EUVD-2010-3259

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2020-12803

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an...

Rocky Linux 8 : libreoffice (RLSA-2020:4628)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:4628 advisory. - LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not th...

AlmaLinux 8 : libreoffice (ALSA-2020:4628)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2020:4628 advisory. - LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the...

OPENSUSE-SU-2021:1897-1 Security update for libX11

This update for libX11 fixes the following issues: - Regression in the fix for CVE-2021-31535, causing segfaults for xforms applications like fdesign bsc1186643...

Security update for libX11 (important)

openSUSE Security Update: Security update for libX11 Announcement ID: openSUSE-SU-2021:1897-1 Rating: important References: 1186643 Cross-References: CVE-2021-31535 CVSS scores: CVE-2021-31535 NVD : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-31535 SUSE: 8.1...

openSUSE Security Update : libX11 (openSUSE-2021-857)

This update for libX11 fixes the following issues : - Regression in the fix for CVE-2021-31535, causing segfaults for xforms applications like fdesign bsc1186643 This update was imported from the SUSE:SLE-15:Update update project. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descripti...

OPENSUSE-SU-2021:0857-1 Security update for libX11

This update for libX11 fixes the following issues: - Regression in the fix for CVE-2021-31535, causing segfaults for xforms applications like fdesign bsc1186643 This update was imported from the SUSE:SLE-15:Update update project...

Security update for libX11 (important)

openSUSE Security Update: Security update for libX11 Announcement ID: openSUSE-SU-2021:0857-1 Rating: important References: 1186643 Cross-References: CVE-2021-31535 CVSS scores: CVE-2021-31535 SUSE: 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.2 An update...

SUSE-SU-2021:1892-1 Security update for libX11

This update for libX11 fixes the following issues: - Regression in the fix for CVE-2021-31535, causing segfaults for xforms applications like fdesign bsc1186643...

CVE-2020-12803

ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted without the need f...

KLA11804 XForms vulnerability in LibreOffice

XForms vulnerability was found in LibreOffice. Malicious users can exploit this vulnerability to obtain sensitive information, bypass security restrictions. Original advisories CVE-2020-12803 Related products LibreOffice CVE list CVE-2020-12803 warning Solution Update to the latest version Downlo...

Deserialization of untrusted data

ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted without the need f...

CVE-2020-12803

CVE-2020-12803 affects The Document Foundation LibreOffice prior to 6.4.4. ODF documents with forms could submit form data to a URI; earlier behavior allowed submissions to file: URIs, enabling potential overwrites of local files. The issue is mitigated by restricting submissions to http[s] URIs ...

CVE-2020-12803 XForms submissions could overwrite local files

ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted without the need f...

LibreOffice Security Advisory

LibreOffice reports: Two flaws were found in LibreOffice: CVE-2020-12802: remote graphics contained in docx format retrieved in 'stealth mode' CVE-2020-12803: XForms submissions could overwrite local files...

CVE-2010-3260

oxf/xml/xerces/XercesSAXParserFactoryImpl.java in the xforms-server component in the XForms service in Orbeon Forms before 3.9 does not properly restrict DTDs in Ajax requests, which allows remote attackers to read arbitrary files or send HTTP requests to intranet servers via an entity declaratio...

CVE-2010-3260

oxf/xml/xerces/XercesSAXParserFactoryImpl.java in the xforms-server component in the XForms service in Orbeon Forms before 3.9 does not properly restrict DTDs in Ajax requests, which allows remote attackers to read arbitrary files or send HTTP requests to intranet servers via an entity declaratio...

CVE-2010-3260

CVE-2010-3260 affects Orbeon Forms (xforms-server) prior to version 3.9, where oxf/xml/xerces/XercesSAXParserFactoryImpl.java does not properly restrict DTDs in AJAX requests. This XML injection flaw allows remote attackers to read arbitrary files or trigger requests to intranet servers via an en...

OpenOffice < 2.4 Multiple Vulnerabilities

Binary data 4474.prm...