Skip to main content

Office Online Server

201 CVEs product

Monthly

CVE-2024-30042 HIGH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Microsoft 365 Apps Excel +3
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2023-36766 MEDIUM PATCH This Month

Microsoft Excel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft 365 Apps Excel +3
NVD
CVSS 3.1
5.5
EPSS
1.5%
CVE-2023-36896 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow 365 Apps +3
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2023-35371 HIGH PATCH This Week

Microsoft Office Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft 365 Apps Office Office Long Term Servicing Channel +1
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2023-33162 MEDIUM PATCH This Month

Microsoft Excel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Microsoft Information Disclosure Buffer Overflow 365 Apps Office +2
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2023-33137 HIGH POC PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Microsoft Office Office Online Server
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
2.7%
CVE-2023-33133 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow 365 Apps +3
NVD
CVSS 3.1
7.8
EPSS
44.0%
CVE-2023-32029 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

RCE Buffer Overflow Information Disclosure Microsoft 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
53.5%
CVE-2023-24953 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Microsoft 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-23399 HIGH POC PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Buffer Overflow Information Disclosure Microsoft 365 Apps +5
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
2.5%
CVE-2023-23396 MEDIUM PATCH This Month

Microsoft Excel Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Microsoft Office Online Server Office Web Apps Server
NVD
CVSS 3.1
6.5
EPSS
3.8%
CVE-2023-21716 CRITICAL POC PATCH THREAT Act Now

Microsoft Word Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow RCE Microsoft Office Office Long Term Servicing Channel +6
NVD
CVSS 3.1
9.8
EPSS
82.3%
CVE-2022-41106 HIGH Act Now

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 17.6% and no vendor patch available.

Microsoft RCE 365 Apps Excel Office +3
NVD VulDB
CVSS 3.1
8.8
EPSS
17.6%
CVE-2022-41103 MEDIUM This Month

Microsoft Word Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure 365 Apps Office Office Long Term Servicing Channel +5
NVD VulDB
CVSS 3.1
5.5
EPSS
1.6%
CVE-2022-41063 HIGH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE 365 Apps Excel Office +3
NVD VulDB
CVSS 3.1
7.8
EPSS
2.3%
CVE-2022-41061 HIGH This Week

Microsoft Word Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Code Injection 365 Apps Office +6
NVD VulDB
CVSS 3.1
7.8
EPSS
1.2%
CVE-2022-41060 MEDIUM This Month

Microsoft Word Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure 365 Apps Office Office Long Term Servicing Channel +5
NVD VulDB
CVSS 3.1
5.5
EPSS
1.7%
CVE-2022-33648 HIGH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Office Online Server
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-30172 MEDIUM PATCH This Month

Microsoft Office Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Office Online Server Office Web Apps Server Sharepoint Server
NVD
CVSS 3.1
5.5
EPSS
2.4%
CVE-2022-30171 MEDIUM PATCH This Month

Microsoft Office Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Office Online Server Office Web Apps Server Sharepoint Server
NVD
CVSS 3.1
5.5
EPSS
2.3%
CVE-2022-30159 MEDIUM PATCH This Month

Microsoft Office Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Office Online Server Office Web Apps Server Sharepoint Server
NVD
CVSS 3.1
5.5
EPSS
2.4%
CVE-2022-29109 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps Office Office Long Term Servicing Channel +1
NVD VulDB
CVSS 3.1
7.8
EPSS
2.4%
CVE-2022-26901 HIGH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE 365 Apps Excel Excel Rt +4
NVD VulDB
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-21840 HIGH This Week

Microsoft Office Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Excel Office Office Long Term Servicing Channel +4
NVD VulDB
CVSS 3.1
8.8
EPSS
9.5%
CVE-2021-43256 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps Excel Excel Rt +4
NVD VulDB
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-40442 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps Excel Office +4
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2021-40486 HIGH PATCH This Week

Microsoft Word Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Office Office Online Server Office Web Apps Server +3
NVD
CVSS 3.1
7.8
EPSS
5.7%
CVE-2021-40485 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Microsoft 365 Apps Excel +4
NVD
CVSS 3.1
7.8
EPSS
2.5%
CVE-2021-40474 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps Excel Office +3
NVD
CVSS 3.1
7.8
EPSS
2.2%
CVE-2021-40472 MEDIUM PATCH This Month

