Office Online Server Security Vulnerabilities and Issues — Page 2 of Office Online Server CVE List

Lucene search

MicrosoftOffice Online Server

140 matches found

CVE•added 2020/12/10 12:15 a.m.•126 views

CVE-2020-17125

Microsoft Excel Remote Code Execution Vulnerability

9.3CVSS7.8AI score0.06001EPSS

CVE•added 2025/01/14 6:16 p.m.•126 views

CVE-2025-21362

Microsoft Excel Remote Code Execution Vulnerability

8.4CVSS7.8AI score0.00415EPSS

CVE•added 2019/06/12 2:29 p.m.•121 views

CVE-2019-1035

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the fi...

9.3CVSS7.6AI score0.13047EPSS

CVE•added 2020/08/17 7:15 p.m.•121 views

CVE-2020-1495

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administ...

9.3CVSS8.7AI score0.15901EPSS

CVE•added 2020/03/12 4:15 p.m.•120 views

CVE-2020-0852

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0850, CVE-2020-0851, CVE-2020-0855, CVE-2020-0892.

9.3CVSS8AI score0.33652EPSS

CVE•added 2021/04/13 8:15 p.m.•120 views

CVE-2021-28454

Microsoft Excel Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.03974EPSS

CVE•added 2021/05/11 7:15 p.m.•120 views

CVE-2021-31174

Microsoft Excel Information Disclosure Vulnerability

5.5CVSS6.1AI score0.00503EPSS

CVE•added 2019/05/16 7:29 p.m.•119 views

CVE-2019-0953

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'.

9.3CVSS7.9AI score0.25636EPSS

CVE•added 2021/01/12 8:15 p.m.•119 views

CVE-2021-1713

Microsoft Excel Remote Code Execution Vulnerability

7.8CVSS7.6AI score0.02899EPSS

CVE•added 2017/09/13 1:29 a.m.•118 views

CVE-2017-8631

A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Office Compatibility...

9.3CVSS7.6AI score0.27499EPSS

CVE•added 2020/04/15 3:15 p.m.•118 views

CVE-2020-0980

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'.

9.3CVSS8.3AI score0.33652EPSS

CVE•added 2021/04/13 8:15 p.m.•116 views

CVE-2021-28451

Microsoft Excel Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.04005EPSS

CVE•added 2021/10/13 1:15 a.m.•116 views

CVE-2021-40472

Microsoft Excel Information Disclosure Vulnerability

5.5CVSS5.9AI score0.00461EPSS

CVE•added 2022/11/09 10:15 p.m.•116 views

CVE-2022-41061

Microsoft Word Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.00249EPSS

CVE•added 2021/10/13 1:15 a.m.•115 views

CVE-2021-40485

Microsoft Excel Remote Code Execution Vulnerability

7.8CVSS7.7AI score0.00865EPSS

CVE•added 2024/05/14 5:17 p.m.•114 views

CVE-2024-30042

Microsoft Excel Remote Code Execution Vulnerability

7.8CVSS7AI score0.00388EPSS

CVE•added 2020/07/14 11:15 p.m.•113 views

CVE-2020-1342

An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1445.

5.5CVSS6AI score0.28299EPSS

CVE•added 2021/06/08 11:15 p.m.•111 views

CVE-2021-31939

Microsoft Excel Remote Code Execution Vulnerability

7.8CVSS7.7AI score0.04196EPSS

CVE•added 2020/03/12 4:15 p.m.•110 views

CVE-2020-0892

9.3CVSS8AI score0.33652EPSS

CVE•added 2020/08/17 7:15 p.m.•110 views

CVE-2020-1503

An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.To exploit the vulnerability, an attacker could craft a special documen...

5.5CVSS6.3AI score0.25763EPSS

CVE•added 2021/01/12 8:15 p.m.•110 views

CVE-2021-1716

Microsoft Word Remote Code Execution Vulnerability

9.3CVSS7.8AI score0.03413EPSS

CVE•added 2018/01/10 1:29 a.m.•109 views

CVE-2018-0792

Microsoft Word 2016 in Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0794.

9.3CVSS8.8AI score0.60791EPSS

CVE•added 2022/06/15 10:15 p.m.•109 views

CVE-2022-30171

Microsoft Office Information Disclosure Vulnerability

5.5CVSS6.2AI score0.04622EPSS

CVE•added 2022/11/09 10:15 p.m.•109 views

CVE-2022-41106

Microsoft Excel Remote Code Execution Vulnerability

8.8CVSS8.2AI score0.03241EPSS

CVE•added 2020/09/11 5:15 p.m.•107 views

CVE-2020-1224

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.To exploit the vulnerability, an attacker could craft a spec...

5.5CVSS5.9AI score0.21879EPSS

CVE•added 2021/04/13 8:15 p.m.•107 views

CVE-2021-28456

Microsoft Excel Information Disclosure Vulnerability

5.5CVSS5.9AI score0.04162EPSS

CVE•added 2019/10/10 2:15 p.m.•106 views

CVE-2019-1331

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1327.

9.3CVSS8.8AI score0.37247EPSS

CVE•added 2020/12/10 12:15 a.m.•103 views

CVE-2020-17126

Microsoft Excel Information Disclosure Vulnerability

5.5CVSS5.6AI score0.00456EPSS

CVE•added 2017/06/15 1:29 a.m.•102 views

CVE-2017-8511

A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506.

9.3CVSS7.2AI score0.36403EPSS

CVE•added 2020/09/11 5:15 p.m.•102 views

CVE-2020-1218

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the...

8.8CVSS7.7AI score0.07867EPSS

CVE•added 2020/07/14 11:15 p.m.•102 views

CVE-2020-1447

8.8CVSS8.8AI score0.43263EPSS

CVE•added 2022/11/09 10:15 p.m.•102 views

CVE-2022-41063

Microsoft Excel Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.00435EPSS

CVE•added 2022/11/09 10:15 p.m.•102 views

CVE-2022-41103

Microsoft Word Information Disclosure Vulnerability

5.5CVSS6.1AI score0.00285EPSS

CVE•added 2020/02/11 10:15 p.m.•100 views

CVE-2020-0695

A spoofing vulnerability exists when Office Online Server does not validate origin in cross-origin communications correctly, aka 'Microsoft Office Online Server Spoofing Vulnerability'.

5.8CVSS6AI score0.00583EPSS

CVE•added 2020/09/11 5:15 p.m.•100 views

CVE-2020-1335

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with admin...

8.8CVSS7.8AI score0.07867EPSS

CVE•added 2020/08/17 7:15 p.m.•100 views

CVE-2020-1502

5.5CVSS6.3AI score0.22521EPSS

CVE•added 2019/06/12 2:29 p.m.•99 views

CVE-2019-1034

9.3CVSS7.6AI score0.12927EPSS

CVE•added 2021/12/15 3:15 p.m.•99 views

CVE-2021-43256

Microsoft Excel Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.00768EPSS

CVE•added 2020/07/14 11:15 p.m.•97 views

CVE-2020-1448

8.8CVSS8.8AI score0.43263EPSS

CVE•added 2020/09/11 5:15 p.m.•96 views

CVE-2020-1338

8.8CVSS7.7AI score0.07867EPSS

CVE•added 2017/04/12 2:59 p.m.•94 views

CVE-2017-0195

Microsoft Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1 and Office Online Server allows remote attackers to perform cross-site scripting and run script with local user ...

5.4CVSS5.2AI score0.01103EPSS

CVE•added 2019/11/12 7:15 p.m.•94 views

CVE-2019-1446

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.

5.5CVSS5.6AI score0.08477EPSS

CVE•added 2020/07/14 11:15 p.m.•94 views

CVE-2020-1445

An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1342.

5.5CVSS6.1AI score0.28299EPSS

CVE•added 2025/02/11 6:15 p.m.•94 views

CVE-2025-21387

Microsoft Excel Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.00168EPSS

CVE•added 2021/03/11 4:15 p.m.•93 views

CVE-2021-27057

Microsoft Office Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.04203EPSS

CVE•added 2021/03/11 4:15 p.m.•92 views

CVE-2021-27053

Microsoft Excel Remote Code Execution Vulnerability