LibreOffice Multiple Vulnerabilities (Jan 2025) - Windows

LibreOffice is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:libreoffice:libreoffice";...

CVE-2024-12426

A flaw was found in LibreOffice. This issue may allow the exposure of environmental variables and arbitrary INI file values, leading to sensitive information disclosure via crafted URLs embedded in documents...

CVE-2024-12426

Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remo...

CVE-2024-12426

Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remo...

DEBIAN-CVE-2024-12426

Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remo...

UBUNTU-CVE-2024-12426

Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remo...

CVE-2024-12426

Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remo...

CVE-2024-12426

CVE-2024-12426 concerns LibreOffice up to version 24.8.3 (impacted) with an exposure vulnerability where URLs could cause environmental variables and arbitrary INI file values to be exfiltrated to a remote server when opening certain documents. Affected component/issue: exporting sensitive enviro...

PT-2025-3825 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 17.2 through 17.6.4 GitLab CE/EE versions 17.7 through 17.7.3 GitLab CE/EE versions 17.8 through 17.8.1 Description: An issue has been discovered in GitLab CE/EE, where improper rendering of certain file types leads to...

LibreOffice 信息泄露漏洞

LibreOffice is an open source office software suite from The Document Foundation. An information disclosure vulnerability exists in LibreOffice versions prior to 24.8 through 24.8.4, which stems from improper exposure of environment variables and INI file values, which could result in sensitive...

Race Condition

Overview amici is an Advanced multi-language Interface to CVODES and IDAS Affected versions of this package are vulnerable to Race Condition due to the use of shared static variables in multi-threaded contexts. Exploiting this vulnerability is possible by triggering concurrent executions, leading...

PT-2026-2899

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A missing NULL pointer check exists in the drm/msm/dpu module, specifically related to the pingpong interface. The check is generally present in dpu encoder phys wb setup ctl, but is...

PT-2025-35349

Name of the Vulnerable Software and Affected Versions qemu affected versions not specified Description The vulnerability involves an information disclosure issue in QEMU. A heap buffer is allocated without being zeroed, potentially exposing residual data from prior allocations. This data can be...

SUSE CVE-2024-56676

In the Linux kernel, the following vulnerability has been resolved: thermal: testing: Initialize some variables annoteded with free Variables annotated with free need to be initialized if the function can return before they get updated for the first time or the attempt to free the memory pointed ...

CVE-2024-56676

In the Linux kernel, the following vulnerability has been resolved: thermal: testing: Initialize some variables annoteded with free Variables annotated with free need to be initialized if the function can return before they get updated for the first time or the attempt to free the memory pointed ...

CVE-2024-56676 thermal: testing: Initialize some variables annoteded with _free()

In the Linux kernel, the following vulnerability has been resolved: thermal: testing: Initialize some variables annoteded with free Variables annotated with free need to be initialized if the function can return before they get updated for the first time or the attempt to free the memory pointed ...

CVE-2024-56676 thermal: testing: Initialize some variables annoteded with _free()

In the Linux kernel, the following vulnerability has been resolved: thermal: testing: Initialize some variables annoteded with free Variables annotated with free need to be initialized if the function can return before they get updated for the first time or the attempt to free the memory pointed ...

The vulnerability of the Remote Function Call interface in the SAP NetWeaver AS ABAP software integration platform allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Remote Function Call interface in the SAP NetWeaver AS ABAP software integration platform is related to insufficient control over dynamically defined variables. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protect...

SUSE CVE-2024-55660

SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's /api/template/renderSprig endpoint is vulnerable to Server-Side Template Injection SSTI through the Sprig template engine. Although the engine has limitations, it allows attackers to access environment variables...

logback 安全漏洞

logback is a reliable, general-purpose, fast and flexible Java logging framework open-sourced by QOS.CH. A security vulnerability exists in logback version 1.5.12. An attacker exploiting this vulnerability could execute arbitrary code by corrupting an existing logback configuration file or...