ONLYOFFICE offers a secure online office suite, as it says on their website. Here are vulnerabilities that I found in their product.
| CVE ID | Score | Description |
|---|---|---|
| CVE-2021-3199 | 9.8 CRITICAL | Directory traversal with Remote Code Execution when JWT is used in Document Server before 5.6.3 |
| CVE-2022-29776 | 9.8 CRITICAL | Classic stack buffer overflow leading to Remote Code Execution in DocumentServer 6.0.0 and earlier |
| CVE-2022-29777 | 9.8 CRITICAL | Heap buffer overflow (underflow) allows writing the pointer of a heap-chunk with a data controlled by the attacker, into a neighboring (located at a lower address) heap-chunk (DocumentServer 6.0.0 and earlier). Strong primitive, leads to Remote Code Execution |
Not disclosed