Vulnerabilities > Onlyoffice > Document Server > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-14 | CVE-2023-30188 | Infinite Loop vulnerability in Onlyoffice Document Server Memory Exhaustion vulnerability in ONLYOFFICE Document Server 4.0.3 through 7.3.2 allows remote attackers to cause a denial of service via crafted JavaScript file. | 7.5 |
| 2023-03-19 | CVE-2022-48422 | Uncontrolled Search Path Element vulnerability in Onlyoffice Document Server ONLYOFFICE Docs through 7.3 on certain Linux distributions allows local users to gain privileges via a Trojan horse libgcc_s.so.1 in the current working directory, which may be any directory in which an ONLYOFFICE document is located. | 7.8 |
| 2021-03-01 | CVE-2021-25833 | Path Traversal vulnerability in Onlyoffice Document Server A file extension handling issue was found in [server] module of ONLYOFFICE DocumentServer v4.2.0.71-v5.6.0.21. | 7.5 |
| 2021-03-01 | CVE-2021-25832 | Out-of-bounds Write vulnerability in Onlyoffice Document Server A heap buffer overflow vulnerability inside of BMP image processing was found at [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v6.0.0. | 7.5 |
| 2021-03-01 | CVE-2021-25831 | Unspecified vulnerability in Onlyoffice Document Server A file extension handling issue was found in [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. | 7.5 |
| 2021-03-01 | CVE-2021-25830 | Unspecified vulnerability in Onlyoffice Document Server A file extension handling issue was found in [core] module of ONLYOFFICE DocumentServer v4.2.0.236-v5.6.4.13. | 7.5 |
| 2021-03-01 | CVE-2021-25829 | Unspecified vulnerability in Onlyoffice Document Server An improper binary stream data handling issue was found in the [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. | 7.8 |
| 2021-01-26 | CVE-2021-3199 | Path Traversal vulnerability in Onlyoffice Document Server Directory traversal with remote code execution can occur in /upload in ONLYOFFICE Document Server before 5.6.3, when JWT is used, via a /.. | 7.5 |
| 2020-04-15 | CVE-2020-11537 | SQL Injection vulnerability in Onlyoffice Document Server 5.5.0 A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5.0. | 7.5 |
| 2020-04-15 | CVE-2020-11536 | Improper Input Validation vulnerability in Onlyoffice Document Server 5.5.0 An issue was discovered in ONLYOFFICE Document Server 5.5.0. | 7.5 |