Office Online Server Security Vulnerabilities and Issues — Office Online Server CVE List

Lucene search

MicrosoftOffice Online Server

26 matches found

CVE•added 2022/06/15 10:15 p.m.•200 views

CVE-2022-30172

Microsoft Office Information Disclosure Vulnerability

5.5CVSS6AI score0.04622EPSS

CVE•added 2020/01/14 11:15 p.m.•130 views

CVE-2020-0647

A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications correctly, aka 'Microsoft Office Online Spoofing Vulnerability'.

5.8CVSS6AI score0.00578EPSS

CVE•added 2021/05/11 7:15 p.m.•130 views

CVE-2021-31178

Microsoft Office Information Disclosure Vulnerability

5.5CVSS6.1AI score0.14912EPSS

CVE•added 2021/07/16 9:15 p.m.•130 views

CVE-2021-34451

Microsoft Office Online Server Spoofing Vulnerability

5.3CVSS5.5AI score0.00456EPSS

CVE•added 2022/02/09 5:15 p.m.•130 views

CVE-2022-22716

Microsoft Excel Information Disclosure Vulnerability

5.5CVSS5.4AI score0.0158EPSS

CVE•added 2021/05/11 7:15 p.m.•120 views

CVE-2021-31174

Microsoft Excel Information Disclosure Vulnerability

5.5CVSS6.1AI score0.00503EPSS

CVE•added 2021/10/13 1:15 a.m.•116 views

CVE-2021-40472

Microsoft Excel Information Disclosure Vulnerability

5.5CVSS5.9AI score0.00461EPSS

CVE•added 2020/07/14 11:15 p.m.•113 views

CVE-2020-1342

An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1445.

5.5CVSS6AI score0.28299EPSS

CVE•added 2020/08/17 7:15 p.m.•110 views

CVE-2020-1503

An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.To exploit the vulnerability, an attacker could craft a special documen...

5.5CVSS6.3AI score0.25763EPSS

CVE•added 2022/06/15 10:15 p.m.•109 views

CVE-2022-30171

Microsoft Office Information Disclosure Vulnerability

5.5CVSS6.2AI score0.04622EPSS

CVE•added 2020/09/11 5:15 p.m.•107 views

CVE-2020-1224

<p>An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.</p><p>To exploit the vulnerability, an attacker could craft a spec...

5.5CVSS5.9AI score0.21879EPSS

CVE•added 2021/04/13 8:15 p.m.•107 views

CVE-2021-28456

Microsoft Excel Information Disclosure Vulnerability

5.5CVSS5.9AI score0.04162EPSS

CVE•added 2020/12/10 12:15 a.m.•103 views

CVE-2020-17126

Microsoft Excel Information Disclosure Vulnerability

5.5CVSS5.6AI score0.00456EPSS

CVE•added 2022/11/09 10:15 p.m.•102 views

CVE-2022-41103

Microsoft Word Information Disclosure Vulnerability

5.5CVSS6.1AI score0.00285EPSS

CVE•added 2020/02/11 10:15 p.m.•100 views

CVE-2020-0695

A spoofing vulnerability exists when Office Online Server does not validate origin in cross-origin communications correctly, aka 'Microsoft Office Online Server Spoofing Vulnerability'.

5.8CVSS6AI score0.00583EPSS

CVE•added 2020/08/17 7:15 p.m.•100 views

CVE-2020-1502

5.5CVSS6.3AI score0.22521EPSS

CVE•added 2017/04/12 2:59 p.m.•94 views

CVE-2017-0195

Microsoft Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1 and Office Online Server allows remote attackers to perform cross-site scripting and run script with local user ...

5.4CVSS5.2AI score0.01103EPSS

CVE•added 2019/11/12 7:15 p.m.•94 views

CVE-2019-1446

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.

5.5CVSS5.6AI score0.08477EPSS

CVE•added 2020/07/14 11:15 p.m.•94 views

CVE-2020-1445

An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1342.

5.5CVSS6.1AI score0.28299EPSS

CVE•added 2022/11/09 10:15 p.m.•91 views

CVE-2022-41060

Microsoft Word Information Disclosure Vulnerability

5.5CVSS6.1AI score0.00285EPSS

CVE•added 2019/11/12 7:15 p.m.•87 views

CVE-2019-1445

A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications handlers correctly, aka 'Microsoft Office Online Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1447.

5.8CVSS5.5AI score0.00583EPSS

CVE•added 2022/06/15 10:15 p.m.•84 views

CVE-2022-30159

Microsoft Office Information Disclosure Vulnerability

5.5CVSS5.7AI score0.02947EPSS

CVE•added 2023/07/11 6:15 p.m.•82 views

CVE-2023-33162

Microsoft Excel Information Disclosure Vulnerability

5.5CVSS5.4AI score0.00499EPSS

CVE•added 2019/11/12 7:15 p.m.•76 views

CVE-2019-1447

5.8CVSS5.5AI score0.00583EPSS

CVE•added 2018/06/14 12:29 p.m.•62 views

CVE-2018-8247

An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web requests, aka "Microsoft Office Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Office Online Server. This CVE ID is unique from CVE-2...

5.8CVSS6.2AI score0.33533EPSS

CVE•added 2025/07/08 5:15 p.m.•14 views

CVE-2025-48812

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

5.5CVSS6AI score0.00046EPSS