118 matches found
Important: Red Hat Security Advisory: libreoffice security fix update
An update for libreoffice is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...
libreoffice: Insufficient macro permission validation leading to macro execution
An insufficient permission validation vulnerability was found in LibreOffice. In versions that support running commands in hyperlinks, an attacker can execute built-in macros without warning the user...
libreoffice: Insufficient macro permission validation leading to macro execution
An insufficient permission validation vulnerability was found in LibreOffice. In versions that support running commands in hyperlinks, an attacker can execute built-in macros without warning the user...
Important: Red Hat Security Advisory: libreoffice security fix update
An update for libreoffice is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a...
ALSA-2024:1514 Important: libreoffice security fix update
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...
Important: libreoffice security fix update
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...
libreoffice: Insufficient macro permission validation leading to macro execution
An insufficient permission validation vulnerability was found in LibreOffice. In versions that support running commands in hyperlinks, an attacker can execute built-in macros without warning the user...
libreoffice: Insufficient macro permission validation leading to macro execution
An insufficient permission validation vulnerability was found in LibreOffice. In versions that support running commands in hyperlinks, an attacker can execute built-in macros without warning the user...
CSV Injection
Active Admin is vulnerable to CSV Injection. This vulnerability is due to missing sanitization while exporting a CSV file. An attacker can inject malicious data to a CSV file such as =, +, -', @, \t, \r which results in arbitrary macro execution if the csv file is opened in software such as excel...
Improper Preservation Of Permissions
libreoffice is vulnerable to Improper Preservation of Permissions. The vulnerability is due to there is no macro permission validation for The Document Foundation in LibreOffice. This allows an attacker to execute built-in macros without warning the user...
Design/Logic Flaw
Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning th...
Privilege escalation
Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected...
CVE-2023-26056 XWiki Platform allows macro execution as any user without programming rights through the context macro
XWiki Platform is a generic wiki platform. Starting in version 3.0-milestone-1, it's possible to execute a script with the right of another user, provided the target user does not have programming right. The problem has been patched in XWiki 14.8-rc-1, 14.4.5, and 13.10.10. There are no known...
CVE-2023-26056 XWiki Platform allows macro execution as any user without programming rights through the context macro
XWiki Platform is a generic wiki platform. Starting in version 3.0-milestone-1, it's possible to execute a script with the right of another user, provided the target user does not have programming right. The problem has been patched in XWiki 14.8-rc-1, 14.4.5, and 13.10.10. There are no known...
SUSE CVE-2018-16858
It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script i...
libreoffice: Macro URL arbitrary script execution
A vulnerability was found in LibreOffice that affects the Office URI Schemes. These schemes enable browser integration of LibreOffice with the MS SharePoint server. In LibreOffice, the links using the scheme 'vnd.libreoffice.command' could be constructed to call internal macros with arbitrary...
libreoffice: Macro URL arbitrary script execution
A vulnerability was found in LibreOffice that affects the Office URI Schemes. These schemes enable browser integration of LibreOffice with the MS SharePoint server. In LibreOffice, the links using the scheme 'vnd.libreoffice.command' could be constructed to call internal macros with arbitrary...
PT-2022-6496 · Apache · Apache Openoffice +1
Name of the Vulnerable Software and Affected Versions: Apache OpenOffice affected versions not specified Description: The issue is related to the execution of links in Apache OpenOffice documents that can call internal macros with arbitrary arguments. Several URI Schemes are defined for this...
USN-5694-1 libreoffice vulnerabilities
It was discovered that LibreOffice incorrectly handled links using the Office URI Schemes. If a user were tricked into opening a specially crafted document, a remote attacker could use this issue to execute arbitrary scripts. CVE-2022-3140 Thomas Florian discovered that LibreOffice incorrectly...
SUSE SLED15 / SLES15 Security Update : libreoffice (SUSE-SU-2022:3650-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3650-1 advisory. - An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro was...