Page 11 of 59 results (0.008 seconds)

CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2014-3524

https://notcve.org/view.php?id=CVE-2014-3524

Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet. Apache OpenOffice anterior a 4.1.1 permite a atacantes remotos ejecutar comandos arbitrarios y posiblemente tener otro impacto no especificado a través de una hoja de cálculo Calc manipulada. • http://blog.documentfoundation.org/2014/08/28/libreoffice-4-3-1-fresh-announced http://secunia.com/advisories/59600 http://secunia.com/advisories/59877 http://secunia.com/advisories/60235 http://www.openoffice.org/security/cves/CVE-2014-3524.html http://www.securityfocus.com/archive/1/533200/100/0/threaded http://www.securityfocus.com/bid/69351 http://www.securitytracker.com/id/1030755 https://exchange.xforce.ibmcloud.com/vulnerabilities/95421 https://security.gentoo.org/glsa/2016 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 10.0EPSS: 1%CPEs: 7EXPL: 0

CVE-2014-0247 – libreoffice: VBA macros executed unconditionally

https://notcve.org/view.php?id=CVE-2014-0247

LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx. LibreOffice 4.2.4 ejecuta macros VBA no especificados automáticamente, lo que tiene un impacto y vectores de ataque no especificados, posiblemente relacionado con doc/docmacromode.cxx. It was found that LibreOffice documents executed macros unconditionally, without user approval, when these documents were opened using LibreOffice. An attacker could use this flaw to execute arbitrary code as the user running LibreOffice by embedding malicious VBA scripts in the document as macros. • http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135020.html http://lists.opensuse.org/opensuse-updates/2014-07/msg00006.html http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0247.html http://rhn.redhat.com/errata/RHSA-2015-0377.html http://secunia.com/advisories/57383 http://secunia.com/advisories/59330 http://secunia.com/advisories/60799 http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml http://www.securityfocus.com/bid/68151 http:&#x • CWE-356: Product UI does not Warn User of Unsafe Actions •

CVSS: 4.3EPSS: 1%CPEs: 27EXPL: 0

CVE-2012-4233 – LibreOffice Suite 3.5.5.3 Denial Of Service

https://notcve.org/view.php?id=CVE-2012-4233

LibreOffice 3.5.x before 3.5.7.2 and 3.6.x before 3.6.1, and OpenOffice.org (OOo), allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted (1) odt file to vcllo.dll, (2) ODG (Drawing document) file to svxcorelo.dll, (3) PolyPolygon record in a .wmf (Window Meta File) file embedded in a ppt (PowerPoint) file to tllo.dll, or (4) xls (Excel) file to scfiltlo.dll. LibreOffice v3.5.x antes de v3.5.7.2 y v3.6.x antes de v3.6.1, y OpenOffice.org (OOo), permite a atacantes remotos provocar una denegación de servicio (desreferencia puntero NULL) a través de un archivo manipulado(1) odt a vcllo.dll, (2) .ODG (documento de dibujo) a svxcorelo.dll, (3) un registro PolyPolygon en un archivo.wmf (Window Meta File) incrustado en un archivo ppt (PowerPoint) a tllo.dll o (4) un archivo xls (Excel) a scfiltlo.dll. • http://cgit.freedesktop.org/libreoffice/binfilter/commit/?h=libreoffice-3-5-7&id=7e22ee55ffc9743692f3ddb93e59dd4427029c5b http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-3-5-7&id=44bc6b5cac723b52df40fbef026e99b7119d8a69 http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-3-5-7&id=6789ec4c1a9c6af84bd62e650a03226a46365d97 http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-3-5-7&id=8ca9fb05c9967f11670d045886438ddfa3ac02a7 http://lists.opensuse.org/opensuse-updates/2012-11/msg00039.html http: •

CVSS: 7.5EPSS: 8%CPEs: 15EXPL: 0

CVE-2012-2665 – libreoffice: Multiple heap-based buffer overflows in the XML manifest encryption handling code

https://notcve.org/view.php?id=CVE-2012-2665

Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Open Document Text (.odt) file with (1) a child tag within an incorrect parent tag, (2) duplicate tags, or (3) a Base64 ChecksumAttribute whose length is not evenly divisible by four. Múltiples desbordamientos de bufer basado en en la funcionalidad de cifrado de manifiesto XML en la etiqueta en OpenOffice.org y LibreOffice anterior a v3.5.5 permite a atacantes remotos causar una denegación de servicio y posiblemente ejecutar código arbitrario a través de un Documento de texto diseñado (. Odt) con el archivo(1) una etiqueta de niño dentro de una etiqueta principal incorrecta, (2) duplicar los tags, o (3) un ChecksumAttribute Base64 cuya longitud no es divisible por cuatro. • http://rhn.redhat.com/errata/RHSA-2012-1135.html http://secunia.com/advisories/50142 http://secunia.com/advisories/50146 http://secunia.com/advisories/50692 http://secunia.com/advisories/60799 http://security.gentoo.org/glsa/glsa-201209-05.xml http://www.debian.org/security/2012/dsa-2520 http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml http://www.libreoffice.org/about-us/security/advisories/cve-2012-2665 http://www.pre-cert.de/advisories/PRE-SA-2012-05&# • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 6.8EPSS: 4%CPEs: 13EXPL: 2

CVE-2012-2334 – libreoffice: Integer overflow leading to buffer overflow by processing invalid Escher graphics records length in the Powerpoint documents

https://notcve.org/view.php?id=CVE-2012-2334

Integer overflow in filter/source/msfilter/msdffimp.cxx in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the length of an Escher graphics record in a PowerPoint (.ppt) document, which triggers a buffer overflow. Desbordamiento de entero en filter/source/msfilter/msdffimp.cxx en OpenOffice.org (OOo) v3.3, v3.4 Beta, y posiblemente anteriores, y LibreOffice antes de v3.5.3, permite a atacantes remotos causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de la longitud de un registro de gráficos Escher en una presentación de PowerPoint (.ppt), que provoca un desbordamiento de búfer. • http://archives.neohapsis.com/archives/bugtraq/2012-05/0091.html http://cgit.freedesktop.org/libreoffice/core/commit/?id=28a6558f9d3ca2dda3191f8b5b3f2378ee2533da http://cgit.freedesktop.org/libreoffice/core/commit/?id=512401decb286ba0fc3031939b8f7de8649c502e http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082168.html http://rhn.redhat.com/errata/RHSA-2012-0705.html http://secunia.com/advisories/46992 http://secunia.com/advisories/47244 http://secunia.com/advisories/49373 http://secunia.com • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •