CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-14939
https://notcve.org/view.php?id=CVE-2018-14939
05 Aug 2018 — The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact if LibreOffice is automatically launched during web browsing with pathnames controlled by a remote web site. La función get_app_path en desktop/unx/source/start.c en LibreOffice hasta la versión 6.0.5 gestiona... • http://www.securityfocus.com/bid/105047 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2018-10119 – libreoffice: Use-after-free in sdstor/stgstrms.cxx:StgSmallStrm class allows for denial of service with crafted document
https://notcve.org/view.php?id=CVE-2018-10119
15 Apr 2018 — sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service (use-after-free with write access) or possibly have unspecified other impact via a crafted document that uses the structured storage ole2 wrapper file format. sot/source/sdstor/stgstrms.cxx en LibreOffice, en versiones anteriores a la 5.4.5.1 y versiones 6.x anteriores a la 6.0.1.1, emplea un tipo de dato... • https://access.redhat.com/errata/RHSA-2018:3054 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2018-10120 – libreoffice: Out of bounds write in filter/ww8/ww8toolbar.cxx:SwCTBWrapper class allows for denial of service with crafted document
https://notcve.org/view.php?id=CVE-2018-10120
15 Apr 2018 — The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of service (heap-based buffer overflow with write access) or possibly have unspecified other impact via a crafted document that contains a certain Microsoft Word record. La función SwCTBWrapper::Read en sw/source/filter/ww8/ww8toolbar.cxx en LibreOffice, en versiones anteriores a la 5.4.6.1 y vers... • https://access.redhat.com/errata/RHSA-2018:3054 • CWE-129: Improper Validation of Array Index CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 50%CPEs: 22EXPL: 3CVE-2018-6871 – LibreOffice < 6.0.1 - '=WEBSERVICE' Remote Arbitrary File Disclosure
https://notcve.org/view.php?id=CVE-2018-6871
08 Feb 2018 — LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function. LibreOffice, en versiones anteriores a la 5.4.5 y versiones 6.x anteriores a la 6.0.1, permite que atacantes remotos lean archivos arbitrarios mediante llamadas =WEBSERVICE en un documento, que emplea la función COM.MICROSOFT.WEBSERVICE. A flaw was found in libreoffice before 5.4.5 and before 6.0.1. Arbitrary remote file disclosur... • https://packetstorm.news/files/id/146319 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •