Onlyoffice

Document Server

23 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2022-29776

Exploit
  • EPSS 16.16%
  • Veröffentlicht 02.06.2022 14:15:51
  • Zuletzt bearbeitet 21.11.2024 06:59:40

Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a stack overflow via the component DesktopEditor/common/File.cpp.

9.8

CVE-2022-29777

Exploit
  • EPSS 16.16%
  • Veröffentlicht 02.06.2022 14:15:51
  • Zuletzt bearbeitet 21.11.2024 06:59:40

Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a heap overflow via the component DesktopEditor/fontengine/fontconverter/FontFileBase.h.

6.1

CVE-2022-24229

Exploit
  • EPSS 0.35%
  • Veröffentlicht 08.04.2022 12:15:08
  • Zuletzt bearbeitet 21.11.2024 06:50:00

A cross-site scripting (XSS) vulnerability in ONLYOFFICE Document Server Example before v7.0.0 allows remote attackers inject arbitrary HTML or JavaScript through /example/editor.

9.8

CVE-2021-25833

Exploit
  • EPSS 9.63%
  • Veröffentlicht 01.03.2021 16:15:14
  • Zuletzt bearbeitet 21.11.2024 05:55:29

A file extension handling issue was found in [server] module of ONLYOFFICE DocumentServer v4.2.0.71-v5.6.0.21. The file extension is controlled by an attacker through the request data and leads to arbitrary file overwriting. Using this vulnerability,...

9.8

CVE-2021-25832

Exploit
  • EPSS 6.96%
  • Veröffentlicht 01.03.2021 16:15:14
  • Zuletzt bearbeitet 21.11.2024 05:55:29

A heap buffer overflow vulnerability inside of BMP image processing was found at [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v6.0.0. Using this vulnerability, an attacker is able to gain remote code executions on DocumentServer.

9.8

CVE-2021-25831

Exploit
  • EPSS 3.51%
  • Veröffentlicht 01.03.2021 16:15:14
  • Zuletzt bearbeitet 21.11.2024 05:55:29

A file extension handling issue was found in [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. An attacker must request the conversion of the crafted file from PPTT into PPTX format. Using the chain of two other bugs related to improper str...

9.8

CVE-2021-25830

Exploit
  • EPSS 6.12%
  • Veröffentlicht 01.03.2021 16:15:14
  • Zuletzt bearbeitet 21.11.2024 05:55:29

A file extension handling issue was found in [core] module of ONLYOFFICE DocumentServer v4.2.0.236-v5.6.4.13. An attacker must request the conversion of the crafted file from DOCT into DOCX format. Using the chain of two other bugs related to imprope...

7.8

CVE-2021-25829

Exploit
  • EPSS 3.79%
  • Veröffentlicht 01.03.2021 16:15:14
  • Zuletzt bearbeitet 21.11.2024 05:55:29

An improper binary stream data handling issue was found in the [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. Using this bug, an attacker is able to produce a denial of service attack that can eventually shut down the target server.

9.8

CVE-2021-3199

Exploit
  • EPSS 6.76%
  • Veröffentlicht 26.01.2021 18:16:28
  • Zuletzt bearbeitet 21.11.2024 06:21:07

Directory traversal with remote code execution can occur in /upload in ONLYOFFICE Document Server before 5.6.3, when JWT is used, via a /.. sequence in an image upload parameter.

9.8

CVE-2020-11534

  • EPSS 0.65%
  • Veröffentlicht 15.04.2020 15:15:19
  • Zuletzt bearbeitet 21.11.2024 04:58:05

An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can craft a malicious .docx file, and exploit the NSFileDownloader function to pass parameters to a binary (such as curl or wget) and remotely execute code on a victim's server.