The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of OpenOffice

vulnerability note CVE-2017-8816 CVE-2017-8817 CVE-2017-8818

curl: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of curl.
Impacted products: OpenOffice, Mac OS X, curl, Debian, Fedora, Juniper EX-Series, Junos OS, SRX-Series, openSUSE Leap, Solaris, RHEL, Shibboleth SP, Ubuntu, WindRiver Linux.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: internet server.
Number of vulnerabilities in this bulletin: 3.
Creation date: 29/11/2017.
Identifiers: bulletinapr2018, bulletinoct2018, CVE-2017-8816, CVE-2017-8817, CVE-2017-8818, DLA-1195-1, DSA-4051-1, FEDORA-2017-0c062324cd, FEDORA-2017-45bdf4dace, HT208465, HT208692, JSA10874, openSUSE-SU-2018:0161-1, RHSA-2018:3558-01, USN-3498-1, USN-3498-2, VIGILANCE-VUL-24564.

Description of the vulnerability

An attacker can use several vulnerabilities of curl.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-12607 CVE-2017-12608 CVE-2017-9806

Apache OpenOffice: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Apache OpenOffice.
Impacted products: OpenOffice, Debian, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 20/10/2017.
Revision date: 27/10/2017.
Identifiers: CERTFR-2017-AVI-380, CVE-2017-12607, CVE-2017-12608, CVE-2017-9806, DLA-1214-1, DSA-4022-1, TALOS-2017-0295, TALOS-2017-0300, TALOS-2017-0301, USN-3472-1, VIGILANCE-VUL-24188.

Description of the vulnerability

An attacker can use several vulnerabilities of Apache OpenOffice.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-1000257

curl: out-of-bounds memory reading via IMAP FETCH Response

Synthesis of the vulnerability

An attacker can force a read at an invalid address via IMAP FETCH Response of curl, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: OpenOffice, curl, Debian, Fedora, QRadar SIEM, Juniper EX-Series, Junos OS, SRX-Series, openSUSE Leap, Solaris, pfSense, RHEL, Slackware, Ubuntu, VxWorks.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: internet server.
Creation date: 23/10/2017.
Identifiers: 2011740, bulletinapr2018, CVE-2017-1000257, DLA-1143-1, DSA-4007-1, FEDORA-2017-ebf32659bf, JSA10874, K-511316, openSUSE-SU-2017:2880-1, RHSA-2017:3263-01, RHSA-2018:3558-01, SSA:2017-297-01, USN-3457-1, VIGILANCE-VUL-24199.

Description of the vulnerability

An attacker can force a read at an invalid address via IMAP FETCH Response of curl, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-1000254

curl: out-of-bounds memory reading via FTP PWD

Synthesis of the vulnerability

An attacker can force a read at an invalid address via FTP PWD of curl, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: OpenOffice, Mac OS X, curl, Debian, Fedora, Juniper EX-Series, Junos OS, SRX-Series, openSUSE Leap, Solaris, pfSense, RHEL, Slackware, Ubuntu, VxWorks.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: internet server.
Creation date: 04/10/2017.
Identifiers: 2011879, bulletinapr2018, CVE-2017-1000254, DLA-1121-1, DSA-3992-1, FEDORA-2017-601b4c20a4, HT208331, HT208394, JSA10874, K-511316, openSUSE-SU-2017:2880-1, RHSA-2018:3558-01, SSA:2017-279-01, USN-3441-1, USN-3441-2, VIGILANCE-VUL-24018.

Description of the vulnerability

An attacker can force a read at an invalid address via FTP PWD of curl, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-1000099 CVE-2017-1000100 CVE-2017-1000101

curl: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of curl.
Impacted products: OpenOffice, Mac OS X, curl, Debian, Fedora, Android OS, Juniper EX-Series, Junos OS, SRX-Series, openSUSE Leap, Solaris, RHEL, Slackware, Ubuntu, WindRiver Linux, VxWorks.
Severity: 3/4.
Consequences: user access/rights, data reading, denial of service on service, denial of service on client.
Provenance: internet server.
Number of vulnerabilities in this bulletin: 3.
Creation date: 09/08/2017.
Identifiers: 2011879, bulletinapr2018, CVE-2017-1000099, CVE-2017-1000100, CVE-2017-1000101, DLA-1062-1, DSA-3992-1, FEDORA-2017-f1ffd18079, FEDORA-2017-f2df9d7772, HT208221, JSA10874, K-511316, openSUSE-SU-2017:2205-1, RHSA-2018:3558-01, SSA:2017-221-01, USN-3441-1, USN-3441-2, VIGILANCE-VUL-23481.

