159 matches found
LibreOffice: LibreOffice: Denial of Service via crafted OOXML documents
A flaw was found in LibreOffice. A remote attacker could exploit this out-of-bounds write vulnerability by tricking a user into opening a specially crafted OOXML Office Open XML document with mismatched encryption salt parameters. This could lead to a denial of service DoS, making the application...
LibreOffice: LibreOffice: Denial of Service via crafted OOXML documents
A flaw was found in LibreOffice. A remote attacker could exploit this out-of-bounds write vulnerability by tricking a user into opening a specially crafted OOXML Office Open XML document with mismatched encryption salt parameters. This could lead to a denial of service DoS, making the application...
MiracleLinux 8 : libreoffice-6.4.7.2-20.el8_10.ML.1 (AXSA:2026-1176:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-1176:01 advisory. LibreOffice: LibreOffice: Denial of Service via crafted OOXML documents CVE-2026-4430 Tenable has extracted the preceding description block directly from the...
AlmaLinux 8 : libreoffice (ALSA-2026:28922)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:28922 advisory. LibreOffice: LibreOffice: Denial of Service via crafted OOXML documents CVE-2026-4430 Tenable has extracted the preceding description block directly from the...
RockyLinux 8 : libreoffice (RLSA-2026:28922)
The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:28922 advisory. LibreOffice: LibreOffice: Denial of Service via crafted OOXML documents CVE-2026-4430 Tenable has extracted the preceding description block directly from the...
LibreOffice: LibreOffice: Denial of Service via crafted OOXML documents
A flaw was found in LibreOffice. A remote attacker could exploit this out-of-bounds write vulnerability by tricking a user into opening a specially crafted OOXML Office Open XML document with mismatched encryption salt parameters. This could lead to a denial of service DoS, making the application...
Moderate: Red Hat Security Advisory: libreoffice security update
An update for libreoffice is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
RHEL 8 : libreoffice (RHSA-2026:28922)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28922 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a...
CVE-2026-46722
The OOXML parsing of the file indexer does not disable external entity resolution. A crafted xlsx or pptx document placed in an indexed directory can cause local files to be read or outbound HTTP requests to be performed, with the retrieved content being written to the search index...
USN-8352-1: LibreOffice vulnerability
Duc Anh Nguyen discovered that LibreOffice incorrectly handled mismatched encryption salt parameters in crafted OOXML documents. An attacker could use this issue to cause LibreOffice to crash, resulting in a denial of service, or possibly execute arbitrary code...
XML External Entity (XXE) Injection
Overview tpwd/kesearch is a search extension for TYPO3, including faceting search functions. Affected versions of this package are vulnerable to XML External Entity XXE Injection via the OOXML parsing of the file indexer, external entity resolution is not disabled. A crafted XLSX or PPTX document...
CVE-2026-46722
The OOXML parsing of the file indexer does not disable external entity resolution. A crafted xlsx or pptx document placed in an indexed directory can cause local files to be read or outbound HTTP requests to be performed, with the retrieved content being written to the search index...
Unity Linux 20.1060e / 20.1070e Security Update: clamav (UTSA-2026-017364)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017364 advisory. A vulnerability in the OOXML parsing module in Clam AntiVirus ClamAV Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an...
LibreOffice 25.8.x < 25.8.7 / 26.2.x < 26.2.3 Heap Buffer Overflow (CVE-2026-4430)
The version of LibreOffice installed on the remote host is prior to 25.8.7 or 26.2.3. It is, therefore, affected by a heap buffer overflow vulnerability: - An out-of-bounds write vulnerability exists in the AgileEngine component of LibreOffice. An attacker can exploit this by crafting a malicious...
[SECURITY] [DSA 6251-1] libreoffice security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6251-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 07, 2026 https://www.debian.org/security/faq -...
CVE-2026-4430
Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters. This issue affects LibreOffice: from 26.2 before 26.2.3, from 25.8 before 25.8.7...
Linux Distros Unpatched Vulnerability : CVE-2026-4430
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters. This issue...
Security update for dovecot22
This update for dovecot22 fixes the following issues: CVE-2025-59031: decode2text.sh OOXML extraction may follow symlinks and read unintended files during indexing bsc1260895. CVE-2025-59032: pigeonhole: ManageSieve panic occurs with sieve-connect as a client bsc1260902. CVE-2026-27855: OTP drive...
SUSE SLES16 Security Update : dovecot24 (SUSE-SU-2026:21208-1)
The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:21208-1 advisory. - Update to v2.4.3 - CVE-2025-59028: Invalid base64 authentication can cause DoS for other logins bsc1260894. - CVE-2025-59031:...
SUSE-SU-2026:21208-1 Security update for dovecot24
This update for dovecot24 fixes the following issues: - Update to v2.4.3 - CVE-2025-59028: Invalid base64 authentication can cause DoS for other logins bsc1260894. - CVE-2025-59031: decode2text.sh OOXML extraction may follow symlinks and read unintended files during indexing bsc1260895. -...