Office Security Vulnerabilities

CVE-2022-41043

Microsoft Office Information Disclosure...

CVE-2022-38049

Microsoft Office Graphics Remote Code Execution...

CVE-2022-38001

Microsoft Office Spoofing...

CVE-2022-33896

A buffer underflow vulnerability exists in the way Hword of Hancom Office 2020 version 11.0.0.5357 parses XML-based office files. A specially-crafted malformed file can cause memory corruption by using memory before buffer start, which can lead to code execution. A victim would need to access a...

CVE-2022-37963

Microsoft Office Visio Remote Code Execution...

CVE-2022-37962

Microsoft PowerPoint Remote Code Execution...

CVE-2022-38010

Microsoft Office Visio Remote Code Execution...

CVE-2021-25657

A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB Creator 11.1 Feature Pack 2 Service Pack 1 and earlier...

CVE-2022-32583

Operation restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Scheduler via unspecified...

CVE-2022-33151

Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows remote attackers to inject an arbitrary script via unspecified...

CVE-2022-29487

Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified...

CVE-2022-28715

Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified...

CVE-2022-32453

HTTP header injection vulnerability in Cybozu Office 10.0.0 to 10.8.5 may allow a remote attacker to obtain and/or alter the data of the product via unspecified...

CVE-2022-30693

Information disclosure vulnerability in the system configuration of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to obtain the data of the product via unspecified...

CVE-2022-32544

Operation restriction bypass vulnerability in Project of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Project via unspecified...

CVE-2022-30604

Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified...

CVE-2022-29891

Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Custom App via unspecified...

CVE-2022-32283

Browse restriction bypass vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Cabinet via unspecified...

CVE-2022-33311

Browse restriction bypass vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Address Book via unspecified...

CVE-2022-25986

Browse restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of...

CVE-2022-33631

Microsoft Excel Security Feature Bypass...

CVE-2022-33648

Microsoft Excel Remote Code Execution...

CVE-2022-34717

Microsoft Office Remote Code Execution...

CVE-2022-33632

Microsoft Office Security Feature Bypass...

CVE-2022-30173

Microsoft Excel Remote Code Execution...

CVE-2022-30159

Microsoft Office Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-30171,...

CVE-2022-30171

Microsoft Office Information Disclosure...

CVE-2022-30172

Microsoft Office Information Disclosure...

CVE-2022-30174

Microsoft Office Remote Code Execution...

CVE-2021-40399

An exploitable use-after-free vulnerability exists in WPS Spreadsheets ( ET ) as part of WPS Office, version 11.2.0.10351. A specially-crafted XLS file can cause a use-after-free condition, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger...

CVE-2022-29110

Microsoft Excel Remote Code Execution...

CVE-2022-26934

Windows Graphics Component Information Disclosure...

CVE-2022-29109

Microsoft Excel Remote Code Execution...

CVE-2022-29107

Microsoft Office Security Feature Bypass...

CVE-2022-26901

Microsoft Excel Remote Code Execution...

CVE-2022-24473

Microsoft Excel Remote Code Execution...

CVE-2022-25969

The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the...

CVE-2022-26081

The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the...

CVE-2022-24461

Microsoft Office Visio Remote Code Execution...

CVE-2022-24511

Microsoft Office Word Tampering...

CVE-2022-24510

Microsoft Office Visio Remote Code Execution...

CVE-2022-24462

Microsoft Word Security Feature Bypass...

CVE-2022-24509

Microsoft Office Visio Remote Code Execution...

CVE-2022-25943

The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is...

CVE-2022-22003

Microsoft Office Graphics Remote Code Execution...

CVE-2022-23252

Microsoft Office Information Disclosure...

CVE-2022-22004

Microsoft Office ClickToRun Remote Code Execution...

CVE-2022-21988

Microsoft Office Visio Remote Code Execution...

CVE-2022-22716

Microsoft Excel Information Disclosure...

CVE-2021-20877

Cross-site scripting vulnerability in Canon laser printers and small office multifunctional printers (LBP162L/LBP162, MF4890dw, MF269dw/MF265dw/MF264dw/MF262dw, MF249dw/MF245dw/MF244dw/MF242dw/MF232w, and MF229dw/MF224dw/MF222dw sold in Japan, imageCLASS MF Series...