| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper input validation in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. |
| Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network. |
| Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally. |
| Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network. |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. |
| A problem with the Palo Alto Networks Cortex XDR Microsoft 365 Defender Pack can result in exposure of user credentials in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting purposes. This means that these credentials are exposed to recipients of the application logs. |
| AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network. |
| Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network. |
| Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
| Server-side request forgery (ssrf) in Microsoft Exchange allows an authorized attacker to elevate privileges over a network. |
| Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network. |
| Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally. |
| Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
| Microsoft Office Visio Remote Code Execution Vulnerability |
| Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office Visio Remote Code Execution Vulnerability |
| Microsoft Outlook Remote Code Execution Vulnerability |
