86 matches found
PT-2021-2276 · Microsoft · Office Excel +1
Name of the Vulnerable Software and Affected Versions: Microsoft Excel affected versions not specified Description: The issue is related to incorrect code generation management in Microsoft Excel. It allows a remote attacker to execute arbitrary code. The vulnerability can be exploited through th...
PT-2021-3013 · Microsoft · Office Web Apps +1
Name of the Vulnerable Software and Affected Versions: Microsoft Office affected versions not specified Description: The issue is related to incorrect code generation management during the syntactic analysis of XLS files in Microsoft Office and Microsoft Office Web Apps. This can be exploited by ...
CVE-2020-27819
An issue was discovered in libxls before and including 1.6.1 when reading Microsoft Excel files. A NULL pointer dereference vulnerability exists when parsing XLS cells in libxls/xls2csv.c:199. It could allow a remote attacker to cause a denial of service via crafted XLS file...
Null pointer dereference
An issue was discovered in libxls before and including 1.6.1 when reading Microsoft Excel files. A NULL pointer dereference vulnerability exists when parsing XLS cells in libxls/xls2csv.c:199. It could allow a remote attacker to cause a denial of service via crafted XLS file...
RUSTSEC-2021-0034 office is unmaintained, use calamine instead
The office crate is unmaintained. Use calamine for reading excel files. Contact the office author for ownership of the package name...
GHSA-523C-XH4G-MH5M Denial of Service in Apache POI
Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: - Infinite Loops while parsing crafted WMF, EMF, MSG and macros POI bugs 61338 and 61294 - Out of Memory Exceptions while parsing crafted DOC, PPT and XLS POI bugs 52372 and 61295...
[SECURITY] Fedora 32 Update: libxls-1.5.3-3.fc32
This is libxls, a C library for reading Excel files in the old binary OLE format, plus a command-line tool for converting XLS to CSV named, appropriately enough, libxls2csv...
[SECURITY] Fedora 33 Update: libxls-1.6.1-2.fc33
This is libxls, a C library for reading Excel files in the old binary OLE format, plus a command-line tool for converting XLS to CSV named, appropriately enough, libxls2csv...
CVE-2020-4302
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the system, caused by a CSV injection. By persuading a victim to open a specially-crafted excel file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID:...
8-Year-Old VelvetSweatshop Bug Resurrected in LimeRAT Campaign
Researchers have discovered a fresh campaign using Excel files to spread LimeRAT malware – making use of the hardcoded, VelvetSweatshop default password for encrypted files. LimeRAT is a full-featured remote access tool/backdoor that can allow attackers to access an infected system and install a...
GLSA-202003-64 : libxls: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202003-64 libxls: Multiple vulnerabilities Multiple vulnerabilities have been discovered in libxls. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to process a...
Aspose Aspose.Cells Code Execution Vulnerability
Aspose Aspose.Cells is an Excel spreadsheet programming API Application Programming Interface from Aspose Australia. A code execution vulnerability exists in Aspose Aspose.Cells version 19.1.0, which can be exploited to execute code via specially crafted XLS files...
Sql injection
AxiomSL's Axiom java applet module used for editing uploaded Excel files and associated Java RMI services 9.5.3 and earlier allows remote attackers to 1 access data of other basic users through arbitrary SQL commands, 2 perform a horizontal and vertical privilege escalation, 3 cause a Denial of...
Denial of service vulnerability in libxls (CNVD-2019-01502)
libxls is a C library for reading Exce xls files. A denial of service vulnerability exists in libxls, which can be exploited by an attacker to cause a denial of service...
November 2, 2017—KB4052231 (OS Build 14393.1797)
November 2, 2017—KB4052231 OS Build 14393.1797 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addressed issue where applications based on the Microsoft JET Database Engine Microsoft Acces...
Debian DSA-4173-1 : r-cran-readxl - security update
Marcin Noga discovered multiple vulnerabilities in readxl, a GNU R package to read Excel files via the integrated libxls library, which could result in the execution of arbitrary code if a malformed spreadsheet is processed. C Tenable Network Security, Inc. The descriptive text and package checks...
Memory Corruption Vulnerability in SoftZone Office Forms Easy Module Handling xls Files
SoftZone Office RZoffice is an office software, which is compatible with MS Office and consists of three parts: word processing, spreadsheet and presentation. A memory corruption vulnerability exists in the SoftZone Office Forms Easy module PlanMaker.exe when processing xls files. An attacker can...
MGASA-2018-0183 Updated exempi package fixes security vulnerabilities
CVE-2018-7728: Specially crafted TIFF images could have been used to cause a denial of service via a heap-based buffer overflow. CVE-2018-7730: Specially crafted Excel files could have been used cause a denial of service via a heap-based buffer overflow...
libxls 'xls_appendSST' function integer overflow vulnerability
libxls is a C library for reading Exce xls files. An integer overflow vulnerability exists in the 'xlsappendSST' function in libxls version 1.4. A remote attacker can exploit this vulnerability to execute code memory corruption with the help of specially crafted XLS files...
Multiple Vulnerabilities in LibXL Library Open Door to RCE Attacks
Researchers have identified seven vulnerabilities in the LibXL C library, used to read Excel files. Each of the vulnerabilities are rated 8.8 in severity on the Common Vulnerability Scoring System scale. Attackers could exploit each of the vulnerabilities and perform remote code execution attacks...