- Home
- CVEs with nessus.description==The remote Microsoft Exchange Server is missing a security update. It is, therefore, affected by multiple vulnerabilities :
- Multiple remote code execution vulnerabilities exist in the Oracle Outside In libraries. An unauthenticated, remote attacker can exploit these, via a specially crafted email, to execute arbitrary code.
(CVE-2015-6014, CVE-2016-3575, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, CVE-2016-3596)
- An unspecified information disclosure vulnerability exists in the Oracle Outside In libraries that allows an attacker to disclose sensitive information.
(CVE-2016-3574)
- Multiple denial of service vulnerabilities exists in the Oracle Outside In libraries. (CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3590)
- An information disclosure vulnerability exists due to improper parsing of certain unstructured file formats.
An unauthenticated, remote attacker can exploit this, via a crafted email using 'send as' rights, to disclose confidential user information. (CVE-2016-0138)
- An open redirect vulnerability exists due to improper handling of open redirect requests. An unauthenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to redirect the user to a malicious website that spoofs a legitimate one.
(CVE-2016-3378)
- An elevation of privilege vulnerability exists due to improper handling of meeting invitation requests. An unauthenticated, remote attacker can exploit this, via a specially crafted Outlook meeting invitation request, to gain elevated privileges. (CVE-2016-3379)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top