CVSS: 6.8EPSS: 0%CPEs: 19EXPL: 1CVE-2012-0037 – raptor: XML External Entity (XXE) attack via RDF files
https://notcve.org/view.php?id=CVE-2012-0037
Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document. Redland Raptor (también conocido como libraptor) anterior a v2.0.7, utilizado por OpenOffice v3.3 y v3.4 Beta, LibreOffice anterior a v3.4.6 y v3.5.x anterior a v3.5.1, y otros productos, permite a atacantes remotos asistidos por el usuario leer archivos arbitrarios a través de una declaración de entidad externa (XXE) en xml y con referencia a un documento RDF. • http://blog.documentfoundation.org/2012/03/22/tdf-announces-libreoffice-3-4-6 http://librdf.org/raptor/RELEASE.html#rel2_0_7 http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077708.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078242.html http://rhn.redhat.com/errata/RHSA-2012-0410.html http://rhn.redhat.com/errata/RHSA-2012-0411.html http://secunia.com/advisories/48479 http://secunia.com/advisories/48493 http://secunia.com/advisories& • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.3EPSS: 1%CPEs: 7EXPL: 0CVE-2010-4253 – OpenOffice.org: heap based buffer overflow in PPT import
https://notcve.org/view.php?id=CVE-2010-4253
Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file in an ODF or Microsoft Office document, as demonstrated by a PowerPoint (aka PPT) document. Desbordamiento de búfer basado en memoria dinámica en Impress en OpenOffice.org (OOo) v2.x y v3.x anteriores a v3.3 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) y posiblemente ejecutar código arbitrario a través de un fichero PNG manipulado en un fichero ODF o Microsoft Office, como se demostró por un documento PowerPoint (también conocido como PPT). • http://osvdb.org/70717 http://secunia.com/advisories/40775 http://secunia.com/advisories/42999 http://secunia.com/advisories/43065 http://secunia.com/advisories/43105 http://secunia.com/advisories/60799 http://ubuntu.com/usn/usn-1056-1 http://www.debian.org/security/2011/dsa-2151 http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml http://www.mandriva.com/security/advisories?name=MDVSA-2011:027 http://www.openoffice.org/security/cves/CVE-2010-4253.html htt • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 0CVE-2010-4643 – OpenOffice.org: heap based buffer overflow when parsing TGA files
https://notcve.org/view.php?id=CVE-2010-4643
Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file in an ODF or Microsoft Office document. Desbordamiento de buffer basado en memoria dinámica en Impress en OpenOffice.org (OOo) 2.x y 3.x en versiones anteriores a 3.3 permite a atacantes remotos causar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario a través de un archivo Truevision TGA (TARGA) manipulado en un documento ODF o Microsoft Office. • http://osvdb.org/70718 http://secunia.com/advisories/40775 http://secunia.com/advisories/42999 http://secunia.com/advisories/43065 http://secunia.com/advisories/43105 http://secunia.com/advisories/43118 http://secunia.com/advisories/60799 http://ubuntu.com/usn/usn-1056-1 http://www.debian.org/security/2011/dsa-2151 http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml http://www.mandriva.com/security/advisories?name=MDVSA-2011:027 http://www.openoffice.org • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.9EPSS: 0%CPEs: 7EXPL: 0CVE-2010-3689 – OpenOffice.org: soffice insecure LD_LIBRARY_PATH setting
https://notcve.org/view.php?id=CVE-2010-3689
soffice in OpenOffice.org (OOo) 3.x before 3.3 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. soffice en OpenOffice.org (OOo) v3.x anteriores a v3.3 pone un nombre de directorio de longitud cero en el LD_LIBRARY_PATH, que permite a usuarios locales conseguir privilegios a través de un caballo de Troya en una biblioteca compartida en el directorio de trabajo actual. • http://osvdb.org/70716 http://secunia.com/advisories/40775 http://secunia.com/advisories/42999 http://secunia.com/advisories/43065 http://secunia.com/advisories/43105 http://secunia.com/advisories/60799 http://ubuntu.com/usn/usn-1056-1 http://www.debian.org/security/2011/dsa-2151 http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml http://www.mandriva.com/security/advisories?name=MDVSA-2011:027 http://www.openoffice.org/security/cves/CVE-2010-3689.html htt • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.3EPSS: 0%CPEs: 7EXPL: 0CVE-2010-3450 – OpenOffice.org: directory traversal flaws in handling of XSLT jar filter descriptions and OXT extension files
https://notcve.org/view.php?id=CVE-2010-3450
Multiple directory traversal vulnerabilities in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to overwrite arbitrary files via a .. (dot dot) in an entry in (1) an XSLT JAR filter description file, (2) an Extension (aka OXT) file, or unspecified other (3) JAR or (4) ZIP files. Múltiples vulnerabilidades de salto de directorio en OpenOffice.org (OOo) v2.x y v3.x anteriores a v3.3, permite a atacantes remotos añadir y ejecutar comandos de su elección a través de .. (punto punto) en el parámetro "site" a (1) index.php y (2) admin.php. • http://osvdb.org/70711 http://secunia.com/advisories/40775 http://secunia.com/advisories/42999 http://secunia.com/advisories/43065 http://secunia.com/advisories/43105 http://secunia.com/advisories/43118 http://secunia.com/advisories/60799 http://ubuntu.com/usn/usn-1056-1 http://www.debian.org/security/2011/dsa-2151 http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml http://www.mandriva.com/security/advisories?name=MDVSA-2011:027 http://www.openoffice.org • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •