121 matches found
CVE-2024-7788 Signatures in "repair mode" should not be trusted
Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOfficeThis issue affects LibreOffice: from 24.2 before 24.2.5...
RHEL 7 : libreoffice (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libreoffice: heap-based buffer overflow related to the ReadJPEG function CVE-2017-8358 - LibreOffice befo...
RHEL 9 : libreoffice (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libreoffice: Array index underflow in Calc formula parsing CVE-2023-0950 - Apache OpenOffice versions...
CVE-2023-36268
Rejected reason: DoS issues, or unexploitable crashes, are out of scope for vulnerabilities...
CVE-2023-36268
Rejected reason: DoS issues, or unexploitable crashes, are out of scope for vulnerabilities...
CVE-2023-36268
Rejected reason: DoS issues, or unexploitable crashes, are out of scope for vulnerabilities...
CVE-2023-36268
...
CVE-2023-36268
...
Oracle Linux 8 : libreoffice (ELSA-2024-1514)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1514 advisory. - Fix CVE-2023-6185 escape url passed to gstreamer Tenable has extracted the preceding description block directly from the Oracle Linux security...
Rocky Linux 8 : libreoffice (RLSA-2024:1514)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:1514 advisory. - Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary...
Improper Preservation Of Permissions
libreoffice is vulnerable to Improper Preservation of Permissions. The vulnerability is due to there is no macro permission validation for The Document Foundation in LibreOffice. This allows an attacker to execute built-in macros without warning the user...
LibreOffice Input Validation Error Vulnerability (CNVD-2023-9963392)
LibreOffice is an open source office software suite from The Document Foundation tdf. The product includes applications such as Writer text documents, Calc spreadsheets and Impress presentations. An input validation error vulnerability exists in LibreOffice that stems from the presence of incorre...
CVE-2023-6186
Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning th...
CVE-2023-6185
Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to r...
CVE-2023-6186
Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning th...
CVE-2023-6186
CVE-2023-6186 affects LibreOffice. The vulnerability arises from insufficient macro permission validation, enabling certain built-in macros or internal commands to be executed when a user activates hyperlinks that target macros, without explicit user permission. Connected documents corroborate th...
CVE-2023-6186 Link targets allow arbitrary script execution
Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning th...
CVE-2023-6186
Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning th...
CVE-2023-6185 Improper input validation enabling arbitrary Gstreamer pipeline injection
Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to r...
CVE-2023-6185
CVE-2023-6185 is an Improper Input Validation vulnerability in the GStreamer integration of LibreOffice that may allow an attacker to execute arbitrary GStreamer plugins by not escaping the embedded video filename passed to GStreamer. The issue affects LibreOffice and is discussed in multiple adv...