Search
Total
23 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-1502 | 1 Microsoft | 4 365 Apps, Office, Office Online Server and 1 more | 2024-01-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| <p>An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.</p> <p>To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.</p> <p>The update addresses the vulnerability by changing the way certain Word functions handle objects in memory.</p> | |||||
| CVE-2020-1503 | 1 Microsoft | 7 365 Apps, Office, Office Online Server and 4 more | 2024-01-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| <p>An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.</p> <p>To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.</p> <p>The update addresses the vulnerability by changing the way certain Word functions handle objects in memory.</p> | |||||
| CVE-2020-1224 | 1 Microsoft | 6 365 Apps, Excel, Office and 3 more | 2023-12-31 | 4.3 MEDIUM | 5.5 MEDIUM |
| <p>An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.</p> <p>To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.</p> <p>The update addresses the vulnerability by changing the way certain Excel functions handle objects in memory.</p> | |||||
| CVE-2020-17126 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2023-12-31 | 2.1 LOW | 5.5 MEDIUM |
| Microsoft Excel Information Disclosure Vulnerability | |||||
| CVE-2021-28456 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2023-12-29 | 4.3 MEDIUM | 5.5 MEDIUM |
| Microsoft Excel Information Disclosure Vulnerability | |||||
| CVE-2021-34451 | 1 Microsoft | 1 Office Online Server | 2023-12-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Microsoft Office Online Server Spoofing Vulnerability | |||||
| CVE-2022-30159 | 1 Microsoft | 3 Office Online Server, Office Web Apps Server, Sharepoint Server | 2023-12-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Microsoft Office Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-30171, CVE-2022-30172. | |||||
| CVE-2022-30172 | 1 Microsoft | 3 Office Online Server, Office Web Apps Server, Sharepoint Server | 2023-12-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| Microsoft Office Information Disclosure Vulnerability | |||||
| CVE-2022-30171 | 1 Microsoft | 3 Office Online Server, Office Web Apps Server, Sharepoint Server | 2023-12-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| Microsoft Office Information Disclosure Vulnerability | |||||
| CVE-2022-22716 | 1 Microsoft | 7 365 Apps, Excel, Office and 4 more | 2023-08-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| Microsoft Excel Information Disclosure Vulnerability | |||||
| CVE-2021-31178 | 1 Microsoft | 6 365 Apps, Excel, Office and 3 more | 2023-08-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| Microsoft Office Information Disclosure Vulnerability | |||||
| CVE-2021-31174 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2023-08-02 | 2.1 LOW | 5.5 MEDIUM |
| Microsoft Excel Information Disclosure Vulnerability | |||||
| CVE-2021-40472 | 1 Microsoft | 6 365 Apps, Excel, Office and 3 more | 2023-08-01 | 2.1 LOW | 5.5 MEDIUM |
| Microsoft Excel Information Disclosure Vulnerability | |||||
| CVE-2020-1445 | 1 Microsoft | 6 365 Apps, Office, Office Online Server and 3 more | 2021-07-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1342. | |||||
| CVE-2020-0695 | 1 Microsoft | 1 Office Online Server | 2021-07-21 | 5.8 MEDIUM | 5.4 MEDIUM |
| A spoofing vulnerability exists when Office Online Server does not validate origin in cross-origin communications correctly, aka 'Microsoft Office Online Server Spoofing Vulnerability'. | |||||
| CVE-2020-1342 | 1 Microsoft | 7 365 Apps, Office, Office Online Server and 4 more | 2021-07-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1445. | |||||
| CVE-2020-0647 | 1 Microsoft | 1 Office Online Server | 2021-07-21 | 5.8 MEDIUM | 5.4 MEDIUM |
| A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications correctly, aka 'Microsoft Office Online Spoofing Vulnerability'. | |||||
| CVE-2019-1447 | 1 Microsoft | 1 Office Online Server | 2020-08-24 | 5.8 MEDIUM | 5.4 MEDIUM |
| A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications handlers correctly, aka 'Microsoft Office Online Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1445. | |||||
| CVE-2019-1445 | 1 Microsoft | 1 Office Online Server | 2020-08-24 | 5.8 MEDIUM | 5.4 MEDIUM |
| A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications handlers correctly, aka 'Microsoft Office Online Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1447. | |||||
| CVE-2020-1442 | 1 Microsoft | 2 Office Online Server, Office Web Apps | 2020-07-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A spoofing vulnerability exists when an Office Web Apps server does not properly sanitize a specially crafted request, aka 'Office Web Apps XSS Vulnerability'. | |||||
| CVE-2019-1446 | 1 Microsoft | 7 Excel, Excel Services, Office and 4 more | 2019-11-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'. | |||||
| CVE-2018-8247 | 1 Microsoft | 2 Office Online Server, Office Web Apps | 2019-10-03 | 5.8 MEDIUM | 5.4 MEDIUM |
| An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web requests, aka "Microsoft Office Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Office Online Server. This CVE ID is unique from CVE-2018-8245. | |||||
| CVE-2017-0195 | 1 Microsoft | 5 Excel Web App, Office Online Server, Office Web Apps and 2 more | 2017-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Microsoft Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1 and Office Online Server allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request, aka "Microsoft Office XSS Elevation of Privilege Vulnerability." | |||||