Page 7 of 42 results (0.012 seconds)

CVSS: 7.5EPSS: 6%CPEs: 6EXPL: 0

LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file. LibreOffice anterior a 4.3.5 permite a atacantes remotos causar una denegación de servicio (operación de escritura inválida y caída) y posiblemente ejecutar código arbitrario a través de un fichero RTF manipulado. • http://lists.fedoraproject.org/pipermail/package-announce/2014-November/144836.html http://www.debian.org/security/2015/dsa-3163 http://www.openwall.com/lists/oss-security/2014/11/19/3 http://www.openwall.com/lists/oss-security/2014/11/26/7 http://www.ubuntu.com/usn/USN-2578-1 https://bugs.freedesktop.org/show_bug.cgi?id=86449 https://security.gentoo.org/glsa/201603-05 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 79%CPEs: 27EXPL: 0

Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to TCP port 1599. Vulnerabilidad de uso después de liberación en el gestor del socket de Impress Remote en LibreOffice 4.x anterior a 4.2.7 y 4.3.x anterior a 4.3.3 permite a atacantes remotos causar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de una solicitud manipulada al puerto TCP 1599. A use-after-free flaw was found in the "Remote Control" capabilities of the LibreOffice Impress application. An attacker could use this flaw to remotely execute code with the permissions of the user running LibreOffice Impress. • http://lists.opensuse.org/opensuse-updates/2014-11/msg00049.html http://rhn.redhat.com/errata/RHSA-2015-0377.html http://secunia.com/advisories/62111 http://secunia.com/advisories/62132 http://secunia.com/advisories/62396 http://www.securityfocus.com/bid/71351 http://www.ubuntu.com/usn/USN-2398-1 https://security.gentoo.org/glsa/201603-05 https://www.libreoffice.org/about-us/security/advisories/CVE-2014-3693 https://access.redhat.com/security/cve/CVE-2014-3693 https:& • CWE-416: Use After Free •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects. La generación de previsualizaciones OLE en Apache OpenOffice anterior a 4.1.1 y OpenOffice.org (OOo) podría permitir a atacantes remotos embeber datos arbitrarios en documentos a través de objetos OLE manipulados. A flaw was found in the OLE (Object Linking and Embedding) generation in LibreOffice. An attacker could use this flaw to embed malicious OLE code in a LibreOffice document, allowing for arbitrary code execution. • http://archives.neohapsis.com/archives/bugtraq/2014-08/0115.html http://blog.documentfoundation.org/2014/08/28/libreoffice-4-3-1-fresh-announced http://lists.fedoraproject.org/pipermail/package-announce/2014-September/137657.html http://rhn.redhat.com/errata/RHSA-2015-0377.html http://secunia.com/advisories/59600 http://secunia.com/advisories/59877 http://www.openoffice.org/security/cves/CVE-2014-3575.html http://www.securityfocus.com/bid/69354 http://www.securitytracker.com/id/103075 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0

Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet. Apache OpenOffice anterior a 4.1.1 permite a atacantes remotos ejecutar comandos arbitrarios y posiblemente tener otro impacto no especificado a través de una hoja de cálculo Calc manipulada. • http://blog.documentfoundation.org/2014/08/28/libreoffice-4-3-1-fresh-announced http://secunia.com/advisories/59600 http://secunia.com/advisories/59877 http://secunia.com/advisories/60235 http://www.openoffice.org/security/cves/CVE-2014-3524.html http://www.securityfocus.com/archive/1/533200/100/0/threaded http://www.securityfocus.com/bid/69351 http://www.securitytracker.com/id/1030755 https://exchange.xforce.ibmcloud.com/vulnerabilities/95421 https://security.gentoo.org/glsa/2016 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 10.0EPSS: 1%CPEs: 7EXPL: 0

LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx. LibreOffice 4.2.4 ejecuta macros VBA no especificados automáticamente, lo que tiene un impacto y vectores de ataque no especificados, posiblemente relacionado con doc/docmacromode.cxx. It was found that LibreOffice documents executed macros unconditionally, without user approval, when these documents were opened using LibreOffice. An attacker could use this flaw to execute arbitrary code as the user running LibreOffice by embedding malicious VBA scripts in the document as macros. • http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135020.html http://lists.opensuse.org/opensuse-updates/2014-07/msg00006.html http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0247.html http://rhn.redhat.com/errata/RHSA-2015-0377.html http://secunia.com/advisories/57383 http://secunia.com/advisories/59330 http://secunia.com/advisories/60799 http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml http://www.securityfocus.com/bid/68151 http:&#x • CWE-356: Product UI does not Warn User of Unsafe Actions •