1 - High - May 11, 2021

Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2021-26418, CVE-2021-28478.

Microsoft SharePoint Spoofing Vulnerability

CVE-2021-28478 7.1 - High - May 11, 2021

Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2021-26418, CVE-2021-31172.

Microsoft SharePoint Spoofing Vulnerability

CVE-2021-26418 7.1 - High - May 11, 2021

Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2021-28478, CVE-2021-31172.

AuthZ

Microsoft SharePoint Denial of Service Update

CVE-2021-28450 6.5 - Medium - April 13, 2021

Microsoft SharePoint Denial of Service Update

Microsoft Word Remote Code Execution Vulnerability

CVE-2021-28453 7.8 - High - April 13, 2021

Microsoft Word Remote Code Execution Vulnerability

Microsoft SharePoint Spoofing Vulnerability

CVE-2021-24104 5.4 - Medium - March 11, 2021

Microsoft SharePoint Spoofing Vulnerability

Improper Input Validation

Microsoft SharePoint Server Information Disclosure Vulnerability

CVE-2021-27052 6.5 - Medium - March 11, 2021

Microsoft SharePoint Server Information Disclosure Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2021-27076 8.8 - High - March 11, 2021

Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Spoofing Vulnerability

CVE-2021-1726 8 - High - February 25, 2021

Microsoft SharePoint Spoofing Vulnerability

Microsoft SharePoint Remote Code Execution Vulnerability

CVE-2021-24066 8.8 - High - February 25, 2021

Microsoft SharePoint Remote Code Execution Vulnerability

Marshaling, Unmarshaling

Microsoft SharePoint Information Disclosure Vulnerability

CVE-2021-24071 6.5 - Medium - February 25, 2021

Microsoft SharePoint Information Disclosure Vulnerability

Information Disclosure

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2021-24072 8.8 - High - February 25, 2021

Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Spoofing Vulnerability

CVE-2021-1641 5.4 - Medium - January 12, 2021

Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2021-1717.

Improper Input Validation

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2021-1707 8.8 - High - January 12, 2021

Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Elevation of Privilege Vulnerability

CVE-2021-1712 8 - High - January 12, 2021

Microsoft SharePoint Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1719.

Improper Privilege Management

Microsoft Word Remote Code Execution Vulnerability

CVE-2021-1715 7.8 - High - January 12, 2021

Microsoft Word Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1716.

Memory Corruption

Microsoft Word Remote Code Execution Vulnerability

CVE-2021-1716 7.8 - High - January 12, 2021

Microsoft Word Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1715.

Microsoft SharePoint Spoofing Vulnerability

CVE-2021-1717 5.4 - Medium - January 12, 2021

Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2021-1641.

Improper Input Validation

Microsoft SharePoint Elevation of Privilege Vulnerability

CVE-2021-1719 8 - High - January 12, 2021

Microsoft SharePoint Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1712.

Improper Privilege Management

Microsoft SharePoint Elevation of Privilege Vulnerability

CVE-2020-17089 8 - High - December 10, 2020

Microsoft SharePoint Elevation of Privilege Vulnerability

Improper Privilege Management

Microsoft SharePoint Spoofing Vulnerability

CVE-2020-17115 8 - High - December 10, 2020

Microsoft SharePoint Spoofing Vulnerability

Improper Input Validation

Microsoft SharePoint Remote Code Execution Vulnerability

CVE-2020-17118 9.8 - Critical - December 10, 2020

Microsoft SharePoint Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17121.

Microsoft SharePoint Information Disclosure Vulnerability

CVE-2020-17120 6.5 - Medium - December 10, 2020

Microsoft SharePoint Information Disclosure Vulnerability

Microsoft SharePoint Remote Code Execution Vulnerability

CVE-2020-17121 8.8 - High - December 10, 2020

Microsoft SharePoint Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17118.

Microsoft Excel Remote Code Execution Vulnerability

CVE-2020-17122 7.8 - High - December 10, 2020

Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17123, CVE-2020-17125, CVE-2020-17127, CVE-2020-17128, CVE-2020-17129.

Microsoft SharePoint Information Disclosure Vulnerability

CVE-2020-16979 6.5 - Medium - November 11, 2020

Microsoft SharePoint Information Disclosure Vulnerability This CVE ID is unique from CVE-2020-17017.

Microsoft SharePoint Spoofing Vulnerability

CVE-2020-17015 6.5 - Medium - November 11, 2020

Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2020-17016, CVE-2020-17060.

Improper Input Validation

Microsoft SharePoint Spoofing Vulnerability

CVE-2020-17016 8.8 - High - November 11, 2020

Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2020-17015, CVE-2020-17060.

Improper Input Validation

Microsoft SharePoint Information Disclosure Vulnerability

CVE-2020-17017 6.5 - Medium - November 11, 2020

Microsoft SharePoint Information Disclosure Vulnerability This CVE ID is unique from CVE-2020-16979.

Information Disclosure

Microsoft SharePoint Spoofing Vulnerability

CVE-2020-17060 5.4 - Medium - November 11, 2020

Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2020-17015, CVE-2020-17016.

Improper Input Validation

Microsoft SharePoint Remote Code Execution Vulnerability

CVE-2020-17061 8.8 - High - November 11, 2020

Microsoft SharePoint Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory

CVE-2020-16929 7.8 - High - October 16, 2020

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16930, CVE-2020-16931, CVE-2020-16932.

Dangling pointer

An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages

CVE-2020-16941 5.5 - Medium - October 16, 2020

An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka 'Microsoft SharePoint Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-16942, CVE-2020-16948, CVE-2020-16950, CVE-2020-16953.

Information Disclosure

An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages

CVE-2020-16942 4.4 - Medium - October 16, 2020

An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka 'Microsoft SharePoint Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-16941, CVE-2020-16948, CVE-2020-16950, CVE-2020-16953.

Information Disclosure

This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server

CVE-2020-16944 5.4 - Medium - October 16, 2020

This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka 'Microsoft SharePoint Reflective XSS Vulnerability'.

XSS

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server

CVE-2020-16945 5.4 - Medium - October 16, 2020

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-16946.

XSS

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server

CVE-2020-16946 5.4 - Medium - October 16, 2020

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-16945.

XSS

An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory

CVE-2020-16948 6.5 - Medium - October 16, 2020

An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory, aka 'Microsoft SharePoint Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-16941, CVE-2020-16942, CVE-2020-16950, CVE-2020-16953.

An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory

CVE-2020-16950 5.5 - Medium - October 16, 2020

An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory, aka 'Microsoft SharePoint Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-16941, CVE-2020-16942, CVE-2020-16948, CVE-2020-16953.

Information Disclosure

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package

CVE-2020-16951 7.8 - High - October 16, 2020

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16952.

Origin Validation Error

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package

CVE-2020-16952 7.8 - High - October 16, 2020

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16951.

Origin Validation Error

An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory

CVE-2020-16953 6.5 - Medium - October 16, 2020

An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory, aka 'Microsoft SharePoint Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-16941, CVE-2020-16942, CVE-2020-16948, CVE-2020-16950.

Information Disclosure

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server

CVE-2020-1198 6.1 - Medium - September 11, 2020

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1227, CVE-2020-1345, CVE-2020-1482, CVE-2020-1514, CVE-2020-1575.

XSS

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package

CVE-2020-1200 8.6 - High - September 11, 2020

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1210, CVE-2020-1452, CVE-2020-1453, CVE-2020-1576, CVE-2020-1595.

Download of Code Without Integrity Check

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server

CVE-2020-1205 4.6 - Medium - September 11, 2020

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'.

Improper Input Validation

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package

CVE-2020-1210 8.8 - High - September 11, 2020

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1200, CVE-2020-1452, CVE-2020-1453, CVE-2020-1576, CVE-2020-1595.

Download of Code Without Integrity Check

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory

CVE-2020-1218 8.8 - High - September 11, 2020

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1338.

Code Injection

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server

CVE-2020-1227 5.4 - Medium - September 11, 2020

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1198, CVE-2020-1345, CVE-2020-1482, CVE-2020-1514, CVE-2020-1575.

XSS

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory

CVE-2020-1335 8.8 - High - September 11, 2020

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1193, CVE-2020-1332, CVE-2020-1594.

Buffer Overflow

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory

CVE-2020-1338 8.8 - High - September 11, 2020

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1218.

Code Injection

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server

CVE-2020-1345 6.1 - Medium - September 11, 2020

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1198, CVE-2020-1227, CVE-2020-1482, CVE-2020-1514, CVE-2020-1575.

XSS

A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data

CVE-2020-1440 4.3 - Medium - September 11, 2020

A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data, aka 'Microsoft SharePoint Server Tampering Vulnerability'. This CVE ID is unique from CVE-2020-1523.

Improper Input Validation

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package

CVE-2020-1452 8.6 - High - September 11, 2020

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1200, CVE-2020-1210, CVE-2020-1453, CVE-2020-1576, CVE-2020-1595.

Download of Code Without Integrity Check

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package

CVE-2020-1453 8.6 - High - September 11, 2020

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1200, CVE-2020-1210, CVE-2020-1452, CVE-2020-1576, CVE-2020-1595.

Download of Code Without Integrity Check

A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls

CVE-2020-1460 8.8 - High - September 11, 2020

A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'.

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server

CVE-2020-1482 6.1 - Medium - September 11, 2020

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1198, CVE-2020-1227, CVE-2020-1345, CVE-2020-1514, CVE-2020-1575.

XSS

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server

CVE-2020-1514 5.4 - Medium - September 11, 2020

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1198, CVE-2020-1227, CVE-2020-1345, CVE-2020-1482, CVE-2020-1575.

XSS

A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data

CVE-2020-1523 4.3 - Medium - September 11, 2020

A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data, aka 'Microsoft SharePoint Server Tampering Vulnerability'. This CVE ID is unique from CVE-2020-1440.

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package

CVE-2020-1576 8.8 - High - September 11, 2020

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1200, CVE-2020-1210, CVE-2020-1452, CVE-2020-1453, CVE-2020-1595.

Download of Code Without Integrity Check

A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected

CVE-2020-1595 8.8 - High - September 11, 2020

A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1200, CVE-2020-1210, CVE-2020-1452, CVE-2020-1453, CVE-2020-1576.

Download of Code Without Integrity Check

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory

CVE-2020-1495 8.8 - High - August 17, 2020

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1494, CVE-2020-1496, CVE-2020-1498, CVE-2020-1504.

Buffer Overflow

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server

CVE-2020-1499 5.4 - Medium - August 17, 2020

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-1500, CVE-2020-1501.

Improper Input Validation

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server

CVE-2020-1500 5.4 - Medium - August 17, 2020

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-1499, CVE-2020-1501.

Improper Input Validation

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server

CVE-2020-1501 5.4 - Medium - August 17, 2020

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-1499, CVE-2020-1500.

Improper Input Validation

An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory

CVE-2020-1502 5.5 - Medium - August 17, 2020

An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory, aka 'Microsoft Word Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1503, CVE-2020-1583.

Information Disclosure

An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory

CVE-2020-1503 5.5 - Medium - August 17, 2020

An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory, aka 'Microsoft Word Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1502, CVE-2020-1583.

Information Disclosure

An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory

CVE-2020-1505 5.5 - Medium - August 17, 2020

An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory, aka 'Microsoft SharePoint Information Disclosure Vulnerability'.

Information Disclosure

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server

CVE-2020-1573 5.4 - Medium - August 17, 2020

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1580.

XSS

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server

CVE-2020-1580 5.4 - Medium - August 17, 2020

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1573.

XSS

An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory

CVE-2020-1583 5.5 - Medium - August 17, 2020

An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory, aka 'Microsoft Word Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1502, CVE-2020-1503.

Information Disclosure

An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation

CVE-2020-1025 9.8 - Critical - July 14, 2020

An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation, aka 'Microsoft Office Elevation of Privilege Vulnerability'.

Improper Privilege Management

A remote code execution vulnerability exists in .NET Framework

CVE-2020-1147 7.8 - High - July 14, 2020

A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.

An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable

CVE-2020-1342 5.5 - Medium - July 14, 2020

An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1445.

Use of Uninitialized Resource

A remote code execution vulnerability exists in PerformancePoint Services for SharePoint Server when the software fails to check the source markup of XML file input

CVE-2020-1439 8.8 - High - July 14, 2020

A remote code execution vulnerability exists in PerformancePoint Services for SharePoint Server when the software fails to check the source markup of XML file input, aka 'PerformancePoint Services Remote Code Execution Vulnerability'.

Marshaling, Unmarshaling

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server

CVE-2020-1443 5.4 - Medium - July 14, 2020

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'.

Injection

A remote code execution vulnerability exists in the way Microsoft SharePoint software parses specially crafted email messages

CVE-2020-1444 4.3 - Medium - July 14, 2020

A remote code execution vulnerability exists in the way Microsoft SharePoint software parses specially crafted email messages, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'.

Improper Input Validation

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft Sharepoint Server or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

Microsoft Sharepoint Server
Product

subscribe