Filtered by product Outlook
Subscribe
Total
256 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-8524 | 1 Microsoft | 4 Office, Office 365 Proplus, Outlook and 1 more | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8522, CVE-2018-8576, CVE-2018-8582. | |||||
| CVE-2019-9565 | 1 Druide | 1 Antidote | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| Druide Antidote RX, HD, 8 before 8.05.2287, 9 before 9.5.3937 and 10 before 10.1.2147 allows remote attackers to steal NTLM hashes or perform SMB relay attacks upon a direct launch of the product, or upon an indirect launch via an integration such as Chrome, Firefox, Word, Outlook, etc. This occurs because the product attempts to access a share with the PLUG-INS subdomain name; an attacker may be able to use Active Directory Domain Services to register that name. | |||||
| CVE-2018-16793 | 1 Microsoft | 1 Exchange Server | 2023-12-10 | 5.0 MEDIUM | 8.6 HIGH |
| Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page. | |||||
| CVE-2018-8522 | 1 Microsoft | 4 Office, Office 365 Proplus, Outlook and 1 more | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8524, CVE-2018-8576, CVE-2018-8582. | |||||
| CVE-2018-8579 | 1 Microsoft | 2 Office, Office 365 Proplus | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when attaching files to Outlook messages, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office. This CVE ID is unique from CVE-2018-8558. | |||||
| CVE-2018-0850 | 1 Microsoft | 2 Office, Outlook | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run allow an elevation of privilege vulnerability due to how the format of incoming message is validated, aka "Microsoft Outlook Elevation of Privilege Vulnerability". | |||||
| CVE-2018-8153 | 1 Microsoft | 1 Exchange Server | 2023-12-10 | 5.8 MEDIUM | 5.4 MEDIUM |
| A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Spoofing Vulnerability." This affects Microsoft Exchange Server. | |||||
| CVE-2018-0852 | 1 Microsoft | 2 Office, Outlook | 2023-12-10 | 9.3 HIGH | 8.8 HIGH |
| Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1 and RT SP1, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow a remote code execution vulnerability, due to how Outlook handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0851. | |||||
| CVE-2015-7962 | 1 Gemalto | 1 Safenet Authentication Service For Outlook Web App Agent | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| SafeNet Authentication Service for Outlook Web App Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. | |||||
| CVE-2018-8150 | 1 Microsoft | 1 Office | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| A security feature bypass vulnerability exists when the Microsoft Outlook attachment block filter does not properly handle attachments, aka "Microsoft Outlook Security Feature Bypass Vulnerability." This affects Microsoft Office. | |||||
| CVE-2018-8152 | 1 Microsoft | 1 Exchange Server | 2023-12-10 | 5.8 MEDIUM | 5.4 MEDIUM |
| An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server. | |||||
| CVE-2018-8244 | 1 Microsoft | 3 Office, Outlook, Outlook Rt | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| An elevation of privilege vulnerability exists when Microsoft Outlook does not validate attachment headers properly, aka "Microsoft Outlook Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Outlook. | |||||
| CVE-2018-8159 | 1 Microsoft | 1 Exchange Server | 2023-12-10 | 5.8 MEDIUM | 5.4 MEDIUM |
| An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server. | |||||
| CVE-2018-8160 | 1 Microsoft | 4 Office, Office Compatibility Pack, Sharepoint Server and 1 more | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists in Outlook when a message is opened, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Word, Microsoft Office. | |||||
| CVE-2018-0940 | 1 Microsoft | 1 Exchange Server | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| Microsoft Exchange Outlook Web Access (OWA) in Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumulative Update 7, and Microsoft Exchange Server 2016 Cumulative Update 8 allows an elevation of privilege vulnerability due to how links in the body of an email message are rewritten, aka "Microsoft Exchange Elevation of Privilege Vulnerability". | |||||
| CVE-2017-8559 | 1 Microsoft | 1 Exchange Server | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability". This CVE ID is unique from CVE-2017-8560. | |||||
| CVE-2018-0793 | 1 Microsoft | 3 Office, Office Compatibility Pack, Word | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
| Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013 allow a remote code execution vulnerability due to the way email messages are parsed, aka "Microsoft Outlook Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0791. | |||||
| CVE-2017-8571 | 1 Microsoft | 1 Outlook | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a security feature bypass vulnerability due to the way that it handles input, aka "Microsoft Office Outlook Security Feature Bypass Vulnerability". | |||||
| CVE-2017-11774 | 1 Microsoft | 1 Outlook | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka "Microsoft Outlook Security Feature Bypass Vulnerability." | |||||
| CVE-2018-2574 | 1 Oracle | 1 Siebel Customer Relationship Management Desktop | 2023-12-10 | 5.5 MEDIUM | 8.1 HIGH |
| Vulnerability in the Siebel CRM Desktop component of Oracle Siebel CRM (subcomponent: Outlook Client). Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel CRM Desktop. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Siebel CRM Desktop accessible data as well as unauthorized access to critical data or complete access to all Siebel CRM Desktop accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | |||||