LibreOffice, OpenOffice Security Vulnerabilities
It is possible for an attacker to manipulate documents to appear to be signed by a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25635 for the LibreOffice...
7.5CVSS
7.2AI Score
EPSS
It is possible for an attacker to manipulate documents to appear to be signed by a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25635 for the LibreOffice...
7.5CVSS
EPSS
It is possible for an attacker to manipulate the timestamp of signed documents. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25634 for the LibreOffice...
5.3CVSS
0.004EPSS
It is possible for an attacker to manipulate signed documents and macros to appear to come from a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25633 for the LibreOffice...
7.5CVSS
7.2AI Score
0.004EPSS
It is possible for an attacker to manipulate signed documents and macros to appear to come from a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25633 for the LibreOffice...
7.5CVSS
0.004EPSS
It is possible for an attacker to manipulate the timestamp of signed documents. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25634 for the LibreOffice...
5.3CVSS
6AI Score
0.004EPSS
It is possible for an attacker to manipulate the timestamp of signed documents. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25634 for the LibreOffice...
5.3CVSS
6.1AI Score
0.004EPSS
It is possible for an attacker to manipulate documents to appear to be signed by a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25635 for the LibreOffice...
7.5CVSS
7.3AI Score
EPSS
It is possible for an attacker to manipulate signed documents and macros to appear to come from a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25633 for the LibreOffice...
7.5CVSS
7.3AI Score
0.004EPSS
CVE-2021-41832 Content Manipulation with Certificate Validation Attack
It is possible for an attacker to manipulate documents to appear to be signed by a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25635 for the LibreOffice...
7.5AI Score
EPSS
CVE-2021-41831 Timestamp Manipulation with Signature Wrapping
It is possible for an attacker to manipulate the timestamp of signed documents. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25634 for the LibreOffice...
6.4AI Score
0.004EPSS
CVE-2021-41830 Double Certificate Attack
It is possible for an attacker to manipulate signed documents and macros to appear to come from a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25633 for the LibreOffice...
7.6AI Score
0.004EPSS
FreeBSD : Apache OpenOffice -- multiple vulnerabilities. (04d2cf7f-2942-11ec-b48c-1c1b0d9ea7e6)
The Apache Openoffice project reports : Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A...
7.8CVSS
0.2AI Score
EPSS
Apache OpenOffice XML External Entity Injection Vulnerability
Apache OpenOffice is an open source office software suite from the Apache Foundation. The suite contains text documents, spreadsheets, presentations, drawings, databases, etc. Apache OpenOffice in version 4.1.10 and earlier has an XML external entity injection vulnerability, which stems from a...
6.5CVSS
1.8AI Score
0.003EPSS
Apache OpenOffice has a dependency on expat software. Versions prior to 2.1.0 were subject to CVE-2013-0340 a "Billion Laughs" entity expansion denial of service attack and exploit via crafted XML files. ODF files consist of a set of XML files. All versions of Apache OpenOffice up to 4.1.10 are...
6.5CVSS
7AI Score
0.005EPSS
Apache OpenOffice has a dependency on expat software. Versions prior to 2.1.0 were subject to CVE-2013-0340 a "Billion Laughs" entity expansion denial of service attack and exploit via crafted XML files. ODF files consist of a set of XML files. All versions of Apache OpenOffice up to 4.1.10 are...
6.5CVSS
0.005EPSS
While working on Apache OpenOffice 4.1.8 a developer discovered that the DEB package did not install using root, but instead used a userid and groupid of 500. This both caused issues with desktop integration and could allow a crafted attack on files owned by that user or group if they exist. Users....
7.8CVSS
7.5AI Score
0.0005EPSS
While working on Apache OpenOffice 4.1.8 a developer discovered that the DEB package did not install using root, but instead used a userid and groupid of 500. This both caused issues with desktop integration and could allow a crafted attack on files owned by that user or group if they exist. Users....
7.8CVSS
0.0005EPSS
Apache OpenOffice has a dependency on expat software. Versions prior to 2.1.0 were subject to CVE-2013-0340 a "Billion Laughs" entity expansion denial of service attack and exploit via crafted XML files. ODF files consist of a set of XML files. All versions of Apache OpenOffice up to 4.1.10 are...
6.5CVSS
6.6AI Score
0.005EPSS
While working on Apache OpenOffice 4.1.8 a developer discovered that the DEB package did not install using root, but instead used a userid and groupid of 500. This both caused issues with desktop integration and could allow a crafted attack on files owned by that user or group if they exist. Users....
7.8CVSS
7.5AI Score
0.0005EPSS
Apache OpenOffice has a dependency on expat software. Versions prior to 2.1.0 were subject to CVE-2013-0340 a "Billion Laughs" entity expansion denial of service attack and exploit via crafted XML files. ODF files consist of a set of XML files. All versions of Apache OpenOffice up to 4.1.10 are...
7AI Score
0.005EPSS
While working on Apache OpenOffice 4.1.8 a developer discovered that the DEB package did not install using root, but instead used a userid and groupid of 500. This both caused issues with desktop integration and could allow a crafted attack on files owned by that user or group if they exist. Users....
7.8AI Score
0.0005EPSS
KLA12404 Multiple vulnerabilities in OpenOffice
Multiple vulnerabilities were found in OpenOffice. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, bypass security restrictions, cause denial of service. Below is a complete list of vulnerabilities: Buffer overflow vulnerability can be exploited via...
7.8CVSS
8.2AI Score
0.006EPSS
Fedora: Security Advisory for ckeditor (FEDORA-2021-51457da891)
The remote host is missing an update for...
7.6CVSS
6.2AI Score
0.005EPSS
Fedora: Security Advisory for ckeditor (FEDORA-2021-72176a63a8)
The remote host is missing an update for...
7.6CVSS
6.2AI Score
0.005EPSS
Fedora: Security Advisory for ckeditor (FEDORA-2021-87578dca12)
The remote host is missing an update for...
7.6CVSS
6.2AI Score
0.005EPSS
[SECURITY] Fedora 33 Update: ckeditor-4.16.2-1.fc33
CKEditor is a text editor to be used inside web pages. It's a WYSIWYG editor, which means that the text being edited on it looks as similar as possible to the results users have when publishing it. It brings to the web common editing features found on desktop editing applications like Microsoft...
7.6CVSS
6AI Score
0.005EPSS
[SECURITY] Fedora 34 Update: ckeditor-4.16.2-1.fc34
CKEditor is a text editor to be used inside web pages. It's a WYSIWYG editor, which means that the text being edited on it looks as similar as possible to the results users have when publishing it. It brings to the web common editing features found on desktop editing applications like Microsoft...
7.6CVSS
6AI Score
0.005EPSS
[SECURITY] Fedora 35 Update: ckeditor-4.16.2-1.fc35
CKEditor is a text editor to be used inside web pages. It's a WYSIWYG editor, which means that the text being edited on it looks as similar as possible to the results users have when publishing it. It brings to the web common editing features found on desktop editing applications like Microsoft...
7.6CVSS
6AI Score
0.005EPSS
Apache OpenOffice-memory corruption vulnerability
Apache OpenOffice is an open source office software suite from the Apache Foundation. The suite contains text documents, spreadsheets, presentations, drawings, databases, etc. A security vulnerability exists in Apache OpenOffice, which stems from a networked system or product that does not...
7.8CVSS
1.8AI Score
0.006EPSS
Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A carefully crafted document could overflow the...
7.8CVSS
0.006EPSS
Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A carefully crafted document could overflow the...
7.8CVSS
7.6AI Score
0.006EPSS
Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A carefully crafted document could overflow the...
7.8CVSS
7.7AI Score
0.006EPSS
Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A carefully crafted document could overflow the...
7.8CVSS
7.3AI Score
0.006EPSS
Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A carefully crafted document could overflow the...
7.8CVSS
7.7AI Score
0.006EPSS
CVE-2021-33035 Buffer overflow from a crafted DBF file
Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A carefully crafted document could overflow the...
8AI Score
0.006EPSS
Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A carefully crafted document could overflow the...
7.8CVSS
7.5AI Score
0.006EPSS
Fedora: Security Advisory for testdisk (FEDORA-2021-4dd269a76c)
The remote host is missing an update for...
7.5AI Score
Fedora: Security Advisory for testdisk (FEDORA-2021-38d1b07839)
The remote host is missing an update for...
7.5AI Score
[SECURITY] Fedora 35 Update: testdisk-7.1-7.fc35
Tool to check and undelete partition. Works with FAT12, FAT16, FAT32, NTFS, ext2, ext3, ext4, btrfs, BeFS, CramFS, HFS, JFS, Linux Raid, Linux Swap, LVM, LVM2, NSS, ReiserFS, UFS, XFS. PhotoRec is a signature based file recovery utility. It handles more than 440 file formats including JPG,...
6.9AI Score
[SECURITY] Fedora 33 Update: testdisk-7.1-7.fc33
Tool to check and undelete partition. Works with FAT12, FAT16, FAT32, NTFS, ext2, ext3, ext4, btrfs, BeFS, CramFS, HFS, JFS, Linux Raid, Linux Swap, LVM, LVM2, NSS, ReiserFS, UFS, XFS. PhotoRec is a signature based file recovery utility. It handles more than 440 file formats including JPG,...
6.9AI Score
Fedora: Security Advisory for testdisk (FEDORA-2021-c0235d9d79)
The remote host is missing an update for...
7.5AI Score
[SECURITY] Fedora 34 Update: testdisk-7.1-7.fc34
Tool to check and undelete partition. Works with FAT12, FAT16, FAT32, NTFS, ext2, ext3, ext4, btrfs, BeFS, CramFS, HFS, JFS, Linux Raid, Linux Swap, LVM, LVM2, NSS, ReiserFS, UFS, XFS. PhotoRec is a signature based file recovery utility. It handles more than 440 file formats including JPG,...
6.9AI Score
Software: redland 1.0.16 OS: Cobalt 7.9 CVE-ID: CVE-2012-0037 CVE-Crit: HIGH CVE-DESC: Redland Raptor (also known as libraptor) before 2.0.7, used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1 and other products, allows remote attackers, with the help of the user,....
6.5CVSS
6.4AI Score
0.004EPSS
Sign-up Sheets < 1.0.14 - Authenticated CSV Injection
The plugin does not not sanitise or validate the Sheet title when generating the CSV to export, which could lead to a CSV injection...
8CVSS
AI Score
0.001EPSS
Sign-up Sheets < 1.0.14 - Authenticated CSV Injection
The plugin does not not sanitise or validate the Sheet title when generating the CSV to export, which could lead to a CSV injection issue PoC Go to the Sign-up Sheets--> Add New. Enter the following CSV Injection payload in the field "Title", "Details" and "Task" click on save button. =cmd|' /C....
8CVSS
0.8AI Score
0.001EPSS
KLA12405 ACE vulnerability in OpenOffice
Code execution vulnerability was found in OpenOffice. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2021-30245 Related products OpenOffice.org CVE list CVE-2021-30245 critical Solution Update to the latest version Download OpenOffice Impacts ...
8.8CVSS
9.6AI Score
0.011EPSS
Apache OpenOffice -- multiple vulnerabilities.
The Apache Openoffice project reports: Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A...
7.8CVSS
3.8AI Score
EPSS
The Apache Openofffice project reports : The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non-http(s) hyperlinks. The problem has existed since about 2006 and the issue is also in 4.1.9. If the link is specifically crafted this could lead to untrusted...
8.8CVSS
-0.1AI Score
0.011EPSS
9.7AI Score
0.07EPSS