Outlook for Android
by Microsoft
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-1084 | 0.01 | — | 0.09 | Jul 15, 2019 | An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients., aka 'Microsoft Exchange Information Disclosure Vulnerability'. | |||
| CVE-2025-29805 | 0.00 | — | 0.03 | Apr 8, 2025 | Exposure of sensitive information to an unauthorized actor in Outlook for Android allows an unauthorized attacker to disclose information over a network. | |||
| CVE-2025-21259 | 0.00 | — | 0.01 | Feb 11, 2025 | Microsoft Outlook Spoofing Vulnerability | |||
| CVE-2024-43604 | 0.00 | — | 0.01 | Oct 8, 2024 | Outlook for Android Elevation of Privilege Vulnerability | |||
| CVE-2024-26204 | 0.00 | — | 0.02 | Mar 12, 2024 | Outlook for Android Information Disclosure Vulnerability | |||
| CVE-2022-24480 | 0.00 | — | 0.01 | Dec 13, 2022 | Outlook for Android Elevation of Privilege Vulnerability | |||
| CVE-2019-1460 | 0.00 | — | 0.02 | Jan 24, 2020 | A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages, aka 'Outlook for Android Spoofing Vulnerability'. | |||
| CVE-2019-1105 | 0.00 | — | 0.00 | Jul 29, 2019 | A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim. The attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on the affected systems and run scripts in the security context of the current user. The security update addresses the vulnerability by correcting how Outlook for Android parses specially crafted email messages. |
- CVE-2019-1084Jul 15, 2019risk 0.01cvss —epss 0.09
An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients., aka 'Microsoft Exchange Information Disclosure Vulnerability'.
- CVE-2025-29805Apr 8, 2025risk 0.00cvss —epss 0.03
Exposure of sensitive information to an unauthorized actor in Outlook for Android allows an unauthorized attacker to disclose information over a network.
- CVE-2025-21259Feb 11, 2025risk 0.00cvss —epss 0.01
Microsoft Outlook Spoofing Vulnerability
- CVE-2024-43604Oct 8, 2024risk 0.00cvss —epss 0.01
Outlook for Android Elevation of Privilege Vulnerability
- CVE-2024-26204Mar 12, 2024risk 0.00cvss —epss 0.02
Outlook for Android Information Disclosure Vulnerability
- CVE-2022-24480Dec 13, 2022risk 0.00cvss —epss 0.01
Outlook for Android Elevation of Privilege Vulnerability
- CVE-2019-1460Jan 24, 2020risk 0.00cvss —epss 0.02
A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages, aka 'Outlook for Android Spoofing Vulnerability'.
- CVE-2019-1105Jul 29, 2019risk 0.00cvss —epss 0.00
A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim. The attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on the affected systems and run scripts in the security context of the current user. The security update addresses the vulnerability by correcting how Outlook for Android parses specially crafted email messages.