Vulnerabilities > WPS
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-05-12 | CVE-2021-40399 | Use After Free vulnerability in WPS Office 11.2.0.10351 An exploitable use-after-free vulnerability exists in WPS Spreadsheets ( ET ) as part of WPS Office, version 11.2.0.10351. | 6.8 |
2022-03-23 | CVE-2022-24934 | Unspecified vulnerability in WPS Office 10.1.0.7106/10.2.0.5978/5.3.1 wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEY_CURRENT_USER in the registry. | 7.5 |
2020-01-14 | CVE-2014-2271 | Improper Input Validation vulnerability in multiple products cn.wps.moffice.common.beans.print.CloudPrintWebView in Kingsoft Office 5.3.1, as used in Huawei P2 devices before V100R001C00B043, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and execute arbitrary Java code by leveraging a network position between the client and the registry to block HTTPS traffic. | 6.8 |
2018-01-29 | CVE-2018-6390 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in WPS Office 10.1.0.7106/10.2.0.5978 The WStr::assign function in kso.dll in Kingsoft WPS Office 10.1.0.7106 and 10.2.0.5978 does not validate the size of the source memory block before an _copy call, which allows remote attackers to cause a denial of service (access violation and application crash) via a crafted (a) web page, (b) office document, or (c) .rtf file. | 4.3 |
2014-09-23 | CVE-2014-6692 | Cryptographic Issues vulnerability in WPS Kingsoft Clip (Office Tool) 1.5.1 The Kingsoft Clip (Office Tool) (aka cn.wps.clip) application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2005-07-18 | CVE-2005-2290 | Remote Command Execution vulnerability in WPS Wps_shop.CGI wps_shop.cgi in WPS Web Portal System 0.7.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) art and (2) cat variables. | 10.0 |