Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2004-2694

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-06 Oct, 2007 | 20:00
Updated At-08 Aug, 2024 | 01:36
Rejected At-
Credits

Microsoft Outlook Express 6.0 allows remote attackers to bypass intended access restrictions, load content from arbitrary sources into the Outlook context, and facilitate phishing attacks via a "BASE HREF" with the target set to "_top".

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:06 Oct, 2007 | 20:00
Updated At:08 Aug, 2024 | 01:36
Rejected At:
â–¼CVE Numbering Authority (CNA)

Microsoft Outlook Express 6.0 allows remote attackers to bypass intended access restrictions, load content from arbitrary sources into the Outlook context, and facilitate phishing attacks via a "BASE HREF" with the target set to "_top".

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://marc.info/?l=bugtraq&m=108448627120764&w=2
mailing-list
x_refsource_BUGTRAQ
http://secunia.com/advisories/11607
third-party-advisory
x_refsource_SECUNIA
http://www.osvdb.org/6121
vdb-entry
x_refsource_OSVDB
Hyperlink: http://marc.info/?l=bugtraq&m=108448627120764&w=2
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://secunia.com/advisories/11607
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.osvdb.org/6121
Resource:
vdb-entry
x_refsource_OSVDB
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://marc.info/?l=bugtraq&m=108448627120764&w=2
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://secunia.com/advisories/11607
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.osvdb.org/6121
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=108448627120764&w=2
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://secunia.com/advisories/11607
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.osvdb.org/6121
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:31 Dec, 2004 | 05:00
Updated At:03 Apr, 2025 | 01:03

Microsoft Outlook Express 6.0 allows remote attackers to bypass intended access restrictions, load content from arbitrary sources into the Outlook context, and facilitate phishing attacks via a "BASE HREF" with the target set to "_top".

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
Type: Primary
Version: 2.0
Base score: 5.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:N
CPE Matches
Microsoft Corporation
microsoft
>>outlook_express>>6.0
cpe:2.3:a:microsoft:outlook_express:6.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-264Primarynvd@nist.gov
CWE ID: CWE-264
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://marc.info/?l=bugtraq&m=108448627120764&w=2cve@mitre.org
N/A
http://secunia.com/advisories/11607cve@mitre.org
Vendor Advisory
http://www.osvdb.org/6121cve@mitre.org
N/A
http://marc.info/?l=bugtraq&m=108448627120764&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/11607af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.osvdb.org/6121af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://marc.info/?l=bugtraq&m=108448627120764&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/11607
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.osvdb.org/6121
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=108448627120764&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/11607
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.osvdb.org/6121
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

85Records found
CVE-2018-0803
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.2||MEDIUM
EPSS-3.66% / 87.60%
||
7 Day CHG~0.00%
Published-04 Jan, 2018 | 14:00
Updated-16 Sep, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to access information from one domain and inject it into another domain, due to how Microsoft Edge enforces cross-domain policies, aka "Microsoft Edge Elevation of Privilege Vulnerability".

Action-Not Available
Vendor-Microsoft Corporation
Product-edgewindows_server_2016windows_10Microsoft Edge
CWE ID-CWE-863
Incorrect Authorization
CVE-2017-3105
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.1||MEDIUM
EPSS-0.44% / 62.55%
||
7 Day CHG~0.00%
Published-01 Dec, 2017 | 08:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe RoboHelp has an Open Redirect vulnerability. This affects versions before RH12.0.4.460 and RH2017 before RH2017.0.2.

Action-Not Available
Vendor-n/aAdobe Inc.Microsoft Corporation
Product-robohelpwindowsAdobe RoboHelp RH2017.0.1 and earlier versions
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2017-0154
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.99% / 76.46%
||
7 Day CHG~0.00%
Published-17 Mar, 2017 | 00:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 11 on Windows 10, 1511, and 1606 and Windows Server 2016 does not enforce cross-domain policies, allowing attackers to access information from one domain and inject it into another via a crafted application, aka, "Internet Explorer Elevation of Privilege Vulnerability."

Action-Not Available
Vendor-Microsoft Corporation
Product-internet_explorerwindows_10windows_server_2016Internet Explorer
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2016-8961
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.15% / 36.17%
||
7 Day CHG~0.00%
Published-01 Feb, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM BigFix Inventory v9 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.

Action-Not Available
Vendor-Linux Kernel Organization, IncOracle CorporationHP Inc.IBM CorporationMicrosoft Corporation
Product-bigfix_inventorylicense_metric_toolaixsolarishp-uxlinux_kernelwindowsBigFix Inventory
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2021-34469
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.2||HIGH
EPSS-0.83% / 74.18%
||
7 Day CHG~0.00%
Published-14 Jul, 2021 | 17:54
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Security Feature Bypass Vulnerability

Microsoft Office Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsofficeMicrosoft 365 Apps for EnterpriseMicrosoft Office 2013 Service Pack 1Microsoft Office 2016Microsoft Office 2019
CVE-2021-34492
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-1.80% / 82.44%
||
7 Day CHG~0.00%
Published-14 Jul, 2021 | 17:54
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Certificate Spoofing Vulnerability

Windows Certificate Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2020-17063
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.44% / 80.43%
||
7 Day CHG~0.00%
Published-11 Nov, 2020 | 06:48
Updated-10 Sep, 2024 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Online Spoofing Vulnerability

Microsoft Office Online Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsofficeMicrosoft 365 Apps for EnterpriseMicrosoft Office 2019
CVE-2020-17060
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.89% / 75.12%
||
7 Day CHG~0.00%
Published-11 Nov, 2020 | 06:48
Updated-10 Sep, 2024 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Spoofing Vulnerability

Microsoft SharePoint Server Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_enterprise_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Server 2010 Service Pack 2Microsoft SharePoint Enterprise Server 2013 Service Pack 1
CVE-2020-17153
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.59% / 68.68%
||
7 Day CHG~0.00%
Published-09 Dec, 2020 | 23:36
Updated-28 Aug, 2025 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge for Android Spoofing Vulnerability

Microsoft Edge for Android Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-edgeMicrosoft Edge for Android
CVE-2016-6154
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.21% / 43.56%
||
7 Day CHG~0.00%
Published-23 Aug, 2019 | 21:06
Updated-06 Aug, 2024 | 01:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect).

