CVSS: 8.4EPSS: 11%CPEs: 6EXPL: 0CVE-2014-3575 – openoffice: Arbitrary file disclosure via crafted OLE objects
https://notcve.org/view.php?id=CVE-2014-3575
22 Aug 2014 — The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects. La generación de previsualizaciones OLE en Apache OpenOffice anterior a 4.1.1 y OpenOffice.org (OOo) podría permitir a atacantes remotos embeber datos arbitrarios en documentos a través de objetos OLE manipulados. A flaw was found in the OLE (Object Linking and Embedding) generation in LibreOffice. An attacker could use this flaw t... • http://archives.neohapsis.com/archives/bugtraq/2014-08/0115.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 9%CPEs: 3EXPL: 0CVE-2014-3524 – Ubuntu Security Notice USN-2331-1
https://notcve.org/view.php?id=CVE-2014-3524
22 Aug 2014 — Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet. Apache OpenOffice anterior a 4.1.1 permite a atacantes remotos ejecutar comandos arbitrarios y posiblemente tener otro impacto no especificado a través de una hoja de cálculo Calc manipulada. Rohan Durve and James Kettle discovered LibreOffice Calc sometimes allowed for command injection when opening spreadsheets. If a user were tricked into opening ... • http://blog.documentfoundation.org/2014/08/28/libreoffice-4-3-1-fresh-announced • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 7%CPEs: 7EXPL: 0CVE-2014-0247 – libreoffice: VBA macros executed unconditionally
https://notcve.org/view.php?id=CVE-2014-0247
24 Jun 2014 — LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx. LibreOffice 4.2.4 ejecuta macros VBA no especificados automáticamente, lo que tiene un impacto y vectores de ataque no especificados, posiblemente relacionado con doc/docmacromode.cxx. It was found that LibreOffice documents executed macros unconditionally, without user approval, when these documents were opened using LibreOffice. An attacker could use t... • http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135020.html • CWE-356: Product UI does not Warn User of Unsafe Actions •