CVSS: 8.4EPSS: 11%CPEs: 6EXPL: 0CVE-2014-3575 – openoffice: Arbitrary file disclosure via crafted OLE objects
https://notcve.org/view.php?id=CVE-2014-3575
22 Aug 2014 — The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects. La generación de previsualizaciones OLE en Apache OpenOffice anterior a 4.1.1 y OpenOffice.org (OOo) podría permitir a atacantes remotos embeber datos arbitrarios en documentos a través de objetos OLE manipulados. A flaw was found in the OLE (Object Linking and Embedding) generation in LibreOffice. An attacker could use this flaw t... • http://archives.neohapsis.com/archives/bugtraq/2014-08/0115.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 9%CPEs: 3EXPL: 0CVE-2014-3524 – Ubuntu Security Notice USN-2331-1
https://notcve.org/view.php?id=CVE-2014-3524
22 Aug 2014 — Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet. Apache OpenOffice anterior a 4.1.1 permite a atacantes remotos ejecutar comandos arbitrarios y posiblemente tener otro impacto no especificado a través de una hoja de cálculo Calc manipulada. Rohan Durve and James Kettle discovered LibreOffice Calc sometimes allowed for command injection when opening spreadsheets. If a user were tricked into opening ... • http://blog.documentfoundation.org/2014/08/28/libreoffice-4-3-1-fresh-announced • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •