CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Microsoft » Office : Security Vulnerabilities (CVSS score between 3 and 5.99)

CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-29107 863 Bypass 2022-05-10 2022-05-19
4.3
 None Remote Medium Not required Partial None None
Microsoft Office Security Feature Bypass Vulnerability.
2 CVE-2022-24462 Bypass 2022-03-09 2022-03-14
4.3
 None Remote Medium Not required None Partial None
Microsoft Word Security Feature Bypass Vulnerability.
3 CVE-2022-22716 668 2022-02-09 2022-03-04
4.3
 None Remote Medium Not required Partial None None
Microsoft Excel Information Disclosure Vulnerability.
4 CVE-2021-43255 2021-12-15 2022-01-01
4.3
 None Remote Medium Not required None Partial None
Microsoft Office Trust Center Spoofing Vulnerability
5 CVE-2021-42295 668 2021-12-15 2022-02-10
4.3
 None Remote Medium Not required Partial None None
Visual Basic for Applications Information Disclosure Vulnerability
6 CVE-2021-42293 269 2021-12-15 2022-02-10
5.0
 None Remote Low Not required None None Partial
Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability
7 CVE-2021-38650 2021-09-15 2021-09-27
4.3
 None Remote Medium Not required None Partial None
Microsoft Office Spoofing Vulnerability
8 CVE-2021-34469 863 Bypass 2021-07-14 2021-07-19
5.8
 None Remote Medium Not required Partial Partial None
Microsoft Office Security Feature Bypass Vulnerability
9 CVE-2021-31178 200 +Info 2021-05-11 2021-05-17
4.3
 None Remote Medium Not required Partial None None
Microsoft Office Information Disclosure Vulnerability
10 CVE-2021-28456 2021-04-13 2021-04-20
4.3
 None Remote Medium Not required Partial None None
Microsoft Excel Information Disclosure Vulnerability
11 CVE-2020-17119 2020-12-10 2021-08-30
5.0
 None Remote Low Not required Partial None None
Microsoft Outlook Information Disclosure Vulnerability
12 CVE-2020-17063 20 2020-11-11 2021-07-21
5.8
 None Remote Medium Not required Partial Partial None
Microsoft Office Online Spoofing Vulnerability
13 CVE-2020-16949 401 DoS 2020-10-16 2020-10-21
5.0
 None Remote Low Not required None None Partial
A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory, aka 'Microsoft Outlook Denial of Service Vulnerability'.
14 CVE-2020-16855 125 2020-09-11 2021-07-21
4.3
 None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka 'Microsoft Office Information Disclosure Vulnerability'.
15 CVE-2020-1583 200 +Info 2020-08-17 2021-07-21
4.3
 None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory, aka 'Microsoft Word Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1502, CVE-2020-1503.
16 CVE-2020-1503 200 +Info 2020-08-17 2021-07-21
4.3
 None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory, aka 'Microsoft Word Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1502, CVE-2020-1583.
17 CVE-2020-1502 200 +Info 2020-08-17 2021-07-21
4.3
 None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory, aka 'Microsoft Word Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1503, CVE-2020-1583.
18 CVE-2020-1497 200 +Info 2020-08-17 2021-07-21
4.3
 None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.
19 CVE-2020-1493 200 +Info 2020-08-17 2021-07-21
4.3
 None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when attaching files to Outlook messages, aka 'Microsoft Outlook Information Disclosure Vulnerability'.
20 CVE-2020-1445 200 +Info 2020-07-14 2021-07-21
4.3
 None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1342.
21 CVE-2020-1342 908 2020-07-14 2021-07-21
4.3
 None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1445.
22 CVE-2020-1322 200 +Info 2020-06-09 2021-07-21
4.3
 None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when Microsoft Project reads out of bound memory due to an uninitialized variable, aka 'Microsoft Project Information Disclosure Vulnerability'.
23 CVE-2020-1229 200 Bypass +Info 2020-06-09 2021-07-21
4.3
 None Remote Medium Not required Partial None None
A security feature bypass vulnerability exists in Microsoft Outlook when Office fails to enforce security settings configured on a system, aka 'Microsoft Outlook Security Feature Bypass Vulnerability'.
24 CVE-2020-1224 200 +Info 2020-09-11 2021-07-21
4.3
 None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.
25 CVE-2020-0696 Bypass 2020-02-11 2020-02-13
4.3
 None Remote Medium Not required None Partial None
A security feature bypass vulnerability exists in Microsoft Outlook software when it improperly handles the parsing of URI formats, aka 'Microsoft Outlook Security Feature Bypass Vulnerability'.
26 CVE-2019-1464 200 +Info 2019-12-10 2019-12-11
4.3
 None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.
27 CVE-2019-1446 200 +Info 2019-11-12 2019-11-13
4.3
 None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.
28 CVE-2019-1263 200 +Info 2019-09-11 2020-05-11
4.3
 None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.
29 CVE-2019-1204 20 2019-08-14 2020-08-24
4.3
 None Remote Medium Not required Partial None None
An elevation of privilege vulnerability exists when Microsoft Outlook initiates processing of incoming messages without sufficient validation of the formatting of the messages, aka 'Microsoft Outlook Elevation of Privilege Vulnerability'.
30 CVE-2019-1112 200 +Info 2019-07-15 2019-07-17
4.3
 None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.
31 CVE-2019-1084 200 +Info 2019-07-15 2020-05-04
4.0
 None Remote Low ??? Partial None None
An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients., aka 'Microsoft Exchange Information Disclosure Vulnerability'.
32 CVE-2019-0669 2019-03-05 2020-08-24
4.3
 None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.
33 CVE-2019-0561 2019-01-08 2020-08-24
4.3
 None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when Microsoft Word macro buttons are used improperly, aka "Microsoft Word Information Disclosure Vulnerability." This affects Microsoft Word, Office 365 ProPlus, Microsoft Office, Word.
34 CVE-2019-0560 2019-01-08 2020-08-24
4.3
 None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office.
35 CVE-2019-0559 2019-01-08 2020-08-24
4.3
 None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when Microsoft Outlook improperly handles certain types of messages, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook.
36 CVE-2019-0540 601 Bypass 2019-03-05 2020-08-24
4.3
 None Remote Medium Not required None Partial None
A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka 'Microsoft Office Security Feature Bypass Vulnerability'.
37 CVE-2018-8627 908 2018-12-12 2020-08-24
4.3
 None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer, Excel. This CVE ID is unique from CVE-2018-8598.
38 CVE-2018-8579 2018-11-14 2020-08-24
4.0
 None Remote Low ??? Partial None None
An information disclosure vulnerability exists when attaching files to Outlook messages, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office. This CVE ID is unique from CVE-2018-8558.
39 CVE-2018-8558 200 +Info 2018-11-14 2018-12-14
4.0
 None Remote Low ??? Partial None None
An information disclosure vulnerability exists when Microsoft Outlook fails to respect "Default link type" settings configured via the SharePoint Online Admin Center, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office. This CVE ID is unique from CVE-2018-8579.
40 CVE-2018-8546 DoS 2018-11-14 2020-08-24
4.3
 None Remote Medium Not required None None Partial
A denial of service vulnerability exists in Skype for Business, aka "Microsoft Skype for Business Denial of Service Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Lync, Skype.
41 CVE-2018-8429 200 +Info 2018-09-13 2018-11-01
4.3
 None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel.
42 CVE-2018-8382 200 +Info 2018-08-15 2018-10-12
4.3
 None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel.
43 CVE-2018-8378 125 2018-08-15 2020-08-24
4.3
 None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Word, Microsoft SharePoint Server, Microsoft Office Word Viewer, Microsoft Excel Viewer, Microsoft SharePoint, Microsoft Office.
44 CVE-2018-8310 2018-07-11 2020-08-24
5.0
 None Remote Low Not required None Partial None
A tampering vulnerability exists when Microsoft Outlook does not properly handle specific attachment types when rendering HTML emails, aka "Microsoft Office Tampering Vulnerability." This affects Microsoft Word, Microsoft Office.
45 CVE-2018-8246 200 +Info 2018-06-14 2018-08-06
4.3
 None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel.
46 CVE-2018-8244 20 2018-06-14 2018-08-06
4.3
 None Remote Medium Not required None Partial None
An elevation of privilege vulnerability exists when Microsoft Outlook does not validate attachment headers properly, aka "Microsoft Outlook Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Outlook.
47 CVE-2018-8163 200 +Info 2018-05-09 2018-06-05
4.3
 None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Office, Microsoft Excel.
48 CVE-2018-8160 200 +Info 2018-05-09 2018-06-06
4.3
 None Remote Medium Not required Partial None None
An information disclosure vulnerability exists in Outlook when a message is opened, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Word, Microsoft Office.
49 CVE-2018-8150 Bypass 2018-05-09 2019-10-03
4.3
 None Remote Medium Not required None Partial None
A security feature bypass vulnerability exists when the Microsoft Outlook attachment block filter does not properly handle attachments, aka "Microsoft Outlook Security Feature Bypass Vulnerability." This affects Microsoft Office.
50 CVE-2018-0950 2018-04-12 2020-08-24
4.3
 None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when Office renders Rich Text Format (RTF) email messages containing OLE objects when a message is opened or previewed, aka "Microsoft Office Information Disclosure Vulnerability." This affects Microsoft Word, Microsoft Office. This CVE ID is unique from CVE-2018-1007.
Total number of vulnerabilities : 108   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.