Office Online Server Security Vulnerabilities and Issues — Page 3 of Office Online Server CVE List

Lucene search

MicrosoftOffice Online Server

140 matches found

CVE•added 2016/09/14 10:59 a.m.•88 views

CVE-2016-3358

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Automation Services on SharePoint Server 2013 S...

9.3CVSS7.7AI score0.28595EPSS

CVE•added 2017/09/13 1:29 a.m.•88 views

CVE-2017-8743

A remote code execution vulnerability exists in Microsoft PowerPoint 2016, Microsoft SharePoint Enterprise Server 2016, and Office Online Server when they fail to properly handle objects in memory, aka "PowerPoint Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8742.

9.3CVSS7.8AI score0.32412EPSS

CVE•added 2019/11/12 7:15 p.m.•87 views

CVE-2019-1445

A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications handlers correctly, aka 'Microsoft Office Online Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1447.

5.8CVSS5.5AI score0.00583EPSS

CVE•added 2021/02/25 11:15 p.m.•87 views

CVE-2021-24069

Microsoft Excel Remote Code Execution Vulnerability

7.8CVSS7.6AI score0.01129EPSS

CVE•added 2025/01/14 6:16 p.m.•87 views

CVE-2025-21354

Microsoft Excel Remote Code Execution Vulnerability

8.4CVSS7.8AI score0.00315EPSS

CVE•added 2021/02/25 11:15 p.m.•86 views

CVE-2021-24070

Microsoft Excel Remote Code Execution Vulnerability

7.8CVSS7.6AI score0.02597EPSS

CVE•added 2025/04/08 6:15 p.m.•85 views

CVE-2025-26642

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.

7.8CVSS7.4AI score0.001EPSS

CVE•added 2022/06/15 10:15 p.m.•84 views

CVE-2022-30159

Microsoft Office Information Disclosure Vulnerability

5.5CVSS5.7AI score0.02947EPSS

CVE•added 2025/03/11 5:16 p.m.•84 views

CVE-2025-24081

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

7.8CVSS8AI score0.00158EPSS

CVE•added 2017/06/15 1:29 a.m.•82 views

CVE-2017-8512

A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-0260, and CVE-2017-8506.

9.3CVSS7.2AI score0.36403EPSS

CVE•added 2023/07/11 6:15 p.m.•82 views

CVE-2023-33162

Microsoft Excel Information Disclosure Vulnerability

5.5CVSS5.4AI score0.00499EPSS

CVE•added 2024/09/10 5:15 p.m.•81 views

CVE-2024-43465

Microsoft Excel Elevation of Privilege Vulnerability

7.8CVSS7.6AI score0.00634EPSS

CVE•added 2021/03/11 4:15 p.m.•80 views

CVE-2021-27054

Microsoft Excel Remote Code Execution Vulnerability

7.8CVSS7.6AI score0.0356EPSS

CVE•added 2016/07/13 1:59 a.m.•77 views

CVE-2016-3282

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Shar...

9.3CVSS7.6AI score0.41944EPSS

CVE•added 2017/07/11 9:29 p.m.•77 views

CVE-2017-8501

Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8502.

9.3CVSS7.8AI score0.29765EPSS

CVE•added 2019/11/12 7:15 p.m.•76 views

CVE-2019-1447

5.8CVSS5.5AI score0.00583EPSS

CVE•added 2018/03/14 5:29 p.m.•72 views

CVE-2018-0919

Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint...

4.3CVSS4.9AI score0.06725EPSS

CVE•added 2025/03/11 5:16 p.m.•71 views

CVE-2025-24082

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

7.8CVSS7.6AI score0.00158EPSS

CVE•added 2025/04/08 6:16 p.m.•71 views

CVE-2025-27746

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

7.8CVSS7.8AI score0.00079EPSS

CVE•added 2016/09/14 10:59 a.m.•70 views

CVE-2016-3362

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Automation Services on SharePoint Server 2013 SP1, and Office Onlin...

9.3CVSS7.6AI score0.21695EPSS

CVE•added 2020/07/14 11:15 p.m.•70 views

CVE-2020-1442

A spoofing vulnerability exists when an Office Web Apps server does not properly sanitize a specially crafted request, aka 'Office Web Apps XSS Vulnerability'.

6.1CVSS6.2AI score0.00607EPSS

CVE•added 2018/03/14 5:29 p.m.•68 views

CVE-2018-0922

Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013...

9.3CVSS7.8AI score0.19242EPSS

CVE•added 2025/02/11 6:15 p.m.•67 views

CVE-2025-21394

Microsoft Excel Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.00131EPSS

CVE•added 2025/06/10 5:23 p.m.•64 views

CVE-2025-47165

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

7.8CVSS8AI score0.00355EPSS

CVE•added 2016/09/14 10:59 a.m.•62 views

CVE-2016-3365

9.3CVSS7.6AI score0.21695EPSS

CVE•added 2018/06/14 12:29 p.m.•62 views

CVE-2018-8247

An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web requests, aka "Microsoft Office Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Office Online Server. This CVE ID is unique from CVE-2...

5.8CVSS6.2AI score0.33533EPSS

CVE•added 2025/02/11 6:15 p.m.•62 views

CVE-2025-21390

Microsoft Excel Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.00131EPSS

CVE•added 2025/03/11 5:16 p.m.•62 views

CVE-2025-24075

Stack-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

7.8CVSS7.9AI score0.00149EPSS

CVE•added 2025/05/13 5:16 p.m.•61 views

CVE-2025-30377

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

8.4CVSS8.9AI score0.00066EPSS

CVE•added 2025/02/11 6:15 p.m.•59 views

CVE-2025-21386

Microsoft Excel Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.00131EPSS

CVE•added 2025/05/13 5:16 p.m.•52 views

CVE-2025-30383

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

7.8CVSS7.5AI score0.00153EPSS

CVE•added 2025/05/13 5:15 p.m.•49 views

CVE-2025-29979

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

7.8CVSS8.1AI score0.00079EPSS

CVE•added 2025/05/13 5:15 p.m.•48 views

CVE-2025-30375

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

7.8CVSS7.5AI score0.00153EPSS

CVE•added 2025/05/13 5:16 p.m.•48 views

CVE-2025-30376

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

7.8CVSS8AI score0.00079EPSS

CVE•added 2025/05/13 5:16 p.m.•46 views

CVE-2025-30379

Release of invalid pointer or reference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

7.8CVSS7.5AI score0.00079EPSS

CVE•added 2025/05/13 5:15 p.m.•45 views

CVE-2025-29977

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

7.8CVSS8.2AI score0.00079EPSS

CVE•added 2025/05/13 5:16 p.m.•44 views

CVE-2025-30381

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

7.8CVSS7.6AI score0.00079EPSS

CVE•added 2025/07/08 5:15 p.m.•22 views

CVE-2025-49697

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

8.4CVSS7.3AI score0.00057EPSS

CVE•added 2025/07/08 5:15 p.m.•21 views

CVE-2025-49711

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

7.8CVSS7.3AI score0.00062EPSS

CVE•added 2025/07/08 5:15 p.m.•14 views

CVE-2025-48812

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

5.5CVSS6AI score0.00046EPSS

Total number of security vulnerabilities140