The vulnerability of the DOCX import function in the Polarion ALM software for application lifecycle management allows a hacker to read arbitrary files.

The vulnerability of the DOCX import function in the Polarion ALM application lifecycle management software is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a malicious actor to read arbitrary files remotely...

CVE-2024-51445

A vulnerability has been identified in Polarion V2310 All versions, Polarion V2404 All versions V2404.4. The affected application contains a XML External Entity Injection XXE vulnerability in the docx import feature. This could allow an authenticated remote attacker to read arbitrary data from th...

CVE-2024-51445

A vulnerability has been identified in Polarion V2310 All versions, Polarion V2404 All versions V2404.4. The affected application contains a XML External Entity Injection XXE vulnerability in the docx import feature. This could allow an authenticated remote attacker to read arbitrary data from th...

CVE-2024-51445

A vulnerability has been identified in Polarion V2310 All versions, Polarion V2404 All versions V2404.4. The affected application contains a XML External Entity Injection XXE vulnerability in the docx import feature. This could allow an authenticated remote attacker to read arbitrary data from th...

Siemens Polarion 代码问题漏洞

Siemens Polarion is a suite of application lifecycle management software from Siemens, Germany. The software supports end-to-end enterprise application development on a unified, modular, browser-based software environment. A code issue vulnerability exists in Siemens Polarion that stems from an X...

PT-2025-20845 · Siemens · Polarion

Name of the Vulnerable Software and Affected Versions: Polarion V2310 All versions Polarion V2404 versions prior to V2404.4 Description: A vulnerability has been identified in the affected application, which contains a XML External Entity Injection XXE vulnerability in the docx import feature. Th...

Security update for libreoffice (moderate)

This update for libreoffice to 6.0.4.2 fixes lots of bugs and also the following issues: Security issues fixed: - CVE-2018-10120: The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx did not validate a customizations index, which allowed remote attackers to cause a denial of...

openSUSE Security Update : libreoffice (openSUSE-2018-467)

This update for libreoffice to 6.0.4.2 fixes lots of bugs and also the following issues : Security issues fixed : - CVE-2018-10120: The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx did not validate a customizations index, which allowed remote attackers to cause a denial of...

SUSE SLED12 Security Update : libreoffice (SUSE-SU-2018:1296-1)

This update for libreoffice to 6.0.4.2 fixes lots of bugs and also the following issues: Security issues fixed : - CVE-2018-10120: The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx did not validate a customizations index, which allowed remote attackers to cause a denial of...

SUSE-SU-2018:1296-1 Security update for libreoffice

This update for libreoffice to 6.0.4.2 fixes lots of bugs and also the following issues: Security issues fixed: - CVE-2018-10120: The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx did not validate a customizations index, which allowed remote attackers to cause a denial of...

Fedora 21 : libreoffice-4.3.7.2-3.fc21 (2015-7022)

Fix some .docx import crashes. And finally fix the re-render of checked-unchecked checkbox transition update to 4.3.7 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and forma...

openSUSE Security Update : LibreOffice (openSUSE-SU-2012:1523-1)

LibreOffice was updated to 3.5.4.13 to fix various bugs and security issues : - NULL pointer dereference bnc778669, CVE-2012-4233 - bullet-color-pptx-import.diff: bullets should have same color as following text by default; missing part of the fix bnc734733 - update to suse-3.5.4.13 SUSE 3.5 bugf...

openSUSE Security Update : libreoffice (openSUSE-SU-2012:1686-1)

LibreOffice was updated to 3.5.4.13 3.5.6rc2 based, fixing a security issue and lots of bugs : - NULL pointer dereference bnc778669, CVE-2012-4233 - bullet-color-pptx-import.diff: bullets should have same color as following text by default; missing part of the fix bnc734733 - update to...

SuSE 11.2 Security Update : LibreOffice (SAT Patch Number 6804)

LibreOffice was updated to SUSE 3.5 bugfix release 13 based on upstream 3.5.6-rc2 which fixes a lot of bugs. The following bugs have been fixed : - polygon fill rule. bnc759172 - open XML in Writer. bnc777181 - undo in text objects fdo36138 - broken numbering level. bnc760019 - better MathML...

SuSE 10 Security Update : LibreOffice (ZYPP Patch Number 8022)

LibreOffice 3.4.5 includes many fixes over the previous LibreOffice 3.4.2.6 update. The update fixes the following security issues : - 740453: Vulnerability in RDF handling. CVE-2012-0037 - 752595: overflow in jpeg handling. CVE-2012-1149 - 736146: buffer overflow in the build in icu copy 736146...