Microsoft Excel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure 365 Apps Excel Office +3
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-38655 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft Memory Corruption RCE 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
4.9%
CVE-2021-34451 MEDIUM PATCH This Month

Microsoft Office Online Server Spoofing Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Office Online Server
NVD
CVSS 3.1
5.3
EPSS
1.7%
CVE-2021-34501 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps Excel Office +1
NVD
CVSS 3.1
7.8
EPSS
53.2%
CVE-2021-31939 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps Excel Office +2
NVD
CVSS 3.1
7.8
EPSS
13.3%
CVE-2021-31179 HIGH PATCH This Week

Microsoft Office Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps Excel Office +2
NVD
CVSS 3.1
7.8
EPSS
13.5%
CVE-2021-31178 MEDIUM PATCH This Month

Microsoft Office Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Integer Overflow Information Disclosure Microsoft 365 Apps Excel +4
NVD
CVSS 3.1
5.5
EPSS
16.0%
CVE-2021-31177 HIGH PATCH This Week

Microsoft Office Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft Memory Corruption RCE 365 Apps +5
NVD
CVSS 3.1
7.8
EPSS
3.1%
CVE-2021-31176 HIGH PATCH This Week

Microsoft Office Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft Memory Corruption RCE 365 Apps +3
NVD
CVSS 3.1
7.8
EPSS
3.0%
CVE-2021-31175 HIGH PATCH This Week

Microsoft Office Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft Memory Corruption RCE 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
3.2%
CVE-2021-31174 MEDIUM PATCH This Month

Microsoft Excel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Microsoft Information Disclosure 365 Apps Excel +3
NVD
CVSS 3.1
5.5
EPSS
2.9%
CVE-2021-28456 MEDIUM PATCH This Month

Microsoft Excel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure 365 Apps Excel Office +2
NVD
CVSS 3.1
5.5
EPSS
3.7%
CVE-2021-28454 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft Memory Corruption RCE 365 Apps +3
NVD
CVSS 3.1
7.8
EPSS
3.1%
CVE-2021-28453 HIGH PATCH This Week

Microsoft Word Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps Office Office Online Server +4
NVD
CVSS 3.1
7.8
EPSS
4.1%
CVE-2021-28451 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps Excel Office +2
NVD
CVSS 3.1
7.8
EPSS
2.4%
CVE-2021-27057 HIGH PATCH This Week

Microsoft Office Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps Excel Office +2
NVD
CVSS 3.1
7.8
EPSS
3.1%
CVE-2021-27054 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps Excel Office +2
NVD
CVSS 3.1
7.8
EPSS
3.1%
CVE-2021-27053 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps Excel Office +2
NVD
CVSS 3.1
7.8
EPSS
3.6%
CVE-2021-24070 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft Memory Corruption RCE 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2021-24069 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps Excel Office +2
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2021-24067 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft Memory Corruption RCE 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2021-1716 HIGH This Week

Microsoft Word Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE 365 Apps Office Office Online Server +5
NVD
CVSS 3.1
7.8
EPSS
3.6%
CVE-2021-1715 HIGH This Week

Microsoft Word Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Memory Corruption RCE 365 Apps +7
NVD
CVSS 3.1
7.8
EPSS
3.6%
CVE-2021-1714 HIGH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Excel Services 365 Apps Excel +4
NVD
CVSS 3.1
7.8
EPSS
3.1%
CVE-2021-1713 HIGH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE 365 Apps Excel +3
NVD
CVSS 3.1
7.8
EPSS
3.1%
CVE-2020-17129 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft 365 Apps Excel Office +2
NVD
CVSS 3.1
7.8
EPSS
3.3%
CVE-2020-17128 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft 365 Apps Excel Office +2
NVD
CVSS 3.1
7.8
EPSS
2.6%
CVE-2020-17126 MEDIUM PATCH This Month

Microsoft Excel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure 365 Apps Excel Office +2
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2020-17125 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft 365 Apps Excel Office +2
NVD
CVSS 3.1
7.8
EPSS
3.3%
CVE-2020-17123 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft 365 Apps Excel Office Online Server +1
NVD
CVSS 3.1
7.8
EPSS
3.6%
CVE-2020-17065 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft 365 Apps Excel Office +2
NVD
CVSS 3.1
7.8
EPSS
3.8%
CVE-2020-16932 HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

RCE Microsoft 365 Apps Excel Office +2
NVD
CVSS 3.1
7.8
EPSS
4.8%
CVE-2020-16931 HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

RCE Microsoft 365 Apps Excel Office +2
NVD
CVSS 3.1
7.8
EPSS
4.8%
CVE-2020-16929 HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Microsoft Use After Free Memory Corruption RCE 365 Apps +7
NVD
CVSS 3.1
7.8
EPSS
3.7%
CVE-2020-1338 HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft 365 Apps Office Office Online Server +1
NVD
CVSS 3.1
7.8
EPSS
3.7%
CVE-2020-1335 HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft 365 Apps Excel Office +3
NVD
CVSS 3.1
7.8
EPSS
3.7%
CVE-2020-1224 MEDIUM PATCH This Month

<p>An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure 365 Apps Excel Office +3
NVD
CVSS 3.1
5.5
EPSS
4.4%
CVE-2020-1218 HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft 365 Apps Office Office Online Server +4
NVD
CVSS 3.1
7.8
EPSS
3.6%
CVE-2020-1583 HIGH PATCH This Week

An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure 365 Apps Office Office Online Server +4
NVD
CVSS 3.1
8.8
EPSS
4.9%
CVE-2020-1503 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure 365 Apps Office Office Online Server +4
NVD
CVSS 3.1
5.5
EPSS
4.6%
CVE-2020-1502 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure 365 Apps Office Office Online Server +1
NVD
CVSS 3.1
5.5
EPSS
4.6%
CVE-2020-1495 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft 365 Apps Excel Office +3
NVD
CVSS 3.1
8.8
EPSS
4.2%
CVE-2020-1448 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Office Office Online Server Office Web Apps +4
NVD
CVSS 3.1
8.8
EPSS
10.0%
CVE-2020-1447 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft 365 Apps Office Office Online Server +5
NVD
CVSS 3.1
8.8
EPSS
10.7%
CVE-2020-1446 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft 365 Apps Office Office Online Server +5
NVD
CVSS 3.1
8.8
EPSS
11.3%
CVE-2020-1445 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka 'Microsoft Office Information Disclosure Vulnerability'. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure 365 Apps Office Office Online Server +3
NVD
CVSS 3.1
5.5
EPSS
6.1%
CVE-2020-1442 MEDIUM PATCH This Month

A spoofing vulnerability exists when an Office Web Apps server does not properly sanitize a specially crafted request, aka 'Office Web Apps XSS Vulnerability'. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Office Online Server Office Web Apps
NVD
CVSS 3.1
6.1
EPSS
1.7%
CVE-2020-1342 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka 'Microsoft. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Microsoft Information Disclosure 365 Apps Office +5
NVD
CVSS 3.1
5.5
EPSS
6.4%
CVE-2020-0980 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Office Office 365 Proplus Office Online Server +4
NVD
CVSS 3.1
7.8
EPSS
11.5%
CVE-2020-0892 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Office Office 365 Proplus Office Online Server +5
NVD
CVSS 3.1
7.8
EPSS
11.5%
CVE-2020-0852 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Office Office Online Server Sharepoint Server
NVD
CVSS 3.1
7.8
EPSS
11.7%
CVE-2020-0850 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Office Office 365 Proplus Office Online Server +4
NVD
CVSS 3.1
8.8
EPSS
8.6%
CVE-2020-0695 MEDIUM PATCH This Month

A spoofing vulnerability exists when Office Online Server does not validate origin in cross-origin communications correctly, aka 'Microsoft Office Online Server Spoofing Vulnerability'. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Office Online Server
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2020-0647 MEDIUM PATCH This Month

A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications correctly, aka 'Microsoft Office Online Spoofing Vulnerability'. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Office Online Server
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2019-1447 MEDIUM PATCH This Month

A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications handlers correctly, aka 'Microsoft Office Online Spoofing Vulnerability'. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Office Online Server
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2019-1446 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Excel Office Office 365 +3
NVD
CVSS 3.1
5.5
EPSS
8.4%
CVE-2019-1445 MEDIUM PATCH This Month

A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications handlers correctly, aka 'Microsoft Office Online Spoofing Vulnerability'. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Office Online Server
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2019-1331 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Excel Office Office 365 Proplus +2
NVD
CVSS 3.1
8.8
EPSS
17.9%
CVE-2019-1205 CRITICAL PATCH Act Now

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Office Office 365 Proplus Office Online Server +1
NVD
CVSS 3.1
9.8
EPSS
4.0%
CVE-2019-1201 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Office Office 365 Proplus Office Online Server +5
NVD
CVSS 3.0
7.8
EPSS
4.9%
CVE-2019-1035 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Office Office 365 Proplus Office Online Server +1
NVD
CVSS 3.1
7.8
EPSS
6.6%
EPSS 2% CVSS 7.8
HIGH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Microsoft +5
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Microsoft Excel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft +5
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Buffer Overflow Microsoft +5
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Microsoft Office Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft 365 Apps +3
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Microsoft Excel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Microsoft Information Disclosure Buffer Overflow +4
NVD
EPSS 3% CVSS 7.8
HIGH POC PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Microsoft Office +1
NVD Exploit-DB
EPSS 44% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Buffer Overflow Microsoft +5
NVD
EPSS 54% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

RCE Buffer Overflow Information Disclosure +6
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption +6
NVD
EPSS 3% CVSS 7.8
HIGH POC PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Buffer Overflow Information Disclosure +7
NVD Exploit-DB
EPSS 4% CVSS 6.5
MEDIUM PATCH This Month

Microsoft Excel Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Microsoft Office Online Server +1
NVD
EPSS 82% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Microsoft Word Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow RCE Microsoft +8
NVD
EPSS 18% CVSS 8.8
HIGH Act Now

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 17.6% and no vendor patch available.

Microsoft RCE 365 Apps +5
NVD VulDB
EPSS 2% CVSS 5.5
MEDIUM This Month

Microsoft Word Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure 365 Apps +7
NVD VulDB
EPSS 2% CVSS 7.8
HIGH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE 365 Apps +5
NVD VulDB
EPSS 1% CVSS 7.8
HIGH This Week

Microsoft Word Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Code Injection +8
NVD VulDB
EPSS 2% CVSS 5.5
MEDIUM This Month

Microsoft Word Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure 365 Apps +7
NVD VulDB
EPSS 1% CVSS 7.8
HIGH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Office Online Server
NVD
EPSS 2% CVSS 5.5
MEDIUM PATCH This Month

Microsoft Office Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Office Online Server +2
NVD
EPSS 2% CVSS 5.5
MEDIUM PATCH This Month

Microsoft Office Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Office Online Server +2
NVD
EPSS 2% CVSS 5.5
MEDIUM PATCH This Month

Microsoft Office Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Office Online Server +2
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps +3
NVD VulDB
EPSS 1% CVSS 7.8
HIGH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE 365 Apps +6
NVD VulDB
EPSS 9% CVSS 8.8
HIGH This Week

Microsoft Office Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Excel +6
NVD VulDB
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps +6
NVD VulDB
EPSS 2% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps +6
NVD
EPSS 6% CVSS 7.8
HIGH PATCH This Week

Microsoft Word Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Office +5
NVD
EPSS 3% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Microsoft +6
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps +5
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Microsoft Excel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure 365 Apps +5
NVD
EPSS 5% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft Memory Corruption +6
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

Microsoft Office Online Server Spoofing Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Office Online Server
NVD
EPSS 53% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps +3
NVD
EPSS 13% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps +4
NVD
EPSS 13% CVSS 7.8
HIGH PATCH This Week

Microsoft Office Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps +4
NVD
EPSS 16% CVSS 5.5
MEDIUM PATCH This Month

Microsoft Office Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Integer Overflow Information Disclosure Microsoft +6
NVD
EPSS 3% CVSS 7.8
HIGH PATCH This Week

Microsoft Office Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft Memory Corruption +7
NVD
EPSS 3% CVSS 7.8
HIGH PATCH This Week

Microsoft Office Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft Memory Corruption +5
NVD
EPSS 3% CVSS 7.8
HIGH PATCH This Week

Microsoft Office Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft Memory Corruption +6
NVD
EPSS 3% CVSS 5.5
MEDIUM PATCH This Month

