72 matches found
CVE-2021-25635
An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to self sign an ODF document, with a signature untrusted by the target, then modify it to change the signature algorithm to an invalid or unknown to LibreOffice algorithm and LibreOffice would incorrectly present...
CVE-2023-26098
An issue was discovered in the Open Document feature in Telindus Apsal 3.14.2022.235 b. An attacker may upload a crafted file to execute arbitrary code...
CVE-2023-26098
An issue was discovered in the Open Document feature in Telindus Apsal 3.14.2022.235 b. An attacker may upload a crafted file to execute arbitrary code...
Design/Logic Flaw
An issue was discovered in the Open Document feature in Telindus Apsal 3.14.2022.235 b. An attacker may upload a crafted file to execute arbitrary code...
CVE-2023-26098
The CVE-2023-26098 issue affects Telindus Apsal, Open Document feature, version 3.14.2022.235 b. A crafted file upload can lead to arbitrary code execution. Exploitation context is not detailed beyond the upload vector; local attack vector with low privileges is implied by CVSS. Remediation guida...
PT-2023-20485 · Telindus · Telindus Apsal
Name of the Vulnerable Software and Affected Versions: Telindus Apsal version 3.14.2022.235 b Description: An issue was discovered in the Open Document feature, allowing an attacker to upload a crafted file and execute arbitrary code. Recommendations: For Telindus Apsal version 3.14.2022.235 b,...
CVE-2023-26098
An issue was discovered in the Open Document feature in Telindus Apsal 3.14.2022.235 b. An attacker may upload a crafted file to execute arbitrary code...
SUSE CVE-2018-5114
If an existing cookie is changed to be "HttpOnly" while a document is open, the original value remains accessible through script until that document is closed. Network requests correctly use the changed HttpOnly cookie. This vulnerability affects Firefox 58...
CVE-2022-32245
SAP BusinessObjects Business Intelligence Platform Open Document - versions 420, 430, allows an unauthenticated attacker to retrieve sensitive information plain text over the network. On successful exploitation, the attacker can view any data available for a business user and put load on the...
CVE-2022-32245
SAP BusinessObjects Business Intelligence Platform Open Document - versions 420, 430, allows an unauthenticated attacker to retrieve sensitive information plain text over the network. On successful exploitation, the attacker can view any data available for a business user and put load on the...
CVE-2022-32245
SAP BusinessObjects Business Intelligence Platform Open Document - versions 420, 430, allows an unauthenticated attacker to retrieve sensitive information plain text over the network. On successful exploitation, the attacker can view any data available for a business user and put load on the...
CVE-2022-32245
CVE-2022-32245 affects SAP BusinessObjects Business Intelligence Platform (Open Document) versions 4.2.0x and 4.3.x (420–430). The root cause is an information-disclosure vulnerability that allows an unauthenticated attacker to retrieve plaintext data over the network, enabling viewing any data f...
Open-xchange OX App Suite 路径遍历漏洞
Open-xchange OX App Suite is a Web cloud desktop environment from Open-Xchange Open-xchange, a US-based company. The environment allows users to more intuitively manage email, tasks, files, etc. A directory traversal vulnerability exists in Open-xchange OX App Suite, which can be exploited by...
The vulnerability of the Apache OpenOffice office software, related to errors in checking the cryptographic signature, allows a hacker to modify the content of ODF documents.
The vulnerability of the Apache office software package is related to errors in checking the cryptographic signature. Exploiting this vulnerability could allow a malicious actor to modify the content of ODF documents remotely...
DEBIAN-CVE-2021-25634
LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to...
LibreOffice 数据伪造问题漏洞
LibreOffice is an open source office software suite from The Document Foundation. LibreOffice suffers from a Data Forgery Problem vulnerability that stems from the application not properly checking the digital signatures of ODF documents. An attacker could use the vulnerability to change the...
jamovi 跨站脚本漏洞
jamovi is jamovi open source a free and open statistics platform. Jamovi has a cross-site scripting vulnerability in version 1.6.18 and earlier. In ElectronJS framework , the listing is vulnerable to XSS attacks. An attacker can exploit the vulnerability to craft a .omv document containing a...
CVE-2020-27250
In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 Revision 1014, a specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-base...
CVE-2020-27248
A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0003 and 0x0014, an attacker can...
CVE-2020-24432
Acrobat Reader DC versions 2020.012.20048 and earlier, 2020.001.30005 and earlier and 2017.011.30175 and earlier and Adobe Acrobat Pro DC 2017.011.30175 and earlier are affected by an improper input validation vulnerability that could result in arbitrary JavaScript execution in the context of the...