Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Openoffice
(Apache)| Repositories | https://github.com/dajobe/raptor |
| #Vulnerabilities | 53 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-10-11 | CVE-2021-41831 | It is possible for an attacker to manipulate the timestamp of signed documents. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25634 for the LibreOffice advisory. | Openoffice | 5.3 | ||
| 2021-10-11 | CVE-2021-41832 | It is possible for an attacker to manipulate documents to appear to be signed by a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25635 for the LibreOffice advisory. | Openoffice | 7.5 | ||
| 2023-03-24 | CVE-2022-38745 | Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory. | Openoffice | 7.8 | ||
| 2022-08-15 | CVE-2022-37400 | Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where the required initialization vector for encryption was always the same which weakens the security of the encryption making them vulnerable if an attacker has access to the user's configuration data. This issue affects: Apache OpenOffice versions prior to 4.1.13.... | Openoffice | 8.8 | ||
| 2022-08-15 | CVE-2022-37401 | Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 to 43 bits making the stored passwords vulnerable to a brute force attack if an attacker has access to the users stored config. This issue affects: Apache OpenOffice versions prior to 4.1.13.... | Openoffice | 8.8 | ||
| 2011-01-28 | CVE-2010-3453 | The WW8ListManager::WW8ListManager function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle an unspecified number of list levels in user-defined list styles in WW8 data in a Microsoft Word document, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .DOC file that triggers an out-of-bounds write. | Openoffice, Ubuntu_linux, Debian_linux | N/A | ||
| 2011-01-28 | CVE-2010-4253 | Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file in an ODF or Microsoft Office document, as demonstrated by a PowerPoint (aka PPT) document. | Openoffice, Ubuntu_linux, Debian_linux | N/A | ||
| 2011-01-28 | CVE-2010-4643 | Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file in an ODF or Microsoft Office document. | Openoffice | N/A | ||
| 2012-08-06 | CVE-2012-2665 | Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Open Document Text (.odt) file with (1) a child tag within an incorrect parent tag, (2) duplicate tags, or (3) a Base64 ChecksumAttribute whose length is not evenly divisible by four. | Openoffice, Ubuntu_linux, Debian_linux, Libreoffice, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_power_big_endian, Enterprise_linux_server, Enterprise_linux_server_from_rhui_6, Enterprise_linux_workstation | N/A | ||
| 2010-02-16 | CVE-2009-2949 | Integer overflow in the XPMReader::ReadXPM function in filter.vcl/ixpm/svt_xpmread.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to execute arbitrary code via a crafted XPM file that triggers a heap-based buffer overflow. | Openoffice, Ubuntu_linux, Debian_linux | N/A |