CVSS: 6.8EPSS: 1%CPEs: 13EXPL: 0CVE-2015-1774 – libreoffice: HWP file filter vulnerability
https://notcve.org/view.php?id=CVE-2015-1774
The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write. El filtro HWP en LibreOffice anterior a 4.3.7 y 4.4.x anterior a 4.4.2 y Apache OpenOffice anterior a 4.1.2 permite a atacantes remotos causar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de un documento HWP manipulado, lo cual provoca una escritura fuera de rango. A flaw was found in the way the LibreOffice HWP (Hangul Word Processor) file filter processed certain HWP documents. An attacker able to trick a user into opening a specially crafted HWP document could possibly use this flaw to execute arbitrary code with the privileges of the user opening that document. • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156582.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157550.html http://lists.opensuse.org/opensuse-updates/2015-05/msg00015.html http://rhn.redhat.com/errata/RHSA-2015-1458.html http://www.debian.org/security/2015/dsa-3236 http://www.openoffice.org/security/cves/CVE-2015-1774.html http://www.securityfocus.com/bid/74338 http://www.securitytracker.com/id/1032205 http://www.securitytracker.com&# • CWE-787: Out-of-bounds Write CWE-822: Untrusted Pointer Dereference •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2014-3575 – openoffice: Arbitrary file disclosure via crafted OLE objects
https://notcve.org/view.php?id=CVE-2014-3575
The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects. La generación de previsualizaciones OLE en Apache OpenOffice anterior a 4.1.1 y OpenOffice.org (OOo) podría permitir a atacantes remotos embeber datos arbitrarios en documentos a través de objetos OLE manipulados. A flaw was found in the OLE (Object Linking and Embedding) generation in LibreOffice. An attacker could use this flaw to embed malicious OLE code in a LibreOffice document, allowing for arbitrary code execution. • http://archives.neohapsis.com/archives/bugtraq/2014-08/0115.html http://blog.documentfoundation.org/2014/08/28/libreoffice-4-3-1-fresh-announced http://lists.fedoraproject.org/pipermail/package-announce/2014-September/137657.html http://rhn.redhat.com/errata/RHSA-2015-0377.html http://secunia.com/advisories/59600 http://secunia.com/advisories/59877 http://www.openoffice.org/security/cves/CVE-2014-3575.html http://www.securityfocus.com/bid/69354 http://www.securitytracker.com/id/103075 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3524
https://notcve.org/view.php?id=CVE-2014-3524
Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet. Apache OpenOffice anterior a 4.1.1 permite a atacantes remotos ejecutar comandos arbitrarios y posiblemente tener otro impacto no especificado a través de una hoja de cálculo Calc manipulada. • http://blog.documentfoundation.org/2014/08/28/libreoffice-4-3-1-fresh-announced http://secunia.com/advisories/59600 http://secunia.com/advisories/59877 http://secunia.com/advisories/60235 http://www.openoffice.org/security/cves/CVE-2014-3524.html http://www.securityfocus.com/archive/1/533200/100/0/threaded http://www.securityfocus.com/bid/69351 http://www.securitytracker.com/id/1030755 https://exchange.xforce.ibmcloud.com/vulnerabilities/95421 https://security.gentoo.org/glsa/2016 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2013-4156
https://notcve.org/view.php?id=CVE-2013-4156
Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file. Apache OpenOffice.org (OOo) anterior a 4.0 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) y posiblemente tener otro impacto no especificado a través de un elemento modificado en un documento OOXML. • http://osvdb.org/95706 http://seclists.org/bugtraq/2013/Jul/174 http://www.openoffice.org/security/cves/CVE-2013-4156.html • CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2013-2189
https://notcve.org/view.php?id=CVE-2013-2189
Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file. Apache OpenOffice.org (OOo) anterior a 4.0 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o posiblemente tener un impacto no especificado a través de datos PLCF no válidos en un archivo DOC. • http://osvdb.org/95704 http://seclists.org/bugtraq/2013/Jul/173 http://www.openoffice.org/security/cves/CVE-2013-2189.html • CWE-787: Out-of-bounds Write •