Filtered by vendor Microsoft
Subscriptions
Filtered by product Exchange Server
Subscriptions
Total
236 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-1876 | 1 Microsoft | 1 Exchange Server | 2025-04-03 | N/A |
| Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS. | ||||
| CVE-2004-0840 | 1 Microsoft | 3 Exchange Server, Windows Server 2003, Windows Xp | 2025-04-03 | N/A |
| The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated. | ||||
| CVE-2002-0368 | 1 Microsoft | 1 Exchange Server | 2025-04-03 | N/A |
| The Store Service in Microsoft Exchange 2000 allows remote attackers to cause a denial of service (CPU consumption) via a mail message with a malformed RFC message attribute, aka "Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources." | ||||
| CVE-2005-0560 | 1 Microsoft | 1 Exchange Server | 2025-04-03 | N/A |
| Heap-based buffer overflow in the SvrAppendReceivedChunk function in xlsasink.dll in the SMTP service of Exchange Server 2000 and 2003 allows remote attackers to execute arbitrary code via a crafted X-LINK2STATE extended verb request to the SMTP port. | ||||
| CVE-2001-0660 | 1 Microsoft | 1 Exchange Server | 2025-04-03 | N/A |
| Outlook Web Access (OWA) in Microsoft Exchange 5.5, SP4 and earlier, allows remote attackers to identify valid user email addresses by directly accessing a back-end function that processes the global address list (GAL). | ||||
| CVE-2001-0146 | 1 Microsoft | 2 Exchange Server, Internet Information Services | 2025-04-03 | N/A |
| IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's. | ||||
| CVE-2000-0524 | 1 Microsoft | 2 Exchange Server, Outlook | 2025-04-03 | N/A |
| Microsoft Outlook and Outlook Express allow remote attackers to cause a denial of service by sending email messages with blank fields such as BCC, Reply-To, Return-Path, or From. | ||||
| CVE-2002-0055 | 1 Microsoft | 3 Exchange Server, Windows 2000, Windows Xp | 2025-04-03 | N/A |
| SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request. | ||||
| CVE-2001-0340 | 1 Microsoft | 1 Exchange Server | 2025-04-03 | N/A |
| An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically. | ||||
| CVE-1999-0993 | 1 Microsoft | 1 Exchange Server | 2025-04-03 | N/A |
| Modifications to ACLs (Access Control Lists) in Microsoft Exchange 5.5 do not take effect until the directory store cache is refreshed. | ||||
| CVE-2000-1139 | 1 Microsoft | 1 Exchange Server | 2025-04-03 | N/A |
| The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability. | ||||
| CVE-2021-31198 | 1 Microsoft | 1 Exchange Server | 2025-02-28 | 7.8 High |
| Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
| CVE-2020-0903 | 1 Microsoft | 1 Exchange Server | 2025-02-28 | 5.4 Medium |
| A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Server Spoofing Vulnerability'. | ||||
| CVE-2023-21745 | 1 Microsoft | 1 Exchange Server | 2025-02-28 | 8 High |
| Microsoft Exchange Server Spoofing Vulnerability | ||||
| CVE-2023-21762 | 1 Microsoft | 1 Exchange Server | 2025-02-28 | 8 High |
| Microsoft Exchange Server Spoofing Vulnerability | ||||
| CVE-2023-21707 | 1 Microsoft | 1 Exchange Server | 2025-02-28 | 8.8 High |
| Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
| CVE-2023-21710 | 1 Microsoft | 1 Exchange Server | 2025-02-28 | 7.2 High |
| Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
| CVE-2023-28310 | 1 Microsoft | 1 Exchange Server | 2025-02-28 | 8 High |
| Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
| CVE-2023-32031 | 1 Microsoft | 1 Exchange Server | 2025-02-28 | 8.8 High |
| Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
| CVE-2021-31209 | 1 Microsoft | 1 Exchange Server | 2025-02-28 | 6.5 Medium |
| Microsoft Exchange Server Spoofing Vulnerability | ||||