ONLYOFFICE/core

ONLYOFFICE/core

www.onlyoffice.com

Releases10.4K

Frequency8 hours

Last Release 10 days ago

Stars404

Server core components which are a part of ONLYOFFICE Document Server

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-30186 ↗	Aug 14, 2023Monday, 14 August 2023, 13:15	9.8 CRITICAL	—
A use after free issue discovered in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file.
CVE-2023-30187 ↗	Aug 14, 2023Monday, 14 August 2023, 13:15	9.8 CRITICAL	—
An out of bounds memory access vulnerability in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file.
CVE-2023-30188 ↗	Aug 14, 2023Monday, 14 August 2023, 13:15	7.5 HIGH	—
Memory Exhaustion vulnerability in ONLYOFFICE Document Server 4.0.3 through 7.3.2 allows remote attackers to cause a denial of service via crafted JavaScript file.
CVE-2022-29776 ↗	Jun 2, 2022Thursday, 2 June 2022, 14:15	9.8 CRITICAL	7.5 HIGH
Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a stack overflow via the component DesktopEditor/common/File.cpp.
CVE-2022-29777 ↗	Jun 2, 2022Thursday, 2 June 2022, 14:15	9.8 CRITICAL	7.5 HIGH
Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a heap overflow via the component DesktopEditor/fontengine/fontconverter/FontFileBase.h.