310 matches found
CVE-2022-37401 Apache OpenOffice Weak Master Keys
Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where master key was poorly encoded resulting in weakening its entropy from...
CVE-2022-37400 Apache OpenOffice Static Initialization Vector Allows to Recover Passwords for Web Connections Without Knowing the Master Password
Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where the required initialization vector for encryption was always the same...
CVE-2022-37400
CVE-2022-37400 affects Apache OpenOffice and LibreOffice: a flaw where the initialization vector for encrypting stored web-connection passwords is always the same, weakening encryption if an attacker gains access to the user’s configuration data. The issue impacts Apache OpenOffice
Apache OpenOffice -- master password vulnerabilities
The Apache Openoffice project reports: Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where the required initialization...
The vulnerability of the Apache OpenOffice office software, related to errors during the verification of signed documents, allows a perpetrator to influence the integrity of information.
The vulnerability of the Apache OpenOffice office software is related to errors during the verification of signed documents. Exploiting this vulnerability can allow an attacker to influence the integrity of information...
The vulnerability of the Apache OpenOffice office software, related to errors in checking the cryptographic signature, allows a perpetrator to manipulate signed documents.
The vulnerability of the Apache OpenOffice office software is related to errors during the verification of the cryptographic signature. Exploiting this vulnerability could allow a malicious actor to manipulate signed documents remotely...
Apache OpenOffice Data Forgery Issue Vulnerability (CNVD-2021-84241)
Apache OpenOffice is the United States Apache Apache Foundation's an open source office software suite . The suite contains text documents, spreadsheets, presentations, drawings, databases, and more. Versions of Apache OpenOffice prior to 4.1.10 are vulnerable to data forgery issues, which can be...
Apache OpenOffice Data Forgery Problem Vulnerability (CNVD-2021-84242)
Apache OpenOffice is an open source office software suite from the U.S. Apache Apache Foundation. The suite contains text documents , spreadsheets , presentations , drawings , databases and so on. Versions of Apache OpenOffice prior to 4.1.10 contain a data forgery issue vulnerability that can be...
Apache OpenOffice < 4.1.10 Arbitrary Code Execution
The version of Apache OpenOffice installed on the remote host is a version prior to 4.1.10. It is, therefore, affected by an arbitrary code execution vulnerability. An unauthenticated, remote attacker can exploit this, by convincing a user to download and open a specially crafted document which...
Apache OpenOffice < 4.1.11 Multiple Vulnerabilities
he version of Apache OpenOffice installed on the remote host is a version prior to 4.1.11. It is, therefore, affected by multiple vulnerabilities : - Apache OpenOffice has a dependency on expat software. Versions prior to 2.1.0 were subject to CVE-2013-0340 a 'Billion Laughs' entity expansion...
Apache OpenOffice Data Forgery Issue Vulnerability
Apache OpenOffice is an open source office software suite from the Apache Apache Foundation. The suite contains text documents, spreadsheets, presentations, drawings, databases, etc. Apache OpenOffice is vulnerable to a data forgery issue in versions prior to 4.1.10, which stems from a networked...
Apache OpenOffice Access Control Error Vulnerability
Apache OpenOffice is an open source office software suite from the U.S. Apache Apache Foundation. The suite contains text documents , spreadsheets , presentations , drawings , databases and so on. An Access Control Error vulnerability exists in Apache OpenOffice version 4.1.8, which stems from th...
CVE-2021-41832
It is possible for an attacker to manipulate documents to appear to be signed by a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25635 for the LibreOffice advisory...
CVE-2021-41830
It is possible for an attacker to manipulate signed documents and macros to appear to come from a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25633 for the LibreOffice advisory...
CVE-2021-41831
It is possible for an attacker to manipulate the timestamp of signed documents. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25634 for the LibreOffice advisory...
Code injection
It is possible for an attacker to manipulate documents to appear to be signed by a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25635 for the LibreOffice advisory...
Code injection
It is possible for an attacker to manipulate signed documents and macros to appear to come from a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25633 for the LibreOffice advisory...
Code injection
It is possible for an attacker to manipulate the timestamp of signed documents. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25634 for the LibreOffice advisory...
CVE-2021-41832
CVE-2021-41832 concerns Apache OpenOffice data forgery via signature manipulation. The issue allows an attacker to cause a document to appear signed by a trusted source, affecting all OpenOffice versions up to 4.1.10. The advised remediation is to upgrade to OpenOffice 4.1.11. While several relat...
CVE-2021-41832 Content Manipulation with Certificate Validation Attack
It is possible for an attacker to manipulate documents to appear to be signed by a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25635 for the LibreOffice advisory...