Lucene search
K

72 matches found

OSV
OSV
added 2025/03/21 3:15 p.m.6 views

CVE-2021-25635

An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to self sign an ODF document, with a signature untrusted by the target, then modify it to change the signature algorithm to an invalid or unknown to LibreOffice algorithm and LibreOffice would incorrectly present...

5.5CVSS6.8AI score0.00135EPSS
Exploits0References1
NVD
NVD
added 2023/04/25 12:15 p.m.27 views

CVE-2023-26098

An issue was discovered in the Open Document feature in Telindus Apsal 3.14.2022.235 b. An attacker may upload a crafted file to execute arbitrary code...

8.2CVSS8.4AI score0.00213EPSS
Exploits0References3
OSV
OSV
added 2023/04/25 12:15 p.m.7 views

CVE-2023-26098

An issue was discovered in the Open Document feature in Telindus Apsal 3.14.2022.235 b. An attacker may upload a crafted file to execute arbitrary code...

7.8CVSS6AI score0.00213EPSS
Exploits0References3
Prion
Prion
added 2023/04/25 12:15 p.m.19 views

Design/Logic Flaw

An issue was discovered in the Open Document feature in Telindus Apsal 3.14.2022.235 b. An attacker may upload a crafted file to execute arbitrary code...

4.3CVSS7.8AI score0.00213EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/04/25 12:0 a.m.43 views

CVE-2023-26098

The CVE-2023-26098 issue affects Telindus Apsal, Open Document feature, version 3.14.2022.235 b. A crafted file upload can lead to arbitrary code execution. Exploitation context is not detailed beyond the upload vector; local attack vector with low privileges is implied by CVSS. Remediation guida...

8.2CVSS7.8AI score0.00213EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/04/25 12:0 a.m.8 views

PT-2023-20485 · Telindus · Telindus Apsal

Name of the Vulnerable Software and Affected Versions: Telindus Apsal version 3.14.2022.235 b Description: An issue was discovered in the Open Document feature, allowing an attacker to upload a crafted file and execute arbitrary code. Recommendations: For Telindus Apsal version 3.14.2022.235 b,...

8.2CVSS7.8AI score0.00213EPSS
Exploits0References6
Cvelist
Cvelist
added 2023/04/25 12:0 a.m.31 views

CVE-2023-26098

An issue was discovered in the Open Document feature in Telindus Apsal 3.14.2022.235 b. An attacker may upload a crafted file to execute arbitrary code...

8.2CVSS8.6AI score0.00213EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:32 a.m.5 views

SUSE CVE-2018-5114

If an existing cookie is changed to be "HttpOnly" while a document is open, the original value remains accessible through script until that document is closed. Network requests correctly use the changed HttpOnly cookie. This vulnerability affects Firefox 58...

5.3CVSS8.4AI score0.01578EPSS
Exploits0References4
OSV
OSV
added 2022/08/10 8:15 p.m.4 views

CVE-2022-32245

SAP BusinessObjects Business Intelligence Platform Open Document - versions 420, 430, allows an unauthenticated attacker to retrieve sensitive information plain text over the network. On successful exploitation, the attacker can view any data available for a business user and put load on the...

8.2CVSS7.3AI score0.00442EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/08/10 8:15 p.m.2 views

CVE-2022-32245

SAP BusinessObjects Business Intelligence Platform Open Document - versions 420, 430, allows an unauthenticated attacker to retrieve sensitive information plain text over the network. On successful exploitation, the attacker can view any data available for a business user and put load on the...

8.2CVSS5.4AI score0.00442EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/08/09 8:13 p.m.30 views

CVE-2022-32245

SAP BusinessObjects Business Intelligence Platform Open Document - versions 420, 430, allows an unauthenticated attacker to retrieve sensitive information plain text over the network. On successful exploitation, the attacker can view any data available for a business user and put load on the...

8.3AI score0.00442EPSS
Exploits0References2
CVE
CVE
added 2022/08/09 8:13 p.m.78 views

CVE-2022-32245

CVE-2022-32245 affects SAP BusinessObjects Business Intelligence Platform (Open Document) versions 4.2.0x and 4.3.x (420–430). The root cause is an information-disclosure vulnerability that allows an unauthenticated attacker to retrieve plaintext data over the network, enabling viewing any data f...

8.2CVSS8AI score0.00442EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2021/11/22 12:0 a.m.6 views

Open-xchange OX App Suite 路径遍历漏洞

Open-xchange OX App Suite is a Web cloud desktop environment from Open-Xchange Open-xchange, a US-based company. The environment allows users to more intuitively manage email, tasks, files, etc. A directory traversal vulnerability exists in Open-xchange OX App Suite, which can be exploited by...

6.5CVSS5.6AI score0.02435EPSS
Exploits3References5
BDU FSTEC
BDU FSTEC
added 2021/10/15 12:0 a.m.7 views

The vulnerability of the Apache OpenOffice office software, related to errors in checking the cryptographic signature, allows a hacker to modify the content of ODF documents.

The vulnerability of the Apache office software package is related to errors in checking the cryptographic signature. Exploiting this vulnerability could allow a malicious actor to modify the content of ODF documents remotely...

7.8CVSS7.4AI score0.013EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2021/10/12 2:15 p.m.4 views

DEBIAN-CVE-2021-25634

LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to...

7.5CVSS6.7AI score0.00685EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/10/11 12:0 a.m.4 views

LibreOffice 数据伪造问题漏洞

LibreOffice is an open source office software suite from The Document Foundation. LibreOffice suffers from a Data Forgery Problem vulnerability that stems from the application not properly checking the digital signatures of ODF documents. An attacker could use the vulnerability to change the...

5.5CVSS7.5AI score0.00135EPSS
Exploits0References6
CNNVD
CNNVD
added 2021/04/26 12:0 a.m.4 views

jamovi 跨站脚本漏洞

jamovi is jamovi open source a free and open statistics platform. Jamovi has a cross-site scripting vulnerability in version 1.6.18 and earlier. In ElectronJS framework , the listing is vulnerable to XSS attacks. An attacker can exploit the vulnerability to craft a .omv document containing a...

6.1CVSS5.2AI score0.0123EPSS
Exploits2References3
OSV
OSV
added 2021/02/10 10:15 p.m.5 views

CVE-2020-27250

In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 Revision 1014, a specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-base...

7.8CVSS7.4AI score0.00949EPSS
Exploits1References1
OSV
OSV
added 2021/02/04 7:15 a.m.5 views

CVE-2020-27248

A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0003 and 0x0014, an attacker can...

7.8CVSS7.5AI score0.01249EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2020/11/03 11:0 p.m.3 views

CVE-2020-24432

Acrobat Reader DC versions 2020.012.20048 and earlier, 2020.001.30005 and earlier and 2017.011.30175 and earlier and Adobe Acrobat Pro DC 2017.011.30175 and earlier are affected by an improper input validation vulnerability that could result in arbitrary JavaScript execution in the context of the...

7.8CVSS8AI score0.10648EPSS
Exploits0References2
Rows per page
Query Builder