Skip to main content

Onenote

10 CVEs product

Monthly

CVE-2025-29822 HIGH This Week

Incomplete list of disallowed inputs in Microsoft Office OneNote allows an unauthorized attacker to bypass a security feature locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Office Office Long Term Servicing Channel Onenote
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2024-41159 HIGH POC This Week

A library injection vulnerability exists in Microsoft OneNote 16.83 for macOS. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apple Jwt Attack Microsoft Onenote
NVD
CVSS 3.1
7.1
EPSS
0.8%
CVE-2023-36769 MEDIUM PATCH This Month

Microsoft OneNote Spoofing Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Authentication Bypass Onenote
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-33140 MEDIUM POC PATCH This Month

Microsoft OneNote Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Authentication Bypass Onenote
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2023-21721 MEDIUM PATCH This Month

Microsoft OneNote Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Microsoft Authentication Bypass Onenote
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2017-8509 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Office Office Compatibility Pack Office Web Apps +5
NVD
CVSS 3.0
8.8
EPSS
5.6%
CVE-2017-0197 HIGH PATCH Act Now

Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office DLL Loading Vulnerability.". Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 27.8%.

RCE Microsoft Onenote
NVD
CVSS 3.0
7.8
EPSS
27.8%
CVE-2016-3315 MEDIUM This Month

Microsoft OneNote 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to obtain sensitive information via a crafted OneNote file, aka "Microsoft OneNote. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 34.7% and no vendor patch available.

Information Disclosure Microsoft Onenote Onenote For Mac
NVD
CVSS 3.0
5.5
EPSS
34.7%
CVE-2015-2503 CRITICAL Act Now

Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 15.5% and no vendor patch available.

Privilege Escalation Microsoft Access Excel Infopath +11
NVD
CVSS 2.0
9.3
EPSS
15.5%
CVE-2014-2815 HIGH PATCH Act Now

Microsoft OneNote 2007 SP3 allows remote attackers to execute arbitrary code via a crafted OneNote file that triggers creation of an executable file in a startup folder, aka "OneNote Remote Code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 19.6%.

RCE Microsoft Onenote
NVD
CVSS 3.1
8.8
EPSS
19.6%
EPSS 1% CVSS 7.8
HIGH This Week

Incomplete list of disallowed inputs in Microsoft Office OneNote allows an unauthorized attacker to bypass a security feature locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Office +2
NVD
EPSS 1% CVSS 7.1
HIGH POC This Week

A library injection vulnerability exists in Microsoft OneNote 16.83 for macOS. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apple Jwt Attack +2
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Microsoft OneNote Spoofing Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Authentication Bypass Onenote
NVD
EPSS 2% CVSS 6.5
MEDIUM POC PATCH This Month

Microsoft OneNote Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Authentication Bypass Onenote
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Microsoft OneNote Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Microsoft Authentication Bypass Onenote
NVD
EPSS 6% CVSS 8.8
HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Office +7
NVD
EPSS 28% CVSS 7.8
HIGH PATCH Act Now

Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office DLL Loading Vulnerability.". Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 27.8%.

RCE Microsoft Onenote
NVD
EPSS 35% CVSS 5.5
MEDIUM This Month

Microsoft OneNote 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to obtain sensitive information via a crafted OneNote file, aka "Microsoft OneNote. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 34.7% and no vendor patch available.

Information Disclosure Microsoft Onenote +1
NVD
EPSS 15% CVSS 9.3
CRITICAL Act Now

Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 15.5% and no vendor patch available.

Privilege Escalation Microsoft Access +13
NVD
EPSS 20% CVSS 8.8
HIGH PATCH Act Now

Microsoft OneNote 2007 SP3 allows remote attackers to execute arbitrary code via a crafted OneNote file that triggers creation of an executable file in a startup folder, aka "OneNote Remote Code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 19.6%.

RCE Microsoft Onenote
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy