All the vulnerabilites related to Microsoft Corporation - Microsoft Exchange Server
jvndb-2013-000071
Vulnerability from jvndb
Published
2013-07-17 13:56
Modified
2013-08-28 14:31
Summary
Oracle Outside In vulnerable to denial-of-service (DoS)
Details
Oracle Outside In is a library to decode over 500 file types. Oracle Outside In contains a denial-of-service (DoS) vulnerability.
Takahiro Haruyama of Internet Initiative Japan Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000071.html",
"dc:date": "2013-08-28T14:31+09:00",
"dcterms:issued": "2013-07-17T13:56+09:00",
"dcterms:modified": "2013-08-28T14:31+09:00",
"description": "Oracle Outside In is a library to decode over 500 file types. Oracle Outside In contains a denial-of-service (DoS) vulnerability.\r\n\r\nTakahiro Haruyama of Internet Initiative Japan Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000071.html",
"sec:cpe": [
{
"#text": "cpe:/a:ibm:websphere_portal",
"@product": "IBM WebSphere Portal",
"@vendor": "IBM Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:microsoft:exchange_server",
"@product": "Microsoft Exchange Server",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000071",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN68663052/index.html",
"@id": "JVN#68663052",
"@source": "JVN"
},
{
"#text": "http://jvn.jp/cert/JVNTA13-225A/index.html",
"@id": "JVNTA13-225A",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3776",
"@id": "CVE-2013-3776",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3776",
"@id": "CVE-2013-3776",
"@source": "NVD"
},
{
"#text": "http://www.ipa.go.jp/security/ciadr/vul/20130814-ms.html",
"@id": "Security Updates Available for Microsoft (August 2013)",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "http://www.jpcert.or.jp/at/2013/at130035.html",
"@id": "JPCERT-AT-2013-0035",
"@source": "JPCERT-WR"
},
{
"#text": "http://www.npa.go.jp/cyberpolice/topics/?seq=12042",
"@id": "Microsoft Security Bulletin for August 2013",
"@source": "AT-POLICE"
},
{
"#text": "http://www.us-cert.gov/ncas/alerts/TA13-225A",
"@id": "TA13-225",
"@source": "CERT-TA"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-noinfo",
"@title": "No Mapping(CWE-noinfo)"
}
],
"title": "Oracle Outside In vulnerable to denial-of-service (DoS)"
}
jvndb-2013-000070
Vulnerability from jvndb
Published
2013-07-17 13:45
Modified
2014-02-24 16:38
Summary
Oracle Outside In vulnerable to buffer overflow
Details
Oracle Outside In is a library to decode over 500 file types. Oracle Outside In contains a buffer overflow vulnerability.
Takahiro Haruyama of Internet Initiative Japan Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000070.html",
"dc:date": "2014-02-24T16:38+09:00",
"dcterms:issued": "2013-07-17T13:45+09:00",
"dcterms:modified": "2014-02-24T16:38+09:00",
"description": "Oracle Outside In is a library to decode over 500 file types. Oracle Outside In contains a buffer overflow vulnerability.\r\n\r\nTakahiro Haruyama of Internet Initiative Japan Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000070.html",
"sec:cpe": [
{
"#text": "cpe:/a:ibm:websphere_portal",
"@product": "IBM WebSphere Portal",
"@vendor": "IBM Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:microsoft:exchange_server",
"@product": "Microsoft Exchange Server",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:oracle:fusion_middleware",
"@product": "Oracle Fusion Middleware",
"@vendor": "Oracle Corporation",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000070",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN07497769/index.html",
"@id": "JVN#07497769",
"@source": "JVN"
},
{
"#text": "http://jvn.jp/cert/JVNTA13-225A/index.html",
"@id": "JVNTA13-225A",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3781",
"@id": "CVE-2013-3781",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3781",
"@id": "CVE-2013-3781",
"@source": "NVD"
},
{
"#text": "http://www.ipa.go.jp/security/ciadr/vul/20130717-jvn.html",
"@id": "Security Updates Available for Oracle Outside In (JVN#07497769)",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "http://www.ipa.go.jp/security/ciadr/vul/20130814-ms.html",
"@id": "Security Updates Available for Microsoft (August 2013) ",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "http://www.jpcert.or.jp/at/2013/at130035.html",
"@id": "JPCERT-AT-2013-0035",
"@source": "JPCERT-WR"
},
{
"#text": "http://www.npa.go.jp/cyberpolice/topics/?seq=12042",
"@id": "Microsoft Security Bulletin for August 2013",
"@source": "AT-POLICE"
},
{
"#text": "http://www.us-cert.gov/ncas/alerts/TA13-225A",
"@id": "TA13-225",
"@source": "CERT-TA"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-119",
"@title": "Buffer Errors(CWE-119)"
}
],
"title": "Oracle Outside In vulnerable to buffer overflow"
}
cve-2017-11761
Vulnerability from cvelistv5
Published
2017-09-13 01:00
Modified
2024-09-17 03:02
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016 allow an input sanitization issue with Microsoft Exchange that could potentially result in unintended Information Disclosure, aka "Microsoft Exchange Information Disclosure Vulnerability"
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11761 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1039320 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/100731 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Microsoft Corporation | Microsoft Exchange Server |
Version: Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:19:39.106Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11761"
},
{
"name": "1039320",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039320"
},
{
"name": "100731",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100731"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Exchange Server",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016"
}
]
}
],
"datePublic": "2017-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016 allow an input sanitization issue with Microsoft Exchange that could potentially result in unintended Information Disclosure, aka \"Microsoft Exchange Information Disclosure Vulnerability\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-13T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11761"
},
{
"name": "1039320",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039320"
},
{
"name": "100731",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100731"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-09-12T00:00:00",
"ID": "CVE-2017-11761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Exchange Server",
"version": {
"version_data": [
{
"version_value": "Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016 allow an input sanitization issue with Microsoft Exchange that could potentially result in unintended Information Disclosure, aka \"Microsoft Exchange Information Disclosure Vulnerability\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11761",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11761"
},
{
"name": "1039320",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039320"
},
{
"name": "100731",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100731"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-11761",
"datePublished": "2017-09-13T01:00:00Z",
"dateReserved": "2017-07-31T00:00:00",
"dateUpdated": "2024-09-17T03:02:51.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-11932
Vulnerability from cvelistv5
Published
2017-12-12 21:00
Modified
2024-09-17 04:29
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access (OWA) validates web requests, aka "Microsoft Exchange Spoofing Vulnerability".
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11932 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1039996 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/102060 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Microsoft Corporation | Microsoft Exchange Server |
Version: Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:28:15.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11932"
},
{
"name": "1039996",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039996"
},
{
"name": "102060",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102060"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Exchange Server",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5"
}
]
}
],
"datePublic": "2017-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access (OWA) validates web requests, aka \"Microsoft Exchange Spoofing Vulnerability\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-13T10:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11932"
},
{
"name": "1039996",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039996"
},
{
"name": "102060",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102060"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-12-12T00:00:00",
"ID": "CVE-2017-11932",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Exchange Server",
"version": {
"version_data": [
{
"version_value": "Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access (OWA) validates web requests, aka \"Microsoft Exchange Spoofing Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11932",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11932"
},
{
"name": "1039996",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039996"
},
{
"name": "102060",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102060"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-11932",
"datePublished": "2017-12-12T21:00:00Z",
"dateReserved": "2017-07-31T00:00:00",
"dateUpdated": "2024-09-17T04:29:17.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}