CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Microsoft » Office : Security Vulnerabilities (CVSS score between 2 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-29107 863 Bypass 2022-05-10 2022-05-19
4.3
None Remote Medium Not required Partial None None
Microsoft Office Security Feature Bypass Vulnerability.
2 CVE-2022-24462 Bypass 2022-03-09 2022-03-14
4.3
None Remote Medium Not required None Partial None
Microsoft Word Security Feature Bypass Vulnerability.
3 CVE-2022-23252 668 2022-02-09 2022-02-15
2.1
None Local Low Not required Partial None None
Microsoft Office Information Disclosure Vulnerability.
4 CVE-2022-22716 668 2022-02-09 2022-03-04
4.3
None Remote Medium Not required Partial None None
Microsoft Excel Information Disclosure Vulnerability.
5 CVE-2021-43255 2021-12-15 2022-01-01
4.3
None Remote Medium Not required None Partial None
Microsoft Office Trust Center Spoofing Vulnerability
6 CVE-2021-42295 668 2021-12-15 2022-02-10
4.3
None Remote Medium Not required Partial None None
Visual Basic for Applications Information Disclosure Vulnerability
7 CVE-2021-42293 269 2021-12-15 2022-02-10
5.0
None Remote Low Not required None None Partial
Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability
8 CVE-2021-40472 2021-10-13 2021-10-19
2.1
None Local Low Not required Partial None None
Microsoft Excel Information Disclosure Vulnerability
9 CVE-2021-40454 312 2021-10-13 2021-10-19
2.1
None Local Low Not required Partial None None
Rich Text Edit Control Information Disclosure Vulnerability
10 CVE-2021-38650 2021-09-15 2021-09-27
4.3
None Remote Medium Not required None Partial None
Microsoft Office Spoofing Vulnerability
11 CVE-2021-34469 863 Bypass 2021-07-14 2021-07-19
5.8
None Remote Medium Not required Partial Partial None
Microsoft Office Security Feature Bypass Vulnerability
12 CVE-2021-31178 200 +Info 2021-05-11 2021-05-17
4.3
None Remote Medium Not required Partial None None
Microsoft Office Information Disclosure Vulnerability
13 CVE-2021-31174 200 +Info 2021-05-11 2021-05-18
2.1
None Local Low Not required Partial None None
Microsoft Excel Information Disclosure Vulnerability
14 CVE-2021-28456 2021-04-13 2021-04-20
4.3
None Remote Medium Not required Partial None None
Microsoft Excel Information Disclosure Vulnerability
15 CVE-2020-17126 2020-12-10 2021-03-04
2.1
None Local Low Not required Partial None None
Microsoft Excel Information Disclosure Vulnerability
16 CVE-2020-17119 2020-12-10 2021-08-30
5.0
None Remote Low Not required Partial None None
Microsoft Outlook Information Disclosure Vulnerability
17 CVE-2020-17063 20 2020-11-11 2021-07-21
5.8
None Remote Medium Not required Partial Partial None
Microsoft Office Online Spoofing Vulnerability
18 CVE-2020-17020 287 Bypass 2020-11-11 2021-07-21
2.1
None Local Low Not required Partial None None
Microsoft Word Security Feature Bypass Vulnerability
19 CVE-2020-16949 401 DoS 2020-10-16 2020-10-21
5.0
None Remote Low Not required None None Partial
A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory, aka 'Microsoft Outlook Denial of Service Vulnerability'.
20 CVE-2020-16855 125 2020-09-11 2021-07-21
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka 'Microsoft Office Information Disclosure Vulnerability'.
21 CVE-2020-1583 200 +Info 2020-08-17 2021-07-21
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory, aka 'Microsoft Word Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1502, CVE-2020-1503.
22 CVE-2020-1503 200 +Info 2020-08-17 2021-07-21
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory, aka 'Microsoft Word Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1502, CVE-2020-1583.
23 CVE-2020-1502 200 +Info 2020-08-17 2021-07-21
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory, aka 'Microsoft Word Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1503, CVE-2020-1583.
24 CVE-2020-1497 200 +Info 2020-08-17 2021-07-21
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.
25 CVE-2020-1493 200 +Info 2020-08-17 2021-07-21
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when attaching files to Outlook messages, aka 'Microsoft Outlook Information Disclosure Vulnerability'.
26 CVE-2020-1445 200 +Info 2020-07-14 2021-07-21
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1342.
27 CVE-2020-1342 908 2020-07-14 2021-07-21
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1445.
28 CVE-2020-1322 200 +Info 2020-06-09 2021-07-21
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when Microsoft Project reads out of bound memory due to an uninitialized variable, aka 'Microsoft Project Information Disclosure Vulnerability'.
29 CVE-2020-1229 200 Bypass +Info 2020-06-09 2021-07-21
4.3
None Remote Medium Not required Partial None None
A security feature bypass vulnerability exists in Microsoft Outlook when Office fails to enforce security settings configured on a system, aka 'Microsoft Outlook Security Feature Bypass Vulnerability'.
30 CVE-2020-1224 200 +Info 2020-09-11 2021-07-21
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.
31 CVE-2020-0696 Bypass 2020-02-11 2020-02-13
4.3
None Remote Medium Not required None Partial None
A security feature bypass vulnerability exists in Microsoft Outlook software when it improperly handles the parsing of URI formats, aka 'Microsoft Outlook Security Feature Bypass Vulnerability'.
32 CVE-2019-1464 200 +Info 2019-12-10 2019-12-11
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.
33 CVE-2019-1463 200 +Info 2019-12-10 2019-12-16
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory, aka 'Microsoft Access Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1400.
34 CVE-2019-1446 200 +Info 2019-11-12 2019-11-13
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.
35 CVE-2019-1402 200 +Info 2019-11-12 2019-11-14
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Information Disclosure Vulnerability'.
36 CVE-2019-1400 200 +Info 2019-12-10 2019-12-13
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory, aka 'Microsoft Access Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1463.
37 CVE-2019-1263 200 +Info 2019-09-11 2020-05-11
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.
38 CVE-2019-1204 20 2019-08-14 2020-08-24
4.3
None Remote Medium Not required Partial None None
An elevation of privilege vulnerability exists when Microsoft Outlook initiates processing of incoming messages without sufficient validation of the formatting of the messages, aka 'Microsoft Outlook Elevation of Privilege Vulnerability'.
39 CVE-2019-1153 125 2019-08-14 2020-08-24
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1078, CVE-2019-1148.
40 CVE-2019-1148 125 2019-08-14 2020-08-24
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1078, CVE-2019-1153.
41 CVE-2019-1112 200 +Info 2019-07-15 2019-07-17
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.
42 CVE-2019-1084 200 +Info 2019-07-15 2020-05-04
4.0
None Remote Low ??? Partial None None
An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients., aka 'Microsoft Exchange Information Disclosure Vulnerability'.
43 CVE-2019-0669 2019-03-05 2020-08-24
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.
44 CVE-2019-0561 2019-01-08 2020-08-24
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when Microsoft Word macro buttons are used improperly, aka "Microsoft Word Information Disclosure Vulnerability." This affects Microsoft Word, Office 365 ProPlus, Microsoft Office, Word.
45 CVE-2019-0560 2019-01-08 2020-08-24
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office.
46 CVE-2019-0559 2019-01-08 2020-08-24
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when Microsoft Outlook improperly handles certain types of messages, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook.
47 CVE-2019-0540 601 Bypass 2019-03-05 2020-08-24
4.3
None Remote Medium Not required None Partial None
A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka 'Microsoft Office Security Feature Bypass Vulnerability'.
48 CVE-2018-8627 908 2018-12-12 2020-08-24
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer, Excel. This CVE ID is unique from CVE-2018-8598.
49 CVE-2018-8598 2018-12-12 2020-08-24
2.6
None Remote High Not required Partial None None
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8627.
50 CVE-2018-8579 2018-11-14 2020-08-24
4.0
None Remote Low ??? Partial None None
An information disclosure vulnerability exists when attaching files to Outlook messages, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office. This CVE ID is unique from CVE-2018-8558.
Total number of vulnerabilities : 125   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.