Description of the vulnerability

Several vulnerabilities were announced in curl.

An attacker can force a read at an invalid address via Globbing, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2017-1000101]

An attacker can generate a buffer overflow via TFTP, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-1000100]

An attacker can force a read at an invalid address via FILE, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2017-1000099]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-9502

curl on MS-Windows: buffer overflow via an URL of scheme file

Synthesis of the vulnerability

An attacker can generate a buffer overflow via an URL of scheme file in curl, in order to trigger a denial of service, and possibly to run code.
Impacted products: OpenOffice, curl, Juniper EX-Series, Junos OS, SRX-Series.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: internet server.
Creation date: 14/06/2017.
Identifiers: CVE-2017-9502, JSA10874, VIGILANCE-VUL-22977.

Description of the vulnerability

An attacker can generate a buffer overflow via an URL of scheme file in curl, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-7468

libcurl: TLS session resume even if the certificate changed

Synthesis of the vulnerability

The TLS client of libcurl can reuse a session even if the client certificate changed, which may lead to the authentication with an incorrect identity.
Impacted products: OpenOffice, Mac OS X, curl, pfSense, Ubuntu.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: user account.
Creation date: 19/04/2017.
Identifiers: APPLE-SA-2017-07-19-2, CVE-2017-7468, HT207922, USN-3262-1, VIGILANCE-VUL-22500.

Description of the vulnerability

The TLS client of libcurl can reuse a session even if the client certificate changed, which may lead to the authentication with an incorrect identity.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-7407

curl: information disclosure via --write-out

Synthesis of the vulnerability

A local attacker can read a memory fragment via --write-out of curl, in order to obtain sensitive information.
Impacted products: OpenOffice, curl, Debian, Fedora, Juniper EX-Series, Junos OS, SRX-Series, openSUSE Leap, Solaris, pfSense, RHEL, Ubuntu.
Severity: 1/4.
Consequences: data reading.
Provenance: physical access.
Creation date: 04/04/2017.
Identifiers: bulletinjul2018, cpuoct2018, CVE-2017-7407, DLA-883-1, FEDORA-2017-b38b98727e, JSA10874, openSUSE-SU-2017:1105-1, RHSA-2018:3558-01, USN-3441-1, USN-3441-2, VIGILANCE-VUL-22327.

Description of the vulnerability

A local attacker can read a memory fragment via --write-out of curl, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-3157

LibreOffice: information disclosure via object previews of linked objects

Synthesis of the vulnerability

An attacker can make a user open a LibreOffice document including links to external files, in order to get sensitive information.
Impacted products: OpenOffice, Debian, LibreOffice, RHEL, Ubuntu.
Severity: 1/4.
Consequences: data reading.
Provenance: document.
Creation date: 23/02/2017.
Identifiers: CVE-2017-3157, DLA-910-1, DSA-3792-1, DSA-3837-1, RHSA-2017:0914-01, RHSA-2017:0979-01, USN-3210-1, VIGILANCE-VUL-21945.

Description of the vulnerability

The programs Writer and Calc from LibreOffice can include previews of the linked or embedded objects.

A linked object may point to an external file which is not to be included in the document. However, the preview creation process will actually include a part of the linked file into the document.

An attacker can therefore make a user open a LibreOffice document including links to external files, in order to get sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-2629

curl: Man-in-the-Middle with SSL_VERIFYSTATUS

Synthesis of the vulnerability

An attacker can act as a Man-in-the-Middle on curl with CURLOPT_SSL_VERIFYSTATUS, in order to read or write data in the session.
Impacted products: OpenOffice, Mac OS X, curl, pfSense.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: internet server.
Creation date: 22/02/2017.
Identifiers: APPLE-SA-2017-07-19-2, CVE-2017-2629, HT207922, VIGILANCE-VUL-21925.

Description of the vulnerability

The curl product uses the TLS protocol, in order to create secure sessions.

However, the X.509 certificate and the service identity are not correctly checked during the usage of CURLOPT_SSL_VERIFYSTATUS (OCSP Stapling, TLS Certificate Status Request).

An attacker can therefore act as a Man-in-the-Middle on curl with CURLOPT_SSL_VERIFYSTATUS, in order to read or write data in the session.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about OpenOffice: