Vulnerabilities > Onlyoffice > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-14 | CVE-2023-30186 | Use After Free vulnerability in Onlyoffice Document Server A use after free issue discovered in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file. | 9.8 |
| 2023-08-14 | CVE-2023-30187 | Out-of-bounds Write vulnerability in Onlyoffice Document Server An out of bounds memory access vulnerability in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file. | 9.8 |
| 2023-06-22 | CVE-2023-34939 | Path Traversal vulnerability in Onlyoffice Onlyoffice Community Server before v12.5.2 was discovered to contain a remote code execution (RCE) vulnerability via the component UploadProgress.ashx. | 9.8 |
| 2023-01-23 | CVE-2021-43445 | Improper Authentication vulnerability in Onlyoffice Server 7.0.0.49 ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. | 9.8 |
| 2022-06-02 | CVE-2022-29776 | Out-of-bounds Write vulnerability in Onlyoffice Core and Document Server Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a stack overflow via the component DesktopEditor/common/File.cpp. | 9.8 |
| 2022-06-02 | CVE-2022-29777 | Out-of-bounds Write vulnerability in Onlyoffice Core and Document Server Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a heap overflow via the component DesktopEditor/fontengine/fontconverter/FontFileBase.h. | 9.8 |
| 2021-09-10 | CVE-2021-40864 | Unspecified vulnerability in Onlyoffice Google Translate The Translate plugin 6.1.x through 6.3.x before 6.3.0.72 for ONLYOFFICE Document Server lacks escape calls for the msg.data and text fields. | 9.8 |
| 2021-03-01 | CVE-2021-25833 | Path Traversal vulnerability in Onlyoffice Document Server A file extension handling issue was found in [server] module of ONLYOFFICE DocumentServer v4.2.0.71-v5.6.0.21. | 9.8 |
| 2021-03-01 | CVE-2021-25832 | Out-of-bounds Write vulnerability in Onlyoffice Document Server A heap buffer overflow vulnerability inside of BMP image processing was found at [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v6.0.0. | 9.8 |
| 2021-03-01 | CVE-2021-25831 | Unspecified vulnerability in Onlyoffice Document Server A file extension handling issue was found in [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. | 9.8 |