Total
272 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-23397 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2025-03-13 | 9.8 Critical |
| Microsoft Outlook Elevation of Privilege Vulnerability | ||||
| CVE-2025-21259 | 1 Microsoft | 1 Outlook | 2025-03-12 | 5.3 Medium |
| Microsoft Outlook Spoofing Vulnerability | ||||
| CVE-2024-38021 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-03-11 | 8.8 High |
| Microsoft Outlook Remote Code Execution Vulnerability | ||||
| CVE-2024-38020 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2025-03-11 | 6.5 Medium |
| Microsoft Outlook Spoofing Vulnerability | ||||
| CVE-2023-33131 | 1 Microsoft | 4 Office, Office Long Term Servicing Channel, Outlook and 1 more | 2025-02-28 | 8.8 High |
| Microsoft Outlook Remote Code Execution Vulnerability | ||||
| CVE-2021-31949 | 1 Microsoft | 3 365 Apps, Office, Outlook | 2025-02-28 | 7.3 High |
| Microsoft Outlook Remote Code Execution Vulnerability | ||||
| CVE-2023-33153 | 1 Microsoft | 2 365 Apps, Office | 2025-02-28 | 6.8 Medium |
| Microsoft Outlook Remote Code Execution Vulnerability | ||||
| CVE-2023-33151 | 1 Microsoft | 2 365 Apps, Office | 2025-02-28 | 6.5 Medium |
| Microsoft Outlook Spoofing Vulnerability | ||||
| CVE-2023-36893 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2025-02-27 | 6.5 Medium |
| Microsoft Outlook Spoofing Vulnerability | ||||
| CVE-2023-36895 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-02-27 | 7.8 High |
| Microsoft Outlook Remote Code Execution Vulnerability | ||||
| CVE-2023-36763 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2025-02-27 | 7.5 High |
| Microsoft Outlook Information Disclosure Vulnerability | ||||
| CVE-2022-49379 | 2025-02-26 | 5.5 Medium | ||
| In the Linux kernel, the following vulnerability has been resolved: driver core: Fix wait_for_device_probe() & deferred_probe_timeout interaction Mounting NFS rootfs was timing out when deferred_probe_timeout was non-zero [1]. This was because ip_auto_config() initcall times out waiting for the network interfaces to show up when deferred_probe_timeout was non-zero. While ip_auto_config() calls wait_for_device_probe() to make sure any currently running deferred probe work or asynchronous probe finishes, that wasn't sufficient to account for devices being deferred until deferred_probe_timeout. Commit 35a672363ab3 ("driver core: Ensure wait_for_device_probe() waits until the deferred_probe_timeout fires") tried to fix that by making sure wait_for_device_probe() waits for deferred_probe_timeout to expire before returning. However, if wait_for_device_probe() is called from the kernel_init() context: - Before deferred_probe_initcall() [2], it causes the boot process to hang due to a deadlock. - After deferred_probe_initcall() [3], it blocks kernel_init() from continuing till deferred_probe_timeout expires and beats the point of deferred_probe_timeout that's trying to wait for userspace to load modules. Neither of this is good. So revert the changes to wait_for_device_probe(). [1] - https://lore.kernel.org/lkml/TYAPR01MB45443DF63B9EF29054F7C41FD8C60@TYAPR01MB4544.jpnprd01.prod.outlook.com/ [2] - https://lore.kernel.org/lkml/YowHNo4sBjr9ijZr@dev-arch.thelio-3990X/ [3] - https://lore.kernel.org/lkml/Yo3WvGnNk3LvLb7R@linutronix.de/ | ||||
| CVE-2025-0916 | 1 Yaycommerce | 1 Yaysmtp | 2025-02-25 | 7.2 High |
| The YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo, Google and Any SMTP Service plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions 2.4.9 to 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note: The vulnerability has been initially patched in version 2.4.8 and was reintroduced in version 2.4.9 with the removal of the wp_kses_post() built-in WordPress sanitization function. | ||||
| CVE-2023-35311 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2025-02-24 | 8.8 High |
| Microsoft Outlook Security Feature Bypass Vulnerability | ||||
| CVE-2025-21361 | 1 Microsoft | 2 Office, Outlook | 2025-02-21 | 7.8 High |
| Microsoft Outlook Remote Code Execution Vulnerability | ||||
| CVE-2025-21357 | 1 Microsoft | 3 365 Apps, Office, Outlook | 2025-02-21 | 6.7 Medium |
| Microsoft Outlook Remote Code Execution Vulnerability | ||||
| CVE-2017-11774 | 1 Microsoft | 1 Outlook | 2025-02-11 | 7.8 High |
| Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka "Microsoft Outlook Security Feature Bypass Vulnerability." | ||||
| CVE-2024-21413 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-02-07 | 9.8 Critical |
| Microsoft Outlook Remote Code Execution Vulnerability | ||||
| CVE-2024-43604 | 1 Microsoft | 1 Outlook | 2025-01-29 | 5.7 Medium |
| Outlook for Android Elevation of Privilege Vulnerability | ||||
| CVE-2024-38173 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2025-01-23 | 6.7 Medium |
| Microsoft Outlook Remote Code Execution Vulnerability | ||||