Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Outlook
(Microsoft)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 108 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-10-08 | CVE-2024-43604 | Outlook for Android Elevation of Privilege Vulnerability | Outlook | 8.0 | ||
| 2024-09-10 | CVE-2024-43482 | Microsoft Outlook for iOS Information Disclosure Vulnerability | Outlook | 6.5 | ||
| 2024-08-13 | CVE-2024-38173 | Microsoft Outlook Remote Code Execution Vulnerability | 365_apps, Office, Office_long_term_servicing_channel, Outlook | 6.7 | ||
| 2023-03-14 | CVE-2023-23397 | Microsoft Outlook Elevation of Privilege Vulnerability | 365_apps, Office, Office_long_term_servicing_channel, Outlook | 9.8 | ||
| 2023-07-11 | CVE-2023-35311 | Microsoft Outlook Security Feature Bypass Vulnerability | 365_apps, Office, Outlook | 7.5 | ||
| 2018-05-16 | CVE-2017-17688 | The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification | Mail, Airmail, Emclient, Maildroid, Mailmate, Horde_imp, Outlook, Thunderbird, Postbox, R2mail2, Webmail | 5.9 | ||
| 2017-10-13 | CVE-2017-11774 | Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka "Microsoft Outlook Security Feature Bypass Vulnerability." | Outlook | 7.8 | ||
| 2015-04-14 | CVE-2015-1641 | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability." | Office, Office_compatibility_pack, Office_web_apps, Outlook, Sharepoint_server, Word | 7.8 | ||
| 2024-07-09 | CVE-2024-38020 | Microsoft Outlook Spoofing Vulnerability | 365_apps, Office, Office_long_term_servicing_channel, Outlook | 6.5 | ||
| 2020-08-17 | CVE-2020-1493 | An information disclosure vulnerability exists when attaching files to Outlook messages. This vulnerability could potentially allow users to share attached files such that they are accessible by anonymous users where they should be restricted to specific users. To exploit this vulnerability, an attacker would have to attach a file as a link to an email. The email could then be shared with individuals that should not have access to the files, ignoring the default organizational setting. The... | 365_apps, Office, Outlook | 5.5 |