Office Security Vulnerabilities

CVE-2023-32755

e-Excellence U-Office Force generates an error message in webiste service. An unauthenticated remote attacker can obtain partial sensitive system information from error message by sending a crafted...

CVE-2023-32119

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPO365 | Mail Integration for Office 365 / Outlook plugin <= 1.9.0...

CVE-2023-36897

Visual Studio Tools for Office Runtime Spoofing...

CVE-2023-36893

Microsoft Outlook Spoofing...

CVE-2023-36896

Microsoft Excel Remote Code Execution...

CVE-2023-36895

Microsoft Outlook Remote Code Execution...

CVE-2023-36865

Microsoft Office Visio Remote Code Execution...

CVE-2023-36866

Microsoft Office Visio Remote Code Execution...

CVE-2023-35371

Microsoft Office Remote Code Execution...

CVE-2023-35372

Microsoft Office Visio Remote Code Execution...

CVE-2023-34798

An arbitrary file upload vulnerability in eoffice before v9.5 allows attackers to execute arbitrary code via uploading a crafted...

CVE-2023-35311

Microsoft Outlook Security Feature Bypass...

CVE-2023-33162

Microsoft Excel Information Disclosure...

CVE-2023-33161

Microsoft Excel Remote Code Execution...

CVE-2023-33158

Microsoft Excel Remote Code Execution...

CVE-2023-33150

Microsoft Office Security Feature Bypass...

CVE-2023-33148

Microsoft Office Elevation of Privilege...

CVE-2023-33152

Microsoft ActiveX Remote Code Execution...

CVE-2023-33149

Microsoft Office Graphics Remote Code Execution...

CVE-2023-33153

Microsoft Outlook Remote Code Execution...

CVE-2023-33151

Microsoft Outlook Spoofing...

CVE-2023-28295

Microsoft Publisher Remote Code Execution...

CVE-2023-28287

Microsoft Publisher Remote Code Execution...

CVE-2023-33131

Microsoft Outlook Remote Code Execution...

CVE-2023-33146

Microsoft Office Remote Code Execution...

CVE-2023-33137

Microsoft Excel Remote Code Execution...

CVE-2023-33133

Microsoft Excel Remote Code Execution...

CVE-2023-32029

Microsoft Excel Remote Code Execution...

CVE-2023-32548

OS command injection vulnerability exists in WPS Office version 10.8.0.6186. If a remote attacker who can conduct a man-in-the-middle attack connects the product to a malicious server and sends a specially crafted data, an arbitrary OS command may be executed on the system where the product is...

CVE-2023-29344

Microsoft Office Remote Code Execution...

CVE-2023-3035

A vulnerability has been found in Guangdong Pythagorean OA Office System up to 4.50.31 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Schedule Handler. The manipulation of the argument description leads to cross site scripting. The attack....

CVE-2023-3029

A vulnerability has been found in Guangdong Pythagorean OA Office System up to 4.50.31 and classified as problematic. This vulnerability affects unknown code of the file /note/index/delete. The manipulation of the argument id leads to cross-site request forgery. The attack can be initiated...

CVE-2022-35742

Microsoft Outlook Denial of Service...

CVE-2022-4418

Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build...

CVE-2023-0858

Improper Authentication of RemoteUI of Office / Small Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger unauthorized access to the product. :Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and...

CVE-2023-0859

Arbitrary Files can be installed in the Setting Data Import function of Office / Small Office Multifunction Printers and Laser Printers(). :Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C...

CVE-2023-0856

Buffer overflow in IPP sides attribute process of Office / Small Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. :Satera LBP660C Series/LBP620C Series/MF740C...

CVE-2023-0855

Buffer overflow in IPP number-up attribute process of Office / Small Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. :Satera LBP660C Series/LBP620C Series/MF740C...

CVE-2023-0854

Buffer overflow in NetBIOS QNAME registering and communication process of Office / Small Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. :Satera LBP660C...

CVE-2023-0857

Unintentional change of settings during initial registration of system administrators which uses control protocols. The affected Office / Small Office Multifunction Printers and Laser Printers() may allow an attacker on the network segment to trigger unauthorized access to the product. :Satera...

CVE-2023-0852

Buffer overflow in the Address Book of Mobile Device function of Office / Small Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. :Satera LBP660C Series/LBP620C...

CVE-2023-0853

Buffer overflow in mDNS NSEC record registering process of Office / Small Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. :Satera LBP660C Series/LBP620C...

CVE-2023-0851

Buffer overflow in CPCA Resource Download process of Office / Small Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. :Satera LBP660C Series/LBP620C Series/MF740C...

CVE-2023-2647

A vulnerability was found in Weaver E-Office 9.5 and classified as critical. Affected by this issue is some unknown functionality of the file /webroot/inc/utility_all.php of the component File Upload Handler. The manipulation leads to command injection. The attack may be launched remotely. The...

CVE-2023-2648

A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit...

CVE-2023-29335

Microsoft Word Security Feature Bypass...

CVE-2023-24953

Microsoft Excel Remote Code Execution...

CVE-2023-29333

Microsoft Access Denial of Service...

CVE-2023-2523

A vulnerability was found in Weaver E-Office 9.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file App/Ajax/ajax.php?action=mobile_upload_save. The manipulation of the argument upload_quwan leads to unrestricted upload. The attack may be launched...

CVE-2023-28311

Microsoft Word Remote Code Execution...