Microsoft » Office : Security Vulnerabilities, CVEs, CVSS score between 6 and 6.99

CVE-2023-36893

Microsoft Outlook Spoofing Vulnerability
Max CVSS
6.5
EPSS Score
0.11%
Published
2023-08-08
Updated
2023-08-11

CVE-2023-36761

Known exploited
Microsoft Word Information Disclosure Vulnerability
Max CVSS
6.5
EPSS Score
65.54%
Published
2023-09-12
Updated
2023-11-07
CISA KEV Added
2023-09-12

CVE-2023-36413

Microsoft Office Security Feature Bypass Vulnerability
Max CVSS
6.5
EPSS Score
0.09%
Published
2023-11-14
Updated
2023-11-20

CVE-2023-35636

Microsoft Outlook Information Disclosure Vulnerability
Max CVSS
6.5
EPSS Score
0.13%
Published
2023-12-12
Updated
2023-12-14

CVE-2023-33151

Microsoft Outlook Spoofing Vulnerability
Max CVSS
6.5
EPSS Score
0.12%
Published
2023-07-11
Updated
2023-07-14

CVE-2022-38001

Microsoft Office Spoofing Vulnerability
Max CVSS
6.5
EPSS Score
0.13%
Published
2022-10-11
Updated
2023-12-20

CVE-2022-26934

Windows Graphics Component Information Disclosure Vulnerability
Max CVSS
6.5
EPSS Score
0.48%
Published
2022-05-10
Updated
2023-12-20

CVE-2021-42293

Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability
Max CVSS
6.5
EPSS Score
0.14%
Published
2021-12-15
Updated
2022-07-12

CVE-2020-17063

Microsoft Office Online Spoofing Vulnerability
Max CVSS
6.8
EPSS Score
0.21%
Published
2020-11-11
Updated
2023-12-31

CVE-2020-1322

An information disclosure vulnerability exists when Microsoft Project reads out of bound memory due to an uninitialized variable, aka 'Microsoft Project Information Disclosure Vulnerability'.
Max CVSS
6.5
EPSS Score
1.15%
Published
2020-06-09
Updated
2021-07-21

CVE-2020-0696

A security feature bypass vulnerability exists in Microsoft Outlook software when it improperly handles the parsing of URI formats, aka 'Microsoft Outlook Security Feature Bypass Vulnerability'.
Max CVSS
6.5
EPSS Score
0.14%
Published
2020-02-11
Updated
2020-02-13

CVE-2019-1084

An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients., aka 'Microsoft Exchange Information Disclosure Vulnerability'.
Max CVSS
6.5
EPSS Score
0.53%
Published
2019-07-15
Updated
2020-05-04

CVE-2019-0669

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.
Max CVSS
6.5
EPSS Score
1.75%
Published
2019-03-05
Updated
2020-08-24

CVE-2019-0559

An information disclosure vulnerability exists when Microsoft Outlook improperly handles certain types of messages, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook.
Max CVSS
6.5
EPSS Score
1.43%
Published
2019-01-08
Updated
2020-08-24

CVE-2018-8579

An information disclosure vulnerability exists when attaching files to Outlook messages, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office. This CVE ID is unique from CVE-2018-8558.
Max CVSS
6.5
EPSS Score
0.92%
Published
2018-11-14
Updated
2020-08-24

CVE-2018-8558

An information disclosure vulnerability exists when Microsoft Outlook fails to respect "Default link type" settings configured via the SharePoint Online Admin Center, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office. This CVE ID is unique from CVE-2018-8579.
Max CVSS
6.5
EPSS Score
0.49%
Published
2018-11-14
Updated
2018-12-14

CVE-2018-8244

An elevation of privilege vulnerability exists when Microsoft Outlook does not validate attachment headers properly, aka "Microsoft Outlook Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Outlook.
Max CVSS
6.5
EPSS Score
0.46%
Published
2018-06-14
Updated
2018-08-06

CVE-2018-8160

An information disclosure vulnerability exists in Outlook when a message is opened, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Word, Microsoft Office.
Max CVSS
6.5
EPSS Score
3.58%
Published
2018-05-09
Updated
2018-06-06

CVE-2018-8150

A security feature bypass vulnerability exists when the Microsoft Outlook attachment block filter does not properly handle attachments, aka "Microsoft Outlook Security Feature Bypass Vulnerability." This affects Microsoft Office.
Max CVSS
6.5
EPSS Score
0.23%
Published
2018-05-09
Updated
2019-10-03

CVE-2018-0950

An information disclosure vulnerability exists when Office renders Rich Text Format (RTF) email messages containing OLE objects when a message is opened or previewed, aka "Microsoft Office Information Disclosure Vulnerability." This affects Microsoft Word, Microsoft Office. This CVE ID is unique from CVE-2018-1007.
Max CVSS
6.5
EPSS Score
1.91%
Published
2018-04-12
Updated
2020-08-24

CVE-2018-0850

Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run allow an elevation of privilege vulnerability due to how the format of incoming message is validated, aka "Microsoft Outlook Elevation of Privilege Vulnerability".
Max CVSS
6.5
EPSS Score
0.26%
Published
2018-02-15
Updated
2019-10-03

CVE-2018-0819

Microsoft Office 2016 for Mac allows an attacker to send a specially crafted email attachment to a user in an attempt to launch a social engineering attack, such as phishing, due to how Outlook for Mac displays encoded email addresses, aka "Spoofing Vulnerability in Microsoft Office for Mac."
Max CVSS
6.5
EPSS Score
0.26%
Published
2018-01-10
Updated
2019-10-03

CVE-2017-11939

Microsoft Office 2016 Click-to-Run (C2R) allows an information disclosure vulnerability due to the way Microsoft Office enforces DRM copy/paste permissions, aka "Microsoft Office Information Disclosure Vulnerability".
Max CVSS
6.5
EPSS Score
0.23%
Published
2017-12-12
Updated
2017-12-27

CVE-2017-8534

Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows improper disclosure of memory contents, aka "Windows Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0282, CVE-2017-0284, and CVE-2017-0285.
Max CVSS
6.5
EPSS Score
0.92%
Published
2017-06-15
Updated
2017-06-26

CVE-2017-8533

Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Graphics Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, and CVE-2017-8532.
Max CVSS
6.5
EPSS Score
1.10%
Published
2017-06-15
Updated
2019-06-20
38 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close