Action-Not Available
Vendor-n/aWatchGuard Technologies, Inc.Microsoft Corporation
Product-windowsfirewaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2020-1220
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.29% / 52.13%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 19:43
Updated-04 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A spoofing vulnerability exists when theMicrosoft Edge (Chromium-based) in IE Mode improperly handles specific redirects, aka 'Microsoft Edge (Chromium-based) in IE Mode Spoofing Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008edgeMicrosoft Edge (Chromium-based) in IE Mode on Windows Server 2012Microsoft Edge (Chromium-based) in IE Mode on Windows 10 Version 1903 for 32-bit SystemsMicrosoft Edge (Chromium-based) in IE Mode on Windows 10 Version 1709 for 32-bit SystemsMicrosoft Edge (Chromium-based) in IE Mode on Windows 8.1 for x64-based systemsMicrosoft Edge (Chromium-based) in IE Mode on Windows 7 for x64-based Systems Service Pack 1Microsoft Edge (Chromium-based) in IE Mode on Windows 8.1 for 32-bit systemsMicrosoft Edge (Chromium-based) in IE Mode on Windows Server 2019Microsoft Edge (Chromium-based) in IE Mode on Windows 10 Version 2004 for x64-based SystemsMicrosoft Edge (Chromium-based) in IE Mode on Windows 10 for 32-bit SystemsMicrosoft Edge (Chromium-based) in IE Mode on Windows 10 Version 2004 for ARM64-based SystemsMicrosoft Edge (Chromium-based) in IE Mode on Windows 10 Version 1803 for x64-based SystemsMicrosoft Edge (Chromium-based) in IE Mode on Windows 10 Version 1903 for x64-based SystemsMicrosoft Edge (Chromium-based) in IE Mode on Windows 10 Version 1909 for x64-based SystemsMicrosoft Edge (Chromium-based) in IE Mode on Windows 10 Version 1709 for x64-based SystemsMicrosoft Edge (Chromium-based) in IE Mode on Windows 10 Version 1607 for x64-based SystemsMicrosoft Edge (Chromium-based) in IE Mode on Windows 10 Version 1709 for ARM64-based SystemsMicrosoft Edge (Chromium-based) in IE Mode on Windows 10 Version 1809 for x64-based SystemsMicrosoft Edge (Chromium-based) in IE Mode on Windows Server 2016Microsoft Edge (Chromium-based) in IE Mode on Windows 10 Version 2004 for 32-bit SystemsMicrosoft Edge (Chromium-based) in IE Mode on Windows 10 Version 1803 for 32-bit SystemsMicrosoft Edge (Chromium-based) in IE Mode on Windows 10 for x64-based SystemsMicrosoft Edge (Chromium-based) in IE Mode on Windows 10 Version 1607 for 32-bit SystemsMicrosoft Edge (Chromium-based) in IE Mode on Windows 10 Version 1903 for ARM64-based SystemsMicrosoft Edge (Chromium-based) in IE Mode on Windows Server 2008 R2 for x64-based Systems Service Pack 1Microsoft Edge (Chromium-based) in IE Mode on Windows 7 for 32-bit Systems Service Pack 1Microsoft Edge (Chromium-based) in IE Mode on Windows RT 8.1Microsoft Edge (Chromium-based) in IE Mode on Windows 10 Version 1809 for 32-bit SystemsMicrosoft Edge (Chromium-based) in IE Mode on Windows 10 Version 1803 for ARM64-based SystemsMicrosoft Edge (Chromium-based) in IE Mode on Windows 10 Version 1909 for 32-bit SystemsMicrosoft Edge (Chromium-based) in IE Mode on Windows Server 2012 R2Microsoft Edge (Chromium-based) in IE Mode on Windows 10 Version 1909 for ARM64-based SystemsMicrosoft Edge (Chromium-based) in IE Mode on Windows 10 Version 1809 for ARM64-based Systems
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2010-2732
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.8||MEDIUM
EPSS-32.26% / 96.72%
||
7 Day CHG~0.00%
Published-10 Nov, 2010 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect vulnerability in the web interface in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka "UAG Redirection Spoofing Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-forefront_unified_access_gatewayn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1447
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.79% / 73.46%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 18:53
Updated-04 Aug, 2024 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications handlers correctly, aka 'Microsoft Office Online Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1445.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_online_serverOffice Online Server
CWE ID-CWE-346
Origin Validation Error
CVE-2019-1445
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.79% / 73.46%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 18:53
Updated-04 Aug, 2024 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications handlers correctly, aka 'Microsoft Office Online Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1447.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_online_serverOffice Online Server
CWE ID-CWE-346
Origin Validation Error
CVE-2019-1486
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.29% / 52.15%
||
7 Day CHG~0.00%
Published-10 Dec, 2019 | 21:41
Updated-04 Aug, 2024 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A spoofing vulnerability exists in Visual Studio Live Share when a guest connected to a Live Share session is redirected to an arbitrary URL specified by the session host, aka 'Visual Studio Live Share Spoofing Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_live_sharevisual_studio_2019Microsoft Visual Studio Live Share extensionMicrosoft Visual Studio 2019Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2010-1409
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.86% / 74.64%
||
7 Day CHG~0.00%
Published-11 Jun, 2010 | 17:28
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incomplete blacklist vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to trigger disclosure of data over IRC via vectors involving an IRC service port.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-windows_7webkitwindows_xpwindows_vistasafarimac_os_xmac_os_x_servern/a
CVE-2019-1075
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.42% / 61.20%
||
7 Day CHG~0.00%
Published-15 Jul, 2019 | 18:56
Updated-04 Aug, 2024 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A spoofing vulnerability exists in ASP.NET Core that could lead to an open redirect, aka 'ASP.NET Core Spoofing Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-asp.net_coreASP.NET Core
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2019-0670
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.42% / 61.44%
||
7 Day CHG~0.00%
Published-06 Mar, 2019 | 00:00
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A spoofing vulnerability exists in Microsoft SharePoint when the application does not properly parse HTTP content, aka 'Microsoft SharePoint Spoofing Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_foundationsharepoint_enterprise_serverMicrosoft SharePoint Enterprise ServerMicrosoft SharePoint Foundation
CWE ID-CWE-20
Improper Input Validation
CVE-2019-0817
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-1.70% / 81.95%
||
7 Day CHG~0.00%
Published-09 Apr, 2019 | 20:16
Updated-04 Aug, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0858.

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2016Microsoft Exchange ServerMicrosoft Exchange Server 2019Microsoft Exchange Server 2013
CWE ID-CWE-19
Not Available
CVE-2019-0686
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.4||HIGH
EPSS-3.23% / 86.77%
||
7 Day CHG~0.00%
Published-06 Mar, 2019 | 00:00
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0724.

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2010Microsoft Exchange Server 2013Microsoft Exchange Server 2016Microsoft Exchange Server 2019
CVE-2018-8152
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-2.38% / 84.67%
||
7 Day CHG~0.00%
Published-09 May, 2018 | 19:00
Updated-05 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-8448
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-1.35% / 79.77%
||
7 Day CHG~0.00%
Published-10 Oct, 2018 | 13:00
Updated-05 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-8581
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.4||HIGH
EPSS-91.50% / 99.65%
||
7 Day CHG-0.00%
Published-14 Nov, 2018 | 01:00
Updated-28 Oct, 2025 | 14:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-17||Apply updates per vendor instructions.

An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange ServerExchange Server
CVE-2018-8567
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-1.24% / 78.90%
||
7 Day CHG~0.00%
Published-14 Nov, 2018 | 01:00
Updated-05 Aug, 2024 | 07:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge.

Action-Not Available
Vendor-Microsoft Corporation
Product-edgewindows_serverwindows_10Microsoft Edge
CVE-2018-8512
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-1.67% / 81.79%
||
7 Day CHG~0.00%
Published-10 Oct, 2018 | 13:00
Updated-05 Aug, 2024 | 07:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security feature bypass vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8530.

Action-Not Available
Vendor-Microsoft Corporation
Product-edgewindows_10Microsoft Edge
CWE ID-CWE-20
Improper Input Validation
CVE-2018-8153
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-1.47% / 80.60%
||
7 Day CHG~0.00%
Published-09 May, 2018 | 19:00
Updated-05 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Spoofing Vulnerability." This affects Microsoft Exchange Server.

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2018-8159
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-2.38% / 84.67%
||
7 Day CHG~0.00%
Published-09 May, 2018 | 19:00
Updated-05 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-8247
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-1.87% / 82.77%
||
7 Day CHG-1.06%
Published-14 Jun, 2018 | 12:00
Updated-05 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web requests, aka "Microsoft Office Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Office Online Server. This CVE ID is unique from CVE-2018-8245.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_online_serveroffice_web_appsMicrosoft OfficeMicrosoft Office Online Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-8278
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.64% / 70.15%
||
7 Day CHG~0.00%
Published-11 Jul, 2018 | 00:00
Updated-05 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10edgeMicrosoft Edge
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2013-1299
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.8||MEDIUM
EPSS-17.84% / 94.96%
||
7 Day CHG~0.00%
Published-29 Mar, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Windows Modern Mail allows remote attackers to spoof link targets via a crafted HTML e-mail message.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-modern_mailwindows_server_2012windows_rtwindows_8n/a
CVE-2009-2069
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-2.95% / 86.13%
||
7 Day CHG~0.00%
Published-15 Jun, 2009 | 19:00
Updated-07 Aug, 2024 | 05:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorerien/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-2057
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-11.95% / 93.59%
||
7 Day CHG~0.00%
Published-15 Jun, 2009 | 19:00
Updated-17 Sep, 2024 | 01:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorerien/a
CWE ID-CWE-287
Improper Authentication
CVE-2011-1244
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.8||MEDIUM
EPSS-6.89% / 91.18%
||
7 Day CHG~0.00%
Published-13 Apr, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 6, 7, and 8 does not enforce intended domain restrictions on content access, which allows remote attackers to obtain sensitive information or conduct clickjacking attacks via a crafted web site, aka "Frame Tag Information Disclosure Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_xpwindows_server_2008windows_server_2003windows_vistainternet_explorern/a
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
CVE-2021-1730
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-2.01% / 83.39%
||
7 Day CHG~0.00%
Published-25 Feb, 2021 | 23:01
Updated-03 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Exchange Server Spoofing Vulnerability

<p>A spoofing vulnerability exists in Microsoft Exchange Server which could result in an attack that would allow a malicious actor to impersonate the user.</p> <p>This update addresses this vulnerability.</p> <p>To prevent these types of attacks, Microsoft recommends customers to download inline images from different DNSdomains than the rest of OWA. Please see further instructions in the FAQ to put in place this mitigations.</p>

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2016 Cumulative Update 18Microsoft Exchange Server 2019 Cumulative Update 7
CVE-2021-1629
Matching Score-8
Assigner-Salesforce, Inc.
ShareView Details
Matching Score-8
Assigner-Salesforce, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.29% / 52.00%
||
7 Day CHG~0.00%
Published-26 Mar, 2021 | 16:20
Updated-03 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tableau Server fails to validate certain URLs that are embedded in emails sent to Tableau Server users.

Action-Not Available
Vendor-tableaun/aLinux Kernel Organization, IncMicrosoft Corporation
Product-windowstableau_serverlinux_kernelTableau
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
  • Previous
  • 1
  • 2
  • Next
Details not found