Vulnerabilities > WPS

DATE CVE VULNERABILITY TITLE RISK
2022-05-12 CVE-2021-40399 Use After Free vulnerability in WPS Office 11.2.0.10351
An exploitable use-after-free vulnerability exists in WPS Spreadsheets ( ET ) as part of WPS Office, version 11.2.0.10351.
network
wps CWE-416
6.8
2022-03-23 CVE-2022-24934 Unspecified vulnerability in WPS Office 10.1.0.7106/10.2.0.5978/5.3.1
wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEY_CURRENT_USER in the registry.
network
low complexity
wps
7.5
2020-01-14 CVE-2014-2271 Improper Input Validation vulnerability in multiple products
cn.wps.moffice.common.beans.print.CloudPrintWebView in Kingsoft Office 5.3.1, as used in Huawei P2 devices before V100R001C00B043, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and execute arbitrary Java code by leveraging a network position between the client and the registry to block HTTPS traffic.
network
wps huawei CWE-20
6.8
2018-01-29 CVE-2018-6390 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in WPS Office 10.1.0.7106/10.2.0.5978
The WStr::assign function in kso.dll in Kingsoft WPS Office 10.1.0.7106 and 10.2.0.5978 does not validate the size of the source memory block before an _copy call, which allows remote attackers to cause a denial of service (access violation and application crash) via a crafted (a) web page, (b) office document, or (c) .rtf file.
network
wps CWE-119
4.3
2014-09-23 CVE-2014-6692 Cryptographic Issues vulnerability in WPS Kingsoft Clip (Office Tool) 1.5.1
The Kingsoft Clip (Office Tool) (aka cn.wps.clip) application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
5.4
2005-07-18 CVE-2005-2290 Remote Command Execution vulnerability in WPS Wps_shop.CGI
wps_shop.cgi in WPS Web Portal System 0.7.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) art and (2) cat variables.
network
low complexity
wps
critical
10.0