Lucene search
+L

310 matches found

cvelist
cvelist
added 2022/08/13 6:40 a.m.32 views

CVE-2022-37401 Apache OpenOffice Weak Master Keys

Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where master key was poorly encoded resulting in weakening its entropy from...

8.7AI score0.01419EPSS
Exploits0References2
cvelist
cvelist
added 2022/08/13 6:40 a.m.30 views

CVE-2022-37400 Apache OpenOffice Static Initialization Vector Allows to Recover Passwords for Web Connections Without Knowing the Master Password

Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where the required initialization vector for encryption was always the same...

8.1AI score0.0082EPSS
Exploits0References2
cve
cve
added 2022/08/13 6:40 a.m.94 views

CVE-2022-37400

CVE-2022-37400 affects Apache OpenOffice and LibreOffice: a flaw where the initialization vector for encrypting stored web-connection passwords is always the same, weakening encryption if an attacker gains access to the user’s configuration data. The issue impacts Apache OpenOffice

8.8CVSS8AI score0.0082EPSS
Exploits0References2Affected Software1
freebsd
freebsd
added 2022/02/25 12:0 a.m.37 views

Apache OpenOffice -- master password vulnerabilities

The Apache Openoffice project reports: Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where the required initialization...

8.8CVSS3.4AI score0.01419EPSS
Exploits0References1
bdu_fstec
bdu_fstec
added 2021/12/20 12:0 a.m.5 views

The vulnerability of the Apache OpenOffice office software, related to errors during the verification of signed documents, allows a perpetrator to influence the integrity of information.

The vulnerability of the Apache OpenOffice office software is related to errors during the verification of signed documents. Exploiting this vulnerability can allow an attacker to influence the integrity of information...

5.3CVSS6.2AI score0.01454EPSS
Exploits0References6Affected Software2
bdu_fstec
bdu_fstec
added 2021/11/16 12:0 a.m.10 views

The vulnerability of the Apache OpenOffice office software, related to errors in checking the cryptographic signature, allows a perpetrator to manipulate signed documents.

The vulnerability of the Apache OpenOffice office software is related to errors during the verification of the cryptographic signature. Exploiting this vulnerability could allow a malicious actor to manipulate signed documents remotely...

7.8CVSS7.4AI score0.01346EPSS
Exploits0References4Affected Software1
cnvd
cnvd
added 2021/11/01 12:0 a.m.18 views

Apache OpenOffice Data Forgery Issue Vulnerability (CNVD-2021-84241)

Apache OpenOffice is the United States Apache Apache Foundation's an open source office software suite . The suite contains text documents, spreadsheets, presentations, drawings, databases, and more. Versions of Apache OpenOffice prior to 4.1.10 are vulnerable to data forgery issues, which can be...

5CVSS3.6AI score0.01454EPSS
Exploits0Affected Software1
cnvd
cnvd
added 2021/11/01 12:0 a.m.26 views

Apache OpenOffice Data Forgery Problem Vulnerability (CNVD-2021-84242)

Apache OpenOffice is an open source office software suite from the U.S. Apache Apache Foundation. The suite contains text documents , spreadsheets , presentations , drawings , databases and so on. Versions of Apache OpenOffice prior to 4.1.10 contain a data forgery issue vulnerability that can be...

7.5CVSS7.4AI score0.013EPSS
Exploits0References1
nessus
nessus
added 2021/10/15 12:0 a.m.102 views

Apache OpenOffice < 4.1.10 Arbitrary Code Execution

The version of Apache OpenOffice installed on the remote host is a version prior to 4.1.10. It is, therefore, affected by an arbitrary code execution vulnerability. An unauthenticated, remote attacker can exploit this, by convincing a user to download and open a specially crafted document which...

8.8CVSS9AI score0.04942EPSS
Exploits0References3
nessus
nessus
added 2021/10/15 12:0 a.m.96 views

Apache OpenOffice < 4.1.11 Multiple Vulnerabilities

he version of Apache OpenOffice installed on the remote host is a version prior to 4.1.11. It is, therefore, affected by multiple vulnerabilities : - Apache OpenOffice has a dependency on expat software. Versions prior to 2.1.0 were subject to CVE-2013-0340 a 'Billion Laughs' entity expansion...

7.8CVSS8AI score0.50563EPSS
Exploits1References13
cnvd
cnvd
added 2021/10/13 12:0 a.m.25 views

Apache OpenOffice Data Forgery Issue Vulnerability

Apache OpenOffice is an open source office software suite from the Apache Apache Foundation. The suite contains text documents, spreadsheets, presentations, drawings, databases, etc. Apache OpenOffice is vulnerable to a data forgery issue in versions prior to 4.1.10, which stems from a networked...

7.5CVSS2.4AI score0.01346EPSS
Exploits0References1
cnvd
cnvd
added 2021/10/13 12:0 a.m.63 views

Apache OpenOffice Access Control Error Vulnerability

Apache OpenOffice is an open source office software suite from the U.S. Apache Apache Foundation. The suite contains text documents , spreadsheets , presentations , drawings , databases and so on. An Access Control Error vulnerability exists in Apache OpenOffice version 4.1.8, which stems from th...

7.8CVSS7.5AI score0.00545EPSS
Exploits0References1
nvd
nvd
added 2021/10/11 8:15 a.m.27 views

CVE-2021-41832

It is possible for an attacker to manipulate documents to appear to be signed by a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25635 for the LibreOffice advisory...

7.5CVSS0.013EPSS
Exploits0References2
nvd
nvd
added 2021/10/11 8:15 a.m.19 views

CVE-2021-41830

It is possible for an attacker to manipulate signed documents and macros to appear to come from a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25633 for the LibreOffice advisory...

7.5CVSS0.01346EPSS
Exploits0References2
nvd
nvd
added 2021/10/11 8:15 a.m.20 views

CVE-2021-41831

It is possible for an attacker to manipulate the timestamp of signed documents. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25634 for the LibreOffice advisory...

5.3CVSS0.01454EPSS
Exploits0References2
prion
prion
added 2021/10/11 8:15 a.m.21 views

Code injection

It is possible for an attacker to manipulate documents to appear to be signed by a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25635 for the LibreOffice advisory...

5CVSS7.3AI score0.013EPSS
Exploits0References2Affected Software1
prion
prion
added 2021/10/11 8:15 a.m.20 views

Code injection

It is possible for an attacker to manipulate signed documents and macros to appear to come from a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25633 for the LibreOffice advisory...

5CVSS7.3AI score0.01346EPSS
Exploits0References2Affected Software1
prion
prion
added 2021/10/11 8:15 a.m.23 views

Code injection

It is possible for an attacker to manipulate the timestamp of signed documents. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25634 for the LibreOffice advisory...

5CVSS6.1AI score0.01454EPSS
Exploits0References2Affected Software1
cve
cve
added 2021/10/11 8:10 a.m.89 views

CVE-2021-41832

CVE-2021-41832 concerns Apache OpenOffice data forgery via signature manipulation. The issue allows an attacker to cause a document to appear signed by a trusted source, affecting all OpenOffice versions up to 4.1.10. The advised remediation is to upgrade to OpenOffice 4.1.11. While several relat...

7.5CVSS6.6AI score0.013EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2021/10/11 8:10 a.m.26 views

CVE-2021-41832 Content Manipulation with Certificate Validation Attack

It is possible for an attacker to manipulate documents to appear to be signed by a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25635 for the LibreOffice advisory...

7.5AI score0.013EPSS
Exploits0References2
Rows per page
Query Builder