Microsoft Excel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Microsoft Information Disclosure +5
NVD
EPSS 4% CVSS 5.5
MEDIUM PATCH This Month

Microsoft Excel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure 365 Apps +4
NVD
EPSS 3% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft Memory Corruption +5
NVD
EPSS 4% CVSS 7.8
HIGH PATCH This Week

Microsoft Word Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps +6
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps +4
NVD
EPSS 3% CVSS 7.8
HIGH PATCH This Week

Microsoft Office Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps +4
NVD
EPSS 3% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps +4
NVD
EPSS 4% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps +4
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft Memory Corruption +6
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps +4
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft Memory Corruption +6
NVD
EPSS 4% CVSS 7.8
HIGH This Week

Microsoft Word Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE 365 Apps +7
NVD
EPSS 4% CVSS 7.8
HIGH This Week

Microsoft Word Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Memory Corruption +9
NVD
EPSS 3% CVSS 7.8
HIGH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Excel Services +6
NVD
EPSS 3% CVSS 7.8
HIGH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE +5
NVD
EPSS 3% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft 365 Apps +4
NVD
EPSS 3% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft 365 Apps +4
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Microsoft Excel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure 365 Apps +4
NVD
EPSS 3% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft 365 Apps +4
NVD
EPSS 4% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft 365 Apps +3
NVD
EPSS 4% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft 365 Apps +4
NVD
EPSS 5% CVSS 7.8
HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

RCE Microsoft 365 Apps +4
NVD
EPSS 5% CVSS 7.8
HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

RCE Microsoft 365 Apps +4
NVD
EPSS 4% CVSS 7.8
HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Microsoft Use After Free Memory Corruption +9
NVD
EPSS 4% CVSS 7.8
HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft 365 Apps +3
NVD
EPSS 4% CVSS 7.8
HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft 365 Apps +5
NVD
EPSS 4% CVSS 5.5
MEDIUM PATCH This Month

<p>An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure 365 Apps +5
NVD
EPSS 4% CVSS 7.8
HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft 365 Apps +6
NVD
EPSS 5% CVSS 8.8
HIGH PATCH This Week

An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure 365 Apps +6
NVD
EPSS 5% CVSS 5.5
MEDIUM PATCH This Month

An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure 365 Apps +6
NVD
EPSS 5% CVSS 5.5
MEDIUM PATCH This Month

An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure 365 Apps +3
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft 365 Apps +5
NVD
EPSS 10% CVSS 8.8
HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Office +6
NVD
EPSS 11% CVSS 8.8
HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft 365 Apps +7
NVD
EPSS 11% CVSS 8.8
HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft 365 Apps +7
NVD
EPSS 6% CVSS 5.5
MEDIUM PATCH This Month

An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka 'Microsoft Office Information Disclosure Vulnerability'. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure 365 Apps +5
NVD
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

A spoofing vulnerability exists when an Office Web Apps server does not properly sanitize a specially crafted request, aka 'Office Web Apps XSS Vulnerability'. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Office Online Server +1
NVD
EPSS 6% CVSS 5.5
MEDIUM PATCH This Month

An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka 'Microsoft. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Microsoft Information Disclosure +7
NVD
EPSS 12% CVSS 7.8
HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Office +6
NVD
EPSS 12% CVSS 7.8
HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Office +7
NVD
EPSS 12% CVSS 7.8
HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Office +2
NVD
EPSS 9% CVSS 8.8
HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Office +6
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

A spoofing vulnerability exists when Office Online Server does not validate origin in cross-origin communications correctly, aka 'Microsoft Office Online Server Spoofing Vulnerability'. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Office Online Server
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications correctly, aka 'Microsoft Office Online Spoofing Vulnerability'. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Office Online Server
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications handlers correctly, aka 'Microsoft Office Online Spoofing Vulnerability'. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Office Online Server
NVD
EPSS 8% CVSS 5.5
MEDIUM PATCH This Month

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Excel +5
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications handlers correctly, aka 'Microsoft Office Online Spoofing Vulnerability'. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Office Online Server
NVD
EPSS 18% CVSS 8.8
HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Excel +4
NVD
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Office +3
NVD
EPSS 5% CVSS 7.8
HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Office +7
NVD
EPSS 7% CVSS 7.8
HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Office +3
NVD
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy