Vulnerabilities > Onlyoffice > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-14 | CVE-2023-30186 | Use After Free vulnerability in Onlyoffice Document Server A use after free issue discovered in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file. | 9.8 |
| 2023-08-14 | CVE-2023-30187 | Out-of-bounds Write vulnerability in Onlyoffice Document Server An out of bounds memory access vulnerability in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file. | 9.8 |
| 2023-06-22 | CVE-2023-34939 | Path Traversal vulnerability in Onlyoffice Onlyoffice Community Server before v12.5.2 was discovered to contain a remote code execution (RCE) vulnerability via the component UploadProgress.ashx. | 9.8 |
| 2023-01-23 | CVE-2021-43445 | Improper Authentication vulnerability in Onlyoffice Server 7.0.0.49 ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. | 9.8 |
| 2022-06-02 | CVE-2022-29776 | Out-of-bounds Write vulnerability in Onlyoffice Core and Document Server Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a stack overflow via the component DesktopEditor/common/File.cpp. | 9.8 |
| 2022-06-02 | CVE-2022-29777 | Out-of-bounds Write vulnerability in Onlyoffice Core and Document Server Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a heap overflow via the component DesktopEditor/fontengine/fontconverter/FontFileBase.h. | 9.8 |