The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of OpenOffice

computer vulnerability announce CVE-2018-1000005 CVE-2018-1000007

curl: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of libcurl.
Impacted products: OpenOffice, curl, Debian, Fedora, Rational ClearCase, Juniper EX-Series, Junos OS, SRX-Series, openSUSE Leap, Solaris, RHEL, Slackware, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on client.
Provenance: internet server.
Number of vulnerabilities in this bulletin: 2.
Creation date: 25/01/2018.
Identifiers: 2014495, bulletinapr2018, CVE-2018-1000005, CVE-2018-1000007, DLA-1263-1, DSA-4098-1, FEDORA-2018-241a5a2409, FEDORA-2018-85655b12b6, JSA10874, openSUSE-SU-2018:0236-1, RHSA-2018:3157-01, RHSA-2018:3558-01, SSA:2018-024-01, USN-3554-1, USN-3554-2, VIGILANCE-VUL-25147.

Description of the vulnerability

An attacker can use several vulnerabilities of libcurl.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-8816 CVE-2017-8817 CVE-2017-8818

curl: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of curl.
Impacted products: SDS, SES, SNS, OpenOffice, Mac OS X, curl, Debian, Fedora, Juniper EX-Series, Junos OS, SRX-Series, openSUSE Leap, Solaris, RHEL, Shibboleth SP, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: internet server.
Number of vulnerabilities in this bulletin: 3.
Creation date: 29/11/2017.
Identifiers: bulletinapr2018, bulletinoct2018, CVE-2017-8816, CVE-2017-8817, CVE-2017-8818, DLA-1195-1, DSA-4051-1, FEDORA-2017-0c062324cd, FEDORA-2017-45bdf4dace, HT208465, HT208692, JSA10874, openSUSE-SU-2018:0161-1, RHSA-2018:3558-01, STORM-2019-002, USN-3498-1, USN-3498-2, VIGILANCE-VUL-24564.

Description of the vulnerability

An attacker can use several vulnerabilities of curl.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-12607 CVE-2017-12608 CVE-2017-9806

Apache OpenOffice: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Apache OpenOffice.
Impacted products: OpenOffice, Debian, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 20/10/2017.
Revision date: 27/10/2017.
Identifiers: CERTFR-2017-AVI-380, CVE-2017-12607, CVE-2017-12608, CVE-2017-9806, DLA-1214-1, DSA-4022-1, TALOS-2017-0295, TALOS-2017-0300, TALOS-2017-0301, USN-3472-1, VIGILANCE-VUL-24188.

Description of the vulnerability

An attacker can use several vulnerabilities of Apache OpenOffice.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-1000257

curl: out-of-bounds memory reading via IMAP FETCH Response

Synthesis of the vulnerability

An attacker can force a read at an invalid address via IMAP FETCH Response of curl, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: OpenOffice, curl, Debian, Fedora, QRadar SIEM, Juniper EX-Series, Junos OS, SRX-Series, openSUSE Leap, Solaris, pfSense, RHEL, Slackware, Ubuntu, VxWorks.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: internet server.
Creation date: 23/10/2017.
Identifiers: 2011740, bulletinapr2018, CVE-2017-1000257, DLA-1143-1, DSA-4007-1, FEDORA-2017-ebf32659bf, JSA10874, K-511316, openSUSE-SU-2017:2880-1, RHSA-2017:3263-01, RHSA-2018:3558-01, SSA:2017-297-01, USN-3457-1, VIGILANCE-VUL-24199.

Description of the vulnerability

An attacker can force a read at an invalid address via IMAP FETCH Response of curl, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-1000254

curl: out-of-bounds memory reading via FTP PWD

Synthesis of the vulnerability

An attacker can force a read at an invalid address via FTP PWD of curl, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: SDS, SES, SNS, OpenOffice, Mac OS X, curl, Debian, Fedora, Juniper EX-Series, Junos OS, SRX-Series, openSUSE Leap, Solaris, pfSense, RHEL, Slackware, Ubuntu, VxWorks.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: internet server.
Creation date: 04/10/2017.
Identifiers: 2011879, bulletinapr2018, CVE-2017-1000254, DLA-1121-1, DSA-3992-1, FEDORA-2017-601b4c20a4, HT208331, HT208394, JSA10874, K-511316, openSUSE-SU-2017:2880-1, RHSA-2018:3558-01, SSA:2017-279-01, STORM-2019-002, USN-3441-1, USN-3441-2, VIGILANCE-VUL-24018.

Description of the vulnerability

An attacker can force a read at an invalid address via FTP PWD of curl, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-1000099 CVE-2017-1000100 CVE-2017-1000101

curl: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of curl.
Impacted products: SDS, SES, SNS, OpenOffice, Mac OS X, curl, Debian, Fedora, Android OS, Juniper EX-Series, Junos OS, SRX-Series, openSUSE Leap, Solaris, RHEL, Slackware, Ubuntu, VxWorks.
Severity: 3/4.
Consequences: user access/rights, data reading, denial of service on service, denial of service on client.
Provenance: internet server.
Number of vulnerabilities in this bulletin: 3.
Creation date: 09/08/2017.
Identifiers: 2011879, bulletinapr2018, CVE-2017-1000099, CVE-2017-1000100, CVE-2017-1000101, DLA-1062-1, DSA-3992-1, FEDORA-2017-f1ffd18079, FEDORA-2017-f2df9d7772, HT208221, JSA10874, K-511316, openSUSE-SU-2017:2205-1, RHSA-2018:3558-01, SSA:2017-221-01, STORM-2019-002, USN-3441-1, USN-3441-2, VIGILANCE-VUL-23481.

Description of the vulnerability

Several vulnerabilities were announced in curl.

An attacker can force a read at an invalid address via Globbing, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2017-1000101]

An attacker can generate a buffer overflow via TFTP, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-1000100]

An attacker can force a read at an invalid address via FILE, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2017-1000099]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-9502

curl on MS-Windows: buffer overflow via an URL of scheme file

Synthesis of the vulnerability

An attacker can generate a buffer overflow via an URL of scheme file in curl, in order to trigger a denial of service, and possibly to run code.
Impacted products: OpenOffice, curl, Juniper EX-Series, Junos OS, SRX-Series.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: internet server.
Creation date: 14/06/2017.
Identifiers: CVE-2017-9502, JSA10874, VIGILANCE-VUL-22977.

Description of the vulnerability

An attacker can generate a buffer overflow via an URL of scheme file in curl, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-7468

libcurl: TLS session resume even if the certificate changed

Synthesis of the vulnerability

The TLS client of libcurl can reuse a session even if the client certificate changed, which may lead to the authentication with an incorrect identity.
Impacted products: SDS, SES, SNS, OpenOffice, Mac OS X, curl, pfSense, Ubuntu.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: user account.
Creation date: 19/04/2017.
Identifiers: APPLE-SA-2017-07-19-2, CVE-2017-7468, HT207922, STORM-2019-002, USN-3262-1, VIGILANCE-VUL-22500.

Description of the vulnerability

The TLS client of libcurl can reuse a session even if the client certificate changed, which may lead to the authentication with an incorrect identity.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-7407

curl: information disclosure via --write-out

Synthesis of the vulnerability

A local attacker can read a memory fragment via --write-out of curl, in order to obtain sensitive information.
Impacted products: OpenOffice, curl, Debian, Fedora, Juniper EX-Series, Junos OS, SRX-Series, openSUSE Leap, Solaris, pfSense, RHEL, Ubuntu.
Severity: 1/4.
Consequences: data reading.
Provenance: physical access.
Creation date: 04/04/2017.
Identifiers: bulletinjul2018, cpuoct2018, CVE-2017-7407, DLA-883-1, FEDORA-2017-b38b98727e, JSA10874, openSUSE-SU-2017:1105-1, RHSA-2018:3558-01, USN-3441-1, USN-3441-2, VIGILANCE-VUL-22327.

Description of the vulnerability

A local attacker can read a memory fragment via --write-out of curl, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-3157

LibreOffice: information disclosure via object previews of linked objects

Synthesis of the vulnerability

An attacker can make a user open a LibreOffice document including links to external files, in order to get sensitive information.
Impacted products: OpenOffice, Debian, LibreOffice, RHEL, Ubuntu.
Severity: 1/4.
Consequences: data reading.
Provenance: document.
Creation date: 23/02/2017.
Identifiers: CVE-2017-3157, DLA-910-1, DSA-3792-1, DSA-3837-1, RHSA-2017:0914-01, RHSA-2017:0979-01, USN-3210-1, VIGILANCE-VUL-21945.

Description of the vulnerability

The programs Writer and Calc from LibreOffice can include previews of the linked or embedded objects.

A linked object may point to an external file which is not to be included in the document. However, the preview creation process will actually include a part of the linked file into the document.

An attacker can therefore make a user open a LibreOffice document including links to external files, in order to get sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about OpenOffice: