Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title OpenOffice, LibreOffice: Multiple vulnerabilities
Informations
Name GLSA-201408-19 First vendor Publication 2014-08-31
Vendor Gentoo Last vendor Modification 2014-08-31
Severity (Vendor) Normal Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities have been found in OpenOffice and LibreOffice, the worst of which may result in execution of arbitrary code.

Background

OpenOffice is the open source version of StarOffice, a full office productivity suite. LibreOffice is a fork of OpenOffice.

Description

Multiple vulnerabilities have been discovered in OpenOffice and Libreoffice. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could entice a user to open a specially crafted file using OpenOffice, possibly resulting in execution of arbitrary code with the privileges of the process, a Denial of Service condition, execution of arbitrary Python code, authentication bypass, or reading and writing of arbitrary files.

Workaround

There is no known workaround at this time.

Resolution

All OpenOffice (binary) users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=app-office/openoffice-bin-3.5.5.3"

All LibreOffice users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/libreoffice-4.2.5.2"

All LibreOffice (binary) users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=app-office/libreoffice-bin-4.2.5.2"

We recommend that users unmerge OpenOffice:
# emerge --unmerge "app-office/openoffice"

References

[ 1 ] CVE-2006-4339 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4339
[ 2 ] CVE-2009-0200 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0200
[ 3 ] CVE-2009-0201 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0201
[ 4 ] CVE-2009-0217 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0217
[ 5 ] CVE-2009-2949 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2949
[ 6 ] CVE-2009-2950 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2950
[ 7 ] CVE-2009-3301 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3301
[ 8 ] CVE-2009-3302 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3302
[ 9 ] CVE-2010-0395 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0395
[ 10 ] CVE-2010-2935 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2935
[ 11 ] CVE-2010-2936 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2936
[ 12 ] CVE-2010-3450 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3450
[ 13 ] CVE-2010-3451 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3451
[ 14 ] CVE-2010-3452 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3452
[ 15 ] CVE-2010-3453 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3453
[ 16 ] CVE-2010-3454 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3454
[ 17 ] CVE-2010-3689 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3689
[ 18 ] CVE-2010-4253 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4253
[ 19 ] CVE-2010-4643 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4643
[ 20 ] CVE-2011-2713 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2713
[ 21 ] CVE-2012-0037 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0037
[ 22 ] CVE-2012-1149 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1149
[ 23 ] CVE-2012-2149 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2149
[ 24 ] CVE-2012-2334 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2334
[ 25 ] CVE-2012-2665 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2665
[ 26 ] CVE-2014-0247 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0247

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201408-19.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-201408-19.xml

CAPEC : Common Attack Pattern Enumeration & Classification

Id Name
CAPEC-96 Block Access to Libraries

CWE : Common Weakness Enumeration

% Id Name
26 % CWE-189 Numeric Errors (CWE/SANS Top 25)
22 % CWE-787 Out-of-bounds Write (CWE/SANS Top 25)
9 % CWE-416 Use After Free
9 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
9 % CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)
4 % CWE-611 Information Leak Through XML External Entity File Disclosure
4 % CWE-310 Cryptographic Issues
4 % CWE-193 Off-by-one Error
4 % CWE-191 Integer Underflow (Wrap or Wraparound)
4 % CWE-190 Integer Overflow or Wraparound (CWE/SANS Top 25)
4 % CWE-94 Failure to Control Generation of Code ('Code Injection')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10022
 
Oval ID: oval:org.mitre.oval:def:10022
Title: filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTSetBrc table property modifier in a Word document, related to a "boundary error flaw."
Description: filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTSetBrc table property modifier in a Word document, related to a "boundary error flaw."
Family: unix Class: vulnerability
Reference(s): CVE-2009-3302
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10176
 
Oval ID: oval:org.mitre.oval:def:10176
Title: Integer overflow in the XPMReader::ReadXPM function in filter.vcl/ixpm/svt_xpmread.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to execute arbitrary code via a crafted XPM file that triggers a heap-based buffer overflow.
Description: Integer overflow in the XPMReader::ReadXPM function in filter.vcl/ixpm/svt_xpmread.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to execute arbitrary code via a crafted XPM file that triggers a heap-based buffer overflow.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2949
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10186
 
Oval ID: oval:org.mitre.oval:def:10186
Title: The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.
Description: The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0217
 Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10423
 
Oval ID: oval:org.mitre.oval:def:10423
Title: Integer underflow in filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTDefTable table property modifier in a Word document.
Description: Integer underflow in filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTDefTable table property modifier in a Word document.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3301
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10726
 
Oval ID: oval:org.mitre.oval:def:10726
Title: Heap-based buffer overflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via unspecified records in a crafted Word document, related to "table parsing."
Description: Heap-based buffer overflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via unspecified records in a crafted Word document, related to "table parsing."
Family: unix Class: vulnerability
Reference(s): CVE-2009-0201
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10881
 
Oval ID: oval:org.mitre.oval:def:10881
Title: Integer underflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow.
Description: Integer underflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0200
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11050
 
Oval ID: oval:org.mitre.oval:def:11050
Title: Heap-based buffer overflow in the GIFLZWDecompressor::GIFLZWDecompressor function in filter.vcl/lgif/decode.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, related to LZW decompression.
Description: Heap-based buffer overflow in the GIFLZWDecompressor::GIFLZWDecompressor function in filter.vcl/lgif/decode.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, related to LZW decompression.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2950
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11091
 
Oval ID: oval:org.mitre.oval:def:11091
Title: OpenOffice.org 2.x and 3.0 before 3.2.1 allows user-assisted remote attackers to bypass Python macro security restrictions and execute arbitrary Python code via a crafted OpenDocument Text (ODT) file that triggers code execution when the macro directory structure is previewed.
Description: OpenOffice.org 2.x and 3.0 before 3.2.1 allows user-assisted remote attackers to bypass Python macro security restrictions and execute arbitrary Python code via a crafted OpenDocument Text (ODT) file that triggers code execution when the macro directory structure is previewed.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0395
 Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11656
 
Oval ID: oval:org.mitre.oval:def:11656
Title: OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1.
Description: OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1.
Family: unix Class: vulnerability
Reference(s): CVE-2006-4339
 Version: 3
Platform(s): Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux Extras 3
Red Hat Enterprise Linux Extras 4
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11797
 
Oval ID: oval:org.mitre.oval:def:11797
Title: DSA-2055 openoffice.org -- macro execution
Description: It was discovered that OpenOffice.org, a full-featured office productivity suite that provides a near drop-in replacement for Microsoft® Office, is not properly handling python macros embedded in an office document. This allows an attacker to perform user-assisted execution of arbitrary code in certain use cases of the python macro viewer component.
Family: unix Class: patch
Reference(s): DSA-2055
CVE-2010-0395
 Version: 7
Platform(s): Debian GNU/Linux 5.0
 Product(s): openoffice.org
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12063
 
Oval ID: oval:org.mitre.oval:def:12063
Title: Integer truncation error in OpenOffice.org version 3.2.1
Description: simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PowerPoint document that triggers a heap-based buffer overflow, related to an "integer truncation error."
Family: windows Class: vulnerability
Reference(s): CVE-2010-2935
 Version: 9
Platform(s): Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 7
 Product(s): OpenOffice.org
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12144
 
Oval ID: oval:org.mitre.oval:def:12144
Title: Heap-based buffer overflow in OpenOffice.org version 3.2.1
Description: Integer overflow in simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted polygons in a PowerPoint document that triggers a heap-based buffer overflow.
Family: windows Class: vulnerability
Reference(s): CVE-2010-2936
 Version: 9
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows Server 2008
 Product(s): OpenOffice.org
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12661
 
Oval ID: oval:org.mitre.oval:def:12661
Title: DSA-1995-1 openoffice.org -- several
Description: Several vulnerabilities have been discovered in the OpenOffice.org office suite. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0136 It was discovered that macro security settings were insufficiently enforced for VBA macros. CVE-2009-0217 It was discovered that the W3C XML Signature recommendation contains a protocol-level vulnerability related to HMAC output truncation. This also affects the integrated libxmlsec library. CVE-2009-2949 Sebastian Apelt discovered that an integer overflow in the XPM import code may lead to the execution of arbitrary code. CVE-2009-2950 Sebastian Apelt and Frank Reissner discovered that a buffer overflow in the GIF import code may lead to the execution of arbitrary code. CVE-2009-3301/CVE-2009-3302 Nicolas Joly discovered multiple vulnerabilities in the parser for Word document files, which may lead to the execution of arbitrary code. For the old stable distribution, these problems have been fixed in version 2.0.4.dfsg.2-7etch9. For the stable distribution, these problems have been fixed in version 1:2.4.1+dfsg-1+lenny6. For the unstable distribution, these problems will be fixed soon. We recommend that you upgrade your openoffice.org packages.
Family: unix Class: patch
Reference(s): DSA-1995-1
CVE-2010-0136
CVE-2009-0217
CVE-2009-2949
CVE-2009-2950
CVE-2009-3301
CVE-2009-3302
 Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
 Product(s): openoffice.org
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12741
 
Oval ID: oval:org.mitre.oval:def:12741
Title: DSA-2099-1 openoffice.org -- buffer overflows
Description: Charlie Miller has discovered two vulnerabilities in OpenOffice.org Impress, which can be exploited by malicious people to compromise a user's system and execute arbitrary code.
Family: unix Class: patch
Reference(s): DSA-2099-1
CVE-2010-2935
CVE-2010-2936
 Version: 7
Platform(s): Debian GNU/Linux 5.0
 Product(s): openoffice.org
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12858
 
Oval ID: oval:org.mitre.oval:def:12858
Title: DSA-2151-1 openoffice.org -- several
Description: Several security related problems have been discovered in the OpenOffice.org package that allows malformed documents to trick the system into crashes or even the execution of arbitrary code. CVE-2010-3450 During an internal security audit within Red Hat, a directory traversal vulnerability has been discovered in the way OpenOffice.org 3.1.1 through 3.2.1 processes XML filter files. If a local user is tricked into opening a specially-crafted OOo XML filters package file, this problem could allow remote attackers to create or overwrite arbitrary files belonging to local user or, potentially, execute arbitrary code. CVE-2010-3451 During his work as a consultant at Virtual Security Research, Dan Rosenberg discovered a vulnerability in OpenOffice.org's RTF parsing functionality. Opening a maliciously crafted RTF document can caus an out-of-bounds memory read into previously allocated heap memory, which may lead to the execution of arbitrary code. CVE-2010-3452 Dan Rosenberg discovered a vulnerability in the RTF file parser which can be leveraged by attackers to achieve arbitrary code execution by convincing a victim to open a maliciously crafted RTF file. CVE-2010-3453 As part of his work with Virtual Security Research, Dan Rosenberg discovered a vulnerability in the WW8ListManager::WW8ListManager function of OpenOffice.org that allows a maliciously crafted file to cause the execution of arbitrary code. CVE-2010-3454 As part of his work with Virtual Security Research, Dan Rosenberg discovered a vulnerability in the WW8DopTypography::ReadFromMem function in OpenOffice.org that may be exploited by a maliciously crafted file which allowins an attacker to control program flow and potentially execute arbitrary code. CVE-2010-3689 Dmitri Gribenko discovered that the soffice script does not treat an empty LD_LIBRARY_PATH variable like an unset one, may lead to the execution of arbitrary code. CVE-2010-4253 A heap based buffer overflow has been discovered with unknown impact. CVE-2010-4643 A vulnerability has been discovered in the way OpenOffice.org handles TGA graphics which can be tricked by a specially crafted TGA file that could cause the program to crash due to a heap-based buffer overflow with unknown impact.
Family: unix Class: patch
Reference(s): DSA-2151-1
CVE-2010-3450
CVE-2010-3451
CVE-2010-3452
CVE-2010-3453
CVE-2010-3454
CVE-2010-3689
CVE-2010-4253
CVE-2010-4643
 Version: 7
Platform(s): Debian GNU/Linux 5.0
 Product(s): openoffice.org
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13045
 
Oval ID: oval:org.mitre.oval:def:13045
Title: DSA-2055-1 openoffice.org -- macro execution
Description: It was discovered that OpenOffice.org, a full-featured office productivity suite that provides a near drop-in replacement for Microsoft Office, is not properly handling python macros embedded in an office document. This allows an attacker to perform user-assisted execution of arbitrary code in certain use cases of the python macro viewer component. For the stable distribution, this problem has been fixed in version 1:2.4.1+dfsg-1+lenny7. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 1:3.2.1-1. We recommend that you upgrade your openoffice.org packages.
Family: unix Class: patch
Reference(s): DSA-2055-1
CVE-2010-0395
 Version: 5
Platform(s): Debian GNU/Linux 5.0
 Product(s): openoffice.org
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13530
 
Oval ID: oval:org.mitre.oval:def:13530
Title: USN-949-1 -- openoffice.org vulnerability
Description: Marc Schoenefeld discovered that OpenOffice.org would run document macros from the macro browser, even when macros were disabled. If a user were tricked into opening a specially crafted document and examining a macro, a remote attacker could execute arbitrary code with user privileges.
Family: unix Class: patch
Reference(s): USN-949-1
CVE-2010-0395
 Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.04
Ubuntu 9.04
Ubuntu 9.10
 Product(s): openoffice.org
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13739
 
Oval ID: oval:org.mitre.oval:def:13739
Title: USN-1056-1 -- openoffice.org vulnerabilities
Description: Charlie Miller discovered several heap overflows in PPT processing. If a user or automated system were tricked into opening a specially crafted PPT document, a remote attacker could execute arbitrary code with user privileges. Ubuntu 10.10 was not affected. Marc Schoenefeld discovered that directory traversal was not correctly handled in XSLT, OXT, JAR, or ZIP files. If a user or automated system were tricked into opening a specially crafted document, a remote attacker overwrite arbitrary files, possibly leading to arbitrary code execution with user privileges. Dan Rosenberg discovered multiple heap overflows in RTF and DOC processing. If a user or automated system were tricked into opening a specially crafted RTF or DOC document, a remote attacker could execute arbitrary code with user privileges. Dmitri Gribenko discovered that OpenOffice.org did not correctly handle LD_LIBRARY_PATH in various tools. If a local attacker tricked a user or automated system into using OpenOffice.org from an attacker-controlled directory, they could execute arbitrary code with user privileges. Marc Schoenefeld discovered that OpenOffice.org did not correctly process PNG images. If a user or automated system were tricked into opening a specially crafted document, a remote attacker could execute arbitrary code with user privileges. It was discovered that OpenOffice.org did not correctly process TGA images. If a user or automated system were tricked into opening a specially crafted document, a remote attacker could execute arbitrary code with user privileges
Family: unix Class: patch
Reference(s): USN-1056-1
CVE-2010-2935
CVE-2010-2936
CVE-2010-3450
CVE-2010-3451
CVE-2010-3452
CVE-2010-3453
CVE-2010-3454
CVE-2010-3689
CVE-2010-4253
CVE-2010-4643
 Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.10
Ubuntu 9.10
Ubuntu 10.04
 Product(s): openoffice.org
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13798
 
Oval ID: oval:org.mitre.oval:def:13798
Title: DSA-1849-1 xml-security-c -- design flaw
Description: It was discovered that the W3C XML Signature recommendation contains a protocol-level vulnerability related to HMAC output truncation. This update implements the proposed workaround in the C++ version of the Apache implementation of this standard, xml-security-c, by preventing truncation to output strings shorter than 80 bits or half of the original HMAC output, whichever is greater. For the old stable distribution, this problem has been fixed in version 1.2.1-3+etch1. For the stable distribution, this problem has been fixed in version 1.4.0-3+lenny2. For the unstable distribution, this problem has been fixed in version 1.4.0-4. We recommend that you upgrade your xml-security-c packages.
Family: unix Class: patch
Reference(s): DSA-1849-1
CVE-2009-0217
 Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
 Product(s): xml-security-c
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14956
 
Oval ID: oval:org.mitre.oval:def:14956
Title: DSA-2315-1 openoffice.org -- multiple vulnerabilities
Description: Red Hat, Inc. security researcher Huzaifa Sidhpurwala reported multiple vulnerabilities in the binary Microsoft Word file format importer of OpenOffice.org, a full-featured office productivity suite that provides a near drop-in replacement for Microsoft Office.
Family: unix Class: patch
Reference(s): DSA-2315-1
CVE-2011-2713
 Version: 7
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
 Product(s): openoffice.org
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15215
 
Oval ID: oval:org.mitre.oval:def:15215
Title: DSA-2438-1 raptor -- programming error
Description: It was discovered that Raptor, a RDF parser and serializer library, allows file inclusion through XML entities, resulting in information disclosure.
Family: unix Class: patch
Reference(s): DSA-2438-1
CVE-2012-0037
 Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
 Product(s): raptor
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16854
 
Oval ID: oval:org.mitre.oval:def:16854
Title: USN-1480-1 -- Raptor vulnerability
Description: Applications using Raptor could be made to expose sensitive information or run programs as your login if they opened a specially crafted file.
Family: unix Class: patch
Reference(s): usn-1480-1
CVE-2012-0037
 Version: 7
Platform(s): Ubuntu 12.04
Ubuntu 11.04
Ubuntu 11.10
Ubuntu 10.04
 Product(s): raptor
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17416
 
Oval ID: oval:org.mitre.oval:def:17416
Title: USN-1495-1 -- libreoffice, libreoffice-l10n vulnerabilities
Description: LibreOffice could be made to crash or potentially run programs as your login if it opened a specially crafted file.
Family: unix Class: patch
Reference(s): USN-1495-1
CVE-2012-1149
CVE-2012-2334
 Version: 5
Platform(s): Ubuntu 11.10
Ubuntu 11.04
 Product(s): libreoffice
libreoffice-l10n
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17917
 
Oval ID: oval:org.mitre.oval:def:17917
Title: USN-1496-1 -- openoffice.org vulnerabilities
Description: OpenOffice.org could be made to crash or potentially run programs as your login if it opened a specially crafted file.
Family: unix Class: patch
Reference(s): USN-1496-1
CVE-2011-2685
CVE-2011-2713
CVE-2012-1149
CVE-2012-2334
 Version: 5
Platform(s): Ubuntu 10.04
 Product(s): openoffice.org
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17974
 
Oval ID: oval:org.mitre.oval:def:17974
Title: USN-1536-1 -- libreoffice vulnerability
Description: LibreOffice could be made to crash or run programs as your login if it opened a specially crafted file.
Family: unix Class: patch
Reference(s): USN-1536-1
CVE-2012-2665
 Version: 5
Platform(s): Ubuntu 12.04
Ubuntu 11.10
Ubuntu 11.04
 Product(s): libreoffice
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18059
 
Oval ID: oval:org.mitre.oval:def:18059
Title: USN-1537-1 -- openoffice.org vulnerability
Description: OpenOffice.org could be made to crash or run programs as your login if it opened a specially crafted file.
Family: unix Class: patch
Reference(s): USN-1537-1
CVE-2012-2665
 Version: 5
Platform(s): Ubuntu 10.04
 Product(s): openoffice.org
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18355
 
Oval ID: oval:org.mitre.oval:def:18355
Title: DSA-2473-1 openoffice.org - buffer overflow
Description: Tielei Wang discovered that OpenOffice.org does not allocate a large enough memory region when processing a specially crafted JPEG object, leading to a heap-based buffer overflow and potentially arbitrary code execution.
Family: unix Class: patch
Reference(s): DSA-2473-1
CVE-2012-1149
 Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
 Product(s): openoffice.org
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18515
 
Oval ID: oval:org.mitre.oval:def:18515
Title: DSA-2487-1 openoffice.org - buffer overflow
Description: It was discovered that OpenOffice.org would not properly process crafted document files, possibly leading to arbitrary code execution.
Family: unix Class: patch
Reference(s): DSA-2487-1
CVE-2012-1149
CVE-2012-2334
 Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
 Product(s): openoffice.org
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19447
 
Oval ID: oval:org.mitre.oval:def:19447
Title: DSA-2520-1 openoffice.org - Multiple heap-based buffer overflows
Description: Timo Warns from PRE-CERT discovered multiple heap-based buffer overflows in OpenOffice.org, an office productivity suite. The issues lies in the XML manifest encryption tag parsing code. Using specially crafted files, an attacker can cause application crash and could cause arbitrary code execution.
Family: unix Class: patch
Reference(s): DSA-2520-1
CVE-2012-2665
 Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
 Product(s): openoffice.org
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21265
 
Oval ID: oval:org.mitre.oval:def:21265
Title: USN-1901-1 -- raptor2 vulnerability
Description: Applications using Raptor could be made to expose sensitive information or run programs as your login if they opened a specially crafted file.
Family: unix Class: patch
Reference(s): USN-1901-1
CVE-2012-0037
 Version: 5
Platform(s): Ubuntu 12.04
 Product(s): raptor2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21322
 
Oval ID: oval:org.mitre.oval:def:21322
Title: RHSA-2012:0705: openoffice.org security update (Important)
Description: Integer overflow in filter/source/msfilter/msdffimp.cxx in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the length of an Escher graphics record in a PowerPoint (.ppt) document, which triggers a buffer overflow.
Family: unix Class: patch
Reference(s): RHSA-2012:0705-01
CESA-2012:0705
CVE-2012-1149
CVE-2012-2334
 Version: 29
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
CentOS Linux 5
CentOS Linux 6
 Product(s): openoffice.org
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21328
 
Oval ID: oval:org.mitre.oval:def:21328
Title: RHSA-2012:0410: raptor security update (Important)
Description: Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.
Family: unix Class: patch
Reference(s): RHSA-2012:0410-01
CESA-2012:0410
CVE-2012-0037
 Version: 4
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
 Product(s): raptor
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21348
 
Oval ID: oval:org.mitre.oval:def:21348
Title: RHSA-2012:1136: openoffice.org security update (Important)
Description: Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Open Document Text (.odt) file with (1) a child tag within an incorrect parent tag, (2) duplicate tags, or (3) a Base64 ChecksumAttribute whose length is not evenly divisible by four.
Family: unix Class: patch
Reference(s): RHSA-2012:1136-00
CESA-2012:1136
CVE-2012-2665
 Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
 Product(s): openoffice.org
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21381
 
Oval ID: oval:org.mitre.oval:def:21381
Title: RHSA-2011:0182: openoffice.org security update (Important)
Description: Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file in an ODF or Microsoft Office document.
Family: unix Class: patch
Reference(s): RHSA-2011:0182-01
CESA-2011:0182
CVE-2010-3450
CVE-2010-3451
CVE-2010-3452
CVE-2010-3453
CVE-2010-3454
CVE-2010-3689
CVE-2010-4253
CVE-2010-4643
 Version: 107
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
 Product(s): openoffice.org
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21474
 
Oval ID: oval:org.mitre.oval:def:21474
Title: RHSA-2012:0411: openoffice.org security update (Important)
Description: Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.
Family: unix Class: patch
Reference(s): RHSA-2012:0411-01
CESA-2012:0411
CVE-2012-0037
 Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
 Product(s): openoffice.org
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21514
 
Oval ID: oval:org.mitre.oval:def:21514
Title: RHSA-2012:1135: libreoffice security update (Important)
Description: Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Open Document Text (.odt) file with (1) a child tag within an incorrect parent tag, (2) duplicate tags, or (3) a Base64 ChecksumAttribute whose length is not evenly divisible by four.
Family: unix Class: patch
Reference(s): RHSA-2012:1135-01
CESA-2012:1135
CVE-2012-2665
 Version: 4
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
 Product(s): libreoffice
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21601
 
Oval ID: oval:org.mitre.oval:def:21601
Title: RHSA-2012:1043: libwpd security update (Important)
Description: The WPXContentListener::_closeTableRow function in WPXContentListener.cpp in libwpd 0.8.8, as used by OpenOffice.org (OOo) before 3.4, allows remote attackers to execute arbitrary code via a crafted Wordperfect .WPD document that causes a negative array index to be used. NOTE: some sources report this issue as an integer overflow.
Family: unix Class: patch
Reference(s): RHSA-2012:1043-00
CESA-2012:1043
CVE-2012-2149
 Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
 Product(s): libwpd
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21625
 
Oval ID: oval:org.mitre.oval:def:21625
Title: RHSA-2011:0183: openoffice.org security and bug fix update (Important)
Description: Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file in an ODF or Microsoft Office document.
Family: unix Class: patch
Reference(s): RHSA-2011:0183-01
CVE-2010-3450
CVE-2010-3451
CVE-2010-3452
CVE-2010-3453
CVE-2010-3454
CVE-2010-3689
CVE-2010-4253
CVE-2010-4643
 Version: 107
Platform(s): Red Hat Enterprise Linux 6
 Product(s): openoffice.org
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21919
 
Oval ID: oval:org.mitre.oval:def:21919
Title: RHSA-2010:0101: openoffice.org security update (Important)
Description: filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTSetBrc table property modifier in a Word document, related to a "boundary error flaw."
Family: unix Class: patch
Reference(s): RHSA-2010:0101-02
CESA-2010:0101
CVE-2009-2949
CVE-2009-2950
CVE-2009-3301
CVE-2009-3302
 Version: 55
Platform(s): Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 5
CentOS Linux 5
 Product(s): openoffice.org
openoffice.org2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21935
 
Oval ID: oval:org.mitre.oval:def:21935
Title: RHSA-2010:0459: openoffice.org security update (Moderate)
Description: OpenOffice.org 2.x and 3.0 before 3.2.1 allows user-assisted remote attackers to bypass Python macro security restrictions and execute arbitrary Python code via a crafted OpenDocument Text (ODT) file that triggers code execution when the macro directory structure is previewed.
Family: unix Class: patch
Reference(s): RHSA-2010:0459-01
CESA-2010:0459
CVE-2010-0395
 Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
 Product(s): openoffice.org
openoffice.org2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22001
 
Oval ID: oval:org.mitre.oval:def:22001
Title: ELSA-2009:1426: openoffice.org security update (Important)
Description: Heap-based buffer overflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via unspecified records in a crafted Word document, related to "table parsing."
Family: unix Class: patch
Reference(s): ELSA-2009:1426-01
CVE-2009-0200
CVE-2009-0201
 Version: 13
Platform(s): Oracle Linux 5
 Product(s): openoffice.org
openoffice.org2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22756
 
Oval ID: oval:org.mitre.oval:def:22756
Title: ELSA-2010:0459: openoffice.org security update (Moderate)
Description: OpenOffice.org 2.x and 3.0 before 3.2.1 allows user-assisted remote attackers to bypass Python macro security restrictions and execute arbitrary Python code via a crafted OpenDocument Text (ODT) file that triggers code execution when the macro directory structure is previewed.
Family: unix Class: patch
Reference(s): ELSA-2010:0459-01
CVE-2010-0395
 Version: 6
Platform(s): Oracle Linux 5
 Product(s): openoffice.org
openoffice.org2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22848
 
Oval ID: oval:org.mitre.oval:def:22848
Title: ELSA-2010:0101: openoffice.org security update (Important)
Description: filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTSetBrc table property modifier in a Word document, related to a "boundary error flaw."
Family: unix Class: patch
Reference(s): ELSA-2010:0101-02
CVE-2009-2949
CVE-2009-2950
CVE-2009-3301
CVE-2009-3302
 Version: 21
Platform(s): Oracle Linux 5
 Product(s): openoffice.org
openoffice.org2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22901
 
Oval ID: oval:org.mitre.oval:def:22901
Title: DEPRECATED: ELSA-2012:0705: openoffice.org security update (Important)
Description: Integer overflow in filter/source/msfilter/msdffimp.cxx in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the length of an Escher graphics record in a PowerPoint (.ppt) document, which triggers a buffer overflow.
Family: unix Class: patch
Reference(s): ELSA-2012:0705-01
CVE-2012-1149
CVE-2012-2334
 Version: 14
Platform(s): Oracle Linux 5
Oracle Linux 6
 Product(s): openoffice.org
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22980
 
Oval ID: oval:org.mitre.oval:def:22980
Title: ELSA-2009:1428: xmlsec1 security update (Moderate)
Description: The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.
Family: unix Class: patch
Reference(s): ELSA-2009:1428-01
CVE-2009-0217
 Version: 6
Platform(s): Oracle Linux 5
 Product(s): xmlsec1
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23069
 
Oval ID: oval:org.mitre.oval:def:23069
Title: ELSA-2011:0182: openoffice.org security update (Important)
Description: Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file in an ODF or Microsoft Office document.
Family: unix Class: patch
Reference(s): ELSA-2011:0182-01
CVE-2010-3450
CVE-2010-3451
CVE-2010-3452
CVE-2010-3453
CVE-2010-3454
CVE-2010-3689
CVE-2010-4253
CVE-2010-4643
 Version: 37
Platform(s): Oracle Linux 5
 Product(s): openoffice.org
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23100
 
Oval ID: oval:org.mitre.oval:def:23100
Title: ELSA-2012:1043: libwpd security update (Important)
Description: The WPXContentListener::_closeTableRow function in WPXContentListener.cpp in libwpd 0.8.8, as used by OpenOffice.org (OOo) before 3.4, allows remote attackers to execute arbitrary code via a crafted Wordperfect .WPD document that causes a negative array index to be used. NOTE: some sources report this issue as an integer overflow.
Family: unix Class: patch
Reference(s): ELSA-2012:1043-00
CVE-2012-2149
 Version: 6
Platform(s): Oracle Linux 5
 Product(s): libwpd
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23158
 
Oval ID: oval:org.mitre.oval:def:23158
Title: ELSA-2012:0411: openoffice.org security update (Important)
Description: Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.
Family: unix Class: patch
Reference(s): ELSA-2012:0411-01
CVE-2012-0037
 Version: 6
Platform(s): Oracle Linux 5
 Product(s): openoffice.org
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23289
 
Oval ID: oval:org.mitre.oval:def:23289
Title: ELSA-2012:1136: openoffice.org security update (Important)
Description: Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Open Document Text (.odt) file with (1) a child tag within an incorrect parent tag, (2) duplicate tags, or (3) a Base64 ChecksumAttribute whose length is not evenly divisible by four.
Family: unix Class: patch
Reference(s): ELSA-2012:1136-00
CVE-2012-2665
 Version: 6
Platform(s): Oracle Linux 5
 Product(s): openoffice.org
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23509
 
Oval ID: oval:org.mitre.oval:def:23509
Title: ELSA-2011:0183: openoffice.org security and bug fix update (Important)
Description: Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file in an ODF or Microsoft Office document.
Family: unix Class: patch
Reference(s): ELSA-2011:0183-01
CVE-2010-3450
CVE-2010-3451
CVE-2010-3452
CVE-2010-3453
CVE-2010-3454
CVE-2010-3689
CVE-2010-4253
CVE-2010-4643
 Version: 37
Platform(s): Oracle Linux 6
 Product(s): openoffice.org
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23553
 
Oval ID: oval:org.mitre.oval:def:23553
Title: ELSA-2012:0705: openoffice.org security update (Important)
Description: Integer overflow in filter/source/msfilter/msdffimp.cxx in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the length of an Escher graphics record in a PowerPoint (.ppt) document, which triggers a buffer overflow.
Family: unix Class: patch
Reference(s): ELSA-2012:0705-01
CVE-2012-1149
CVE-2012-2334
 Version: 13
Platform(s): Oracle Linux 5
Oracle Linux 6
 Product(s): openoffice.org
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23713
 
Oval ID: oval:org.mitre.oval:def:23713
Title: ELSA-2012:1135: libreoffice security update (Important)
Description: Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Open Document Text (.odt) file with (1) a child tag within an incorrect parent tag, (2) duplicate tags, or (3) a Base64 ChecksumAttribute whose length is not evenly divisible by four.
Family: unix Class: patch
Reference(s): ELSA-2012:1135-01
CVE-2012-2665
 Version: 6
Platform(s): Oracle Linux 6
 Product(s): libreoffice
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23828
 
Oval ID: oval:org.mitre.oval:def:23828
Title: ELSA-2012:0410: raptor security update (Important)
Description: Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.
Family: unix Class: patch
Reference(s): ELSA-2012:0410-01
CVE-2012-0037
 Version: 6
Platform(s): Oracle Linux 6
 Product(s): raptor
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25102
 
Oval ID: oval:org.mitre.oval:def:25102
Title: USN-2253-1 -- libreoffice vulnerability
Description: LibreOffice would unconditionally execute certain VBA macros.
Family: unix Class: patch
Reference(s): USN-2253-1
CVE-2014-0247
 Version: 3
Platform(s): Ubuntu 14.04
 Product(s): libreoffice
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27650
 
Oval ID: oval:org.mitre.oval:def:27650
Title: DEPRECATED: ELSA-2012-1135 -- libreoffice security update (important)
Description: [3.4.5.2-16.1.0.1.el6_3 ] - Replaced RedHat colors with Oracle colors, and the filename redhat.soc with oracle.soc in specfile - Build with --with-vendor='Oracle America, Inc.' [3.4.5.2-16.1] - Resolves: rhbz#839867 CVE-2012-2665
Family: unix Class: patch
Reference(s): ELSA-2012-1135
CVE-2012-2665
 Version: 4
Platform(s): Oracle Linux 6
 Product(s): libreoffice
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27750
 
Oval ID: oval:org.mitre.oval:def:27750
Title: DEPRECATED: ELSA-2012-0705 -- openoffice.org security update (important)
Description: [1:3.2.1-19.6.0.1.el6_2.7] - Replaced RedHat colors with Oracle colors, OOO_VENDOR with Oracle Corp., and the filename redhat.soc with oracle.soc in specfile [1:3.2.1-19.6.7] - Resolves: CVE-2012-2334 Integer overflow leading to buffer overflow by processing invalid Escher graphics records length in the Powerpoint documents [1:3.2.1-19.6.6] - Resolves: CVE-2012-1149 Integer overflows, leading to heap-buffer overflows in JPEG, PNG and BMP reader implementations
Family: unix Class: patch
Reference(s): ELSA-2012-0705
CVE-2012-1149
CVE-2012-2334
 Version: 4
Platform(s): Oracle Linux 6
 Product(s): openoffice.org
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27837
 
Oval ID: oval:org.mitre.oval:def:27837
Title: DEPRECATED: ELSA-2012-0410 -- raptor security update (important)
Description: [1.4.18-5.1] - Fixed XML entity expansion that could lead to information disclosure (CVE-2012-0037) Resolves: rhbz#804496
Family: unix Class: patch
Reference(s): ELSA-2012-0410
CVE-2012-0037
 Version: 4
Platform(s): Oracle Linux 6
 Product(s): raptor
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28209
 
Oval ID: oval:org.mitre.oval:def:28209
Title: DEPRECATED: ELSA-2011-0183 -- openoffice.org security and bug fix update (important)
Description: [3.2.1-19.3.0.1.el6_0.5] - Replaced RedHat colors with Oracle colors, OOO_VENDOR with Oracle Corp., and the filename redhat.soc with oracle.soc in specfile bug#10911 [1:3.2.1-19.6.5] - Related: rhbz#671087 set right file permissions [1:3.2.1-19.6.4] - Resolves: rhbz#671087 file locks are not created with gvfs-sftp volumes with OpenOffice.org [1:3.2.1-19.6.3] - Resolves: rhbz#642200 openoffice.org various flaws - CVE-2010-4643 heap based buffer overflow when parsing TGA files [1:3.2.1-19.6.2] - Resolves: rhbz#642200 openoffice.org various flaws - CVE-2010-4253 heap based buffer overflow in PPT import [1:3.2.1-19.6.1] - Resolves: rhbz#642200 openoffice.org various flaws - CVE-2010-3450 directory traversal flaws in handling of XSLT jar filter descriptions and OXT extension files - CVE-2010-3451 Array index error by insecure parsing of broken rtf tables - CVE-2010-3452 Integer signedness error (crash) by processing certain RTF tags - CVE-2010-3453 Heap-based buffer overflow by processing *.doc files with WW8 list styles with specially-crafted count of list levels - CVE-2010-3454 Array index error by scanning document typography information of certain *.doc files - CVE-2010-3689 soffice insecure LD_LIBRARY_PATH setting
Family: unix Class: patch
Reference(s): ELSA-2011-0183
CVE-2010-3450
CVE-2010-3451
CVE-2010-3452
CVE-2010-3453
CVE-2010-3454
CVE-2010-3689
CVE-2010-4253
CVE-2010-4643
 Version: 4
Platform(s): Oracle Linux 6
 Product(s): openoffice.org
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29111
 
Oval ID: oval:org.mitre.oval:def:29111
Title: RHSA-2009:1426 -- openoffice.org security update (Important)
Description: Updated openoffice.org packages that correct security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor, and a drawing program. An integer underflow flaw and a boundary error flaw, both possibly leading to a heap-based buffer overflow, were found in the way OpenOffice.org parses certain records in Microsoft Word documents. An attacker could create a specially-crafted Microsoft Word document, which once opened by an unsuspecting user, could cause OpenOffice.org to crash or, potentially, execute arbitrary code with the permissions of the user running OpenOffice.org. (CVE-2009-0200, CVE-2009-0201) All users of OpenOffice.org are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of OpenOffice.org applications must be restarted for this update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2009:1426
CESA-2009:1426-CentOS 3
CVE-2009-0200
CVE-2009-0201
 Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 3
 Product(s): openoffice.org
openoffice.org2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29320
 
Oval ID: oval:org.mitre.oval:def:29320
Title: RHSA-2009:1428 -- xmlsec1 security update (Moderate)
Description: Updated xmlsec1 packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The XML Security Library is a C library based on libxml2 and OpenSSL. It implements the XML Signature Syntax and Processing and XML Encryption Syntax and Processing standards. HMAC is used for message authentication using cryptographic hash functions. The HMAC algorithm allows the hash output to be truncated (as documented in RFC 2104).
Family: unix Class: patch
Reference(s): RHSA-2009:1428
CESA-2009:1428-CentOS 5
CVE-2009-0217
 Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 4
CentOS Linux 5
 Product(s): xmlsec1
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6910
 
Oval ID: oval:org.mitre.oval:def:6910
Title: DSA-1995 openoffice.org -- several vulnerabilities
Description: Several vulnerabilities have been discovered in the OpenOffice.org office suite. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that macro security settings were insufficiently enforced for VBA macros. It was discovered that the W3C XML Signature recommendation contains a protocol-level vulnerability related to HMAC output truncation. This also affects the integrated libxmlsec library. Sebastian Apelt discovered that an integer overflow in the XPM import code may lead to the execution of arbitrary code. Sebastian Apelt and Frank Reissner discovered that a buffer overflow in the GIF import code may lead to the execution of arbitrary code. Nicolas Joly discovered multiple vulnerabilities in the parser for Word document files, which may lead to the execution of arbitrary code.
Family: unix Class: patch
Reference(s): DSA-1995
CVE-2010-0136
CVE-2009-0217
CVE-2009-2949
CVE-2009-2950
CVE-2009-3301
CVE-2009-3302
 Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
 Product(s): openoffice.org
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7158
 
Oval ID: oval:org.mitre.oval:def:7158
Title: XML Signature HMAC Truncation Authentication Bypass Vulnerability
Description: The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0217
 Version: 11
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
 Product(s): Microsoft .NET Framework
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7932
 
Oval ID: oval:org.mitre.oval:def:7932
Title: DSA-1849 xml-security-c -- design flaw
Description: It was discovered that the W3C XML Signature recommendation contains a protocol-level vulnerability related to HMAC output truncation. This update implements the proposed workaround in the C++ version of the Apache implementation of this standard, xml-security-c, by preventing truncation to output strings shorter than 80 bits or half of the original HMAC output, whichever is greater.
Family: unix Class: patch
Reference(s): DSA-1849
CVE-2009-0217
 Version: 3
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
 Product(s): xml-security-c
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8717
 
Oval ID: oval:org.mitre.oval:def:8717
Title: HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
Description: The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0217
 Version: 11
Platform(s): HP-UX 11
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 8
Application 7
Application 70
Application 1
Application 67
Application 1
Application 8
Application 60
Application 213
Application 3
Application 6
Application 6
Application 1
Application 1
Application 1
Application 1
Application 1
Os 12
Os 4
Os 7
Os 4
Os 2
Os 3
Os 1
Os 1
Os 1
Os 3
Os 1
Os 1
Os 1
Os 3
Os 2

OpenVAS Exploits

Date Description
2012-12-24 Name : LibreOffice Graphic Object Loading Buffer Overflow Vulnerability (Mac OS X)
File : nvt/gb_libreoffice_graphic_object_bof_vuln_macosx.nasl
2012-12-24 Name : LibreOffice Graphic Object Loading Buffer Overflow Vulnerability (Windows)
File : nvt/gb_libreoffice_graphic_object_bof_vuln_win.nasl
2012-12-24 Name : LibreOffice XML Manifest Handling Buffer Overflow Vulnerabilities (Mac OS X)
File : nvt/gb_libreoffice_xml_manifest_bof_vuln_macosx.nasl
2012-12-24 Name : LibreOffice XML Manifest Handling Buffer Overflow Vulnerabilities (Windows)
File : nvt/gb_libreoffice_xml_manifest_bof_vuln_win.nasl
2012-12-24 Name : OpenOffice Multiple Buffer Overflow Vulnerabilities - Dec12 (Windows)
File : nvt/gb_openoffice_mult_bof_vuln_dec12_win.nasl
2012-09-26 Name : Gentoo Security Advisory GLSA 201209-05 (libreoffice)
File : nvt/glsa_201209_05.nasl
2012-08-30 Name : Debian Security Advisory DSA 2487-1 (openoffice.org)
File : nvt/deb_2487_1.nasl
2012-08-30 Name : Fedora Update for raptor FEDORA-2012-10591
File : nvt/gb_fedora_2012_10591_raptor_fc17.nasl
2012-08-30 Name : Fedora Update for raptor2 FEDORA-2012-4629
File : nvt/gb_fedora_2012_4629_raptor2_fc17.nasl
2012-08-14 Name : Fedora Update for libreoffice FEDORA-2012-11402
File : nvt/gb_fedora_2012_11402_libreoffice_fc16.nasl
2012-08-14 Name : Ubuntu Update for libreoffice USN-1536-1
File : nvt/gb_ubuntu_USN_1536_1.nasl
2012-08-14 Name : Ubuntu Update for openoffice.org USN-1537-1
File : nvt/gb_ubuntu_USN_1537_1.nasl
2012-08-10 Name : Debian Security Advisory DSA 2520-1 (openoffice.org)
File : nvt/deb_2520_1.nasl
2012-08-10 Name : Gentoo Security Advisory GLSA 201206-13 (mono mono-debugger)
File : nvt/glsa_201206_13.nasl
2012-08-03 Name : CentOS Update for autocorr-af CESA-2012:1135 centos6
File : nvt/gb_CESA-2012_1135_autocorr-af_centos6.nasl
2012-08-03 Name : CentOS Update for openoffice.org-base CESA-2012:1136 centos5
File : nvt/gb_CESA-2012_1136_openoffice.org-base_centos5.nasl
2012-08-03 Name : RedHat Update for libreoffice RHSA-2012:1135-01
File : nvt/gb_RHSA-2012_1135-01_libreoffice.nasl
2012-08-03 Name : Fedora Update for raptor FEDORA-2012-10590
File : nvt/gb_fedora_2012_10590_raptor_fc16.nasl
2012-08-03 Name : Mandriva Update for raptor MDVSA-2012:061 (raptor)
File : nvt/gb_mandriva_MDVSA_2012_061.nasl
2012-08-03 Name : Mandriva Update for libreoffice MDVSA-2012:063 (libreoffice)
File : nvt/gb_mandriva_MDVSA_2012_063.nasl
2012-08-03 Name : Mandriva Update for libreoffice MDVSA-2012:091 (libreoffice)
File : nvt/gb_mandriva_MDVSA_2012_091.nasl
2012-07-30 Name : CentOS Update for openoffice.org CESA-2011:0181 centos4 x86_64
File : nvt/gb_CESA-2011_0181_openoffice.org_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for openoffice.org-base CESA-2011:0182 centos5 x86_64
File : nvt/gb_CESA-2011_0182_openoffice.org-base_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for raptor CESA-2012:0410 centos6
File : nvt/gb_CESA-2012_0410_raptor_centos6.nasl
2012-07-30 Name : CentOS Update for openoffice.org-base CESA-2012:0411 centos5
File : nvt/gb_CESA-2012_0411_openoffice.org-base_centos5.nasl
2012-07-30 Name : CentOS Update for autocorr-af CESA-2012:0705 centos6
File : nvt/gb_CESA-2012_0705_autocorr-af_centos6.nasl
2012-07-30 Name : CentOS Update for openoffice.org-base CESA-2012:0705 centos5
File : nvt/gb_CESA-2012_0705_openoffice.org-base_centos5.nasl
2012-07-30 Name : CentOS Update for libwpd CESA-2012:1043 centos5
File : nvt/gb_CESA-2012_1043_libwpd_centos5.nasl
2012-07-09 Name : RedHat Update for openoffice.org RHSA-2011:0183-01
File : nvt/gb_RHSA-2011_0183-01_openoffice.org.nasl
2012-07-09 Name : RedHat Update for raptor RHSA-2012:0410-01
File : nvt/gb_RHSA-2012_0410-01_raptor.nasl
2012-07-03 Name : Ubuntu Update for libreoffice USN-1495-1
File : nvt/gb_ubuntu_USN_1495_1.nasl
2012-07-03 Name : Ubuntu Update for openoffice.org USN-1496-1
File : nvt/gb_ubuntu_USN_1496_1.nasl
2012-06-19 Name : Ubuntu Update for raptor USN-1480-1
File : nvt/gb_ubuntu_USN_1480_1.nasl
2012-06-15 Name : Fedora Update for libreoffice FEDORA-2012-8114
File : nvt/gb_fedora_2012_8114_libreoffice_fc15.nasl
2012-06-08 Name : RedHat Update for openoffice.org RHSA-2012:0705-01
File : nvt/gb_RHSA-2012_0705-01_openoffice.org.nasl
2012-05-31 Name : Debian Security Advisory DSA 2473-1 (openoffice.org)
File : nvt/deb_2473_1.nasl
2012-05-28 Name : Fedora Update for libreoffice FEDORA-2012-8042
File : nvt/gb_fedora_2012_8042_libreoffice_fc16.nasl
2012-04-30 Name : Debian Security Advisory DSA 2438-1 (raptor)
File : nvt/deb_2438_1.nasl
2012-04-30 Name : FreeBSD Ports: raptor2
File : nvt/freebsd_raptor2.nasl
2012-04-13 Name : Fedora Update for raptor2 FEDORA-2012-4663
File : nvt/gb_fedora_2012_4663_raptor2_fc16.nasl
2012-01-10 Name : LibreOffice 'DOC' File Denial of Service Vulnerability (Windows)
File : nvt/gb_libre_office_doc_file_dos_vuln_win.nasl
2011-10-21 Name : Fedora Update for libreoffice FEDORA-2011-14036
File : nvt/gb_fedora_2011_14036_libreoffice_fc15.nasl
2011-10-21 Name : Fedora Update for openoffice.org FEDORA-2011-14049
File : nvt/gb_fedora_2011_14049_openoffice.org_fc14.nasl
2011-10-16 Name : Debian Security Advisory DSA 2315-1 (openoffice.org)
File : nvt/deb_2315_1.nasl
2011-08-09 Name : CentOS Update for java CESA-2009:1201 centos5 i386
File : nvt/gb_CESA-2009_1201_java_centos5_i386.nasl
2011-08-09 Name : CentOS Update for openoffice.org CESA-2009:1426 centos3 i386
File : nvt/gb_CESA-2009_1426_openoffice.org_centos3_i386.nasl
2011-08-09 Name : CentOS Update for openoffice.org CESA-2009:1426 centos4 i386
File : nvt/gb_CESA-2009_1426_openoffice.org_centos4_i386.nasl
2011-08-09 Name : CentOS Update for xmlsec1 CESA-2009:1428 centos4 i386
File : nvt/gb_CESA-2009_1428_xmlsec1_centos4_i386.nasl
2011-08-09 Name : CentOS Update for xmlsec1 CESA-2009:1428 centos5 i386
File : nvt/gb_CESA-2009_1428_xmlsec1_centos5_i386.nasl
2011-08-09 Name : CentOS Update for openoffice.org-base CESA-2010:0101 centos5 i386
File : nvt/gb_CESA-2010_0101_openoffice.org-base_centos5_i386.nasl
2011-08-09 Name : CentOS Update for openoffice.org-base CESA-2010:0459 centos5 i386
File : nvt/gb_CESA-2010_0459_openoffice.org-base_centos5_i386.nasl
2011-08-09 Name : CentOS Update for openoffice.org-base CESA-2011:0182 centos5 i386
File : nvt/gb_CESA-2011_0182_openoffice.org-base_centos5_i386.nasl
2011-03-07 Name : Debian Security Advisory DSA 2151-1 (openoffice.org)
File : nvt/deb_2151_1.nasl
2011-03-05 Name : FreeBSD Ports: openoffice.org
File : nvt/freebsd_openoffice.org0.nasl
2011-02-18 Name : Fedora Update for openoffice.org FEDORA-2011-0837
File : nvt/gb_fedora_2011_0837_openoffice.org_fc13.nasl
2011-02-16 Name : Mandriva Update for openoffice.org MDVSA-2011:027 (openoffice.org)
File : nvt/gb_mandriva_MDVSA_2011_027.nasl
2011-02-11 Name : CentOS Update for openoffice.org CESA-2011:0181 centos4 i386
File : nvt/gb_CESA-2011_0181_openoffice.org_centos4_i386.nasl
2011-02-05 Name : OpenOffice.org 'soffice' Directory Traversal Vulnerability (Win)
File : nvt/secpod_openoffice_soffice_dir_traversal_vuln_win.nasl
2011-02-04 Name : Ubuntu Update for openoffice.org vulnerabilities USN-1056-1
File : nvt/gb_ubuntu_USN_1056_1.nasl
2011-01-31 Name : RedHat Update for openoffice.org and openoffice.org2 RHSA-2011:0181-01
File : nvt/gb_RHSA-2011_0181-01_openoffice.org_and_openoffice.org2.nasl
2010-11-16 Name : Mandriva Update for openoffice.org MDVSA-2010:221 (openoffice.org)
File : nvt/gb_mandriva_MDVSA_2010_221.nasl
2010-10-10 Name : Debian Security Advisory DSA 2099-1 (openoffice.org)
File : nvt/deb_2099_1.nasl
2010-08-30 Name : CentOS Update for openoffice.org CESA-2010:0643 centos3 i386
File : nvt/gb_CESA-2010_0643_openoffice.org_centos3_i386.nasl
2010-08-30 Name : CentOS Update for openoffice.org CESA-2010:0643 centos4 i386
File : nvt/gb_CESA-2010_0643_openoffice.org_centos4_i386.nasl
2010-08-30 Name : RedHat Update for openoffice.org RHSA-2010:0643-01
File : nvt/gb_RHSA-2010_0643-01_openoffice.org.nasl
2010-08-30 Name : OpenOffice.org Buffer Overflow and Directory Traversal Vulnerabilities (Win)
File : nvt/secpod_openoffice_mult_vuln_win.nasl
2010-06-11 Name : RedHat Update for openoffice.org RHSA-2010:0459-01
File : nvt/gb_RHSA-2010_0459-01_openoffice.org.nasl
2010-06-11 Name : Fedora Update for openoffice.org FEDORA-2010-9576
File : nvt/gb_fedora_2010_9576_openoffice.org_fc12.nasl
2010-06-11 Name : Fedora Update for openoffice.org FEDORA-2010-9628
File : nvt/gb_fedora_2010_9628_openoffice.org_fc11.nasl
2010-06-11 Name : Fedora Update for openoffice.org FEDORA-2010-9633
File : nvt/gb_fedora_2010_9633_openoffice.org_fc13.nasl
2010-06-11 Name : Ubuntu Update for openoffice.org vulnerability USN-949-1
File : nvt/gb_ubuntu_USN_949_1.nasl
2010-06-10 Name : Debian Security Advisory DSA 2055-1 (openoffice.org)
File : nvt/deb_2055_1.nasl
2010-06-09 Name : Microsoft .NET Framework XML HMAC Truncation Vulnerability (981343)
File : nvt/secpod_ms10-041.nasl
2010-05-28 Name : Mandriva Update for openoffice.org MDVSA-2010:105 (openoffice.org)
File : nvt/gb_mandriva_MDVSA_2010_105.nasl
2010-05-28 Name : Java for Mac OS X 10.5 Update 5
File : nvt/macosx_java_for_10_5_upd_5.nasl
2010-05-07 Name : Mandriva Update for openoffice.org MDVSA-2010:091 (openoffice.org)
File : nvt/gb_mandriva_MDVSA_2010_091.nasl
2010-03-22 Name : Mandriva Update for lvm2 MDVA-2010:105 (lvm2)
File : nvt/gb_mandriva_MDVA_2010_105.nasl
2010-03-22 Name : SuSE Update for OpenOffice_org SUSE-SA:2010:017
File : nvt/gb_suse_2010_017.nasl
2010-03-16 Name : FreeBSD Ports: openoffice.org
File : nvt/freebsd_openoffice.org.nasl
2010-03-12 Name : Mandriva Update for slib MDVA-2010:091 (slib)
File : nvt/gb_mandriva_MDVA_2010_091.nasl
2010-03-12 Name : Mandriva Update for openoffice.org MDVSA-2010:056 (openoffice.org)
File : nvt/gb_mandriva_MDVSA_2010_056.nasl
2010-03-02 Name : Fedora Update for openoffice.org FEDORA-2010-1847
File : nvt/gb_fedora_2010_1847_openoffice.org_fc12.nasl
2010-03-02 Name : Fedora Update for openoffice.org FEDORA-2010-1941
File : nvt/gb_fedora_2010_1941_openoffice.org_fc11.nasl
2010-03-02 Name : Ubuntu Update for openoffice.org vulnerabilities USN-903-1
File : nvt/gb_ubuntu_USN_903_1.nasl
2010-02-19 Name : OpenOffice Multiple Remote Code Execution Vulnerabilities - Feb10
File : nvt/gb_openoffice_mult_code_exec_vuln_win_feb10.nasl
2010-02-15 Name : CentOS Update for openoffice.org CESA-2010:0101 centos3 i386
File : nvt/gb_CESA-2010_0101_openoffice.org_centos3_i386.nasl
2010-02-15 Name : RedHat Update for openoffice.org RHSA-2010:0101-02
File : nvt/gb_RHSA-2010_0101-02_openoffice.org.nasl
2010-02-15 Name : Mandriva Update for samba MDVA-2010:056 (samba)
File : nvt/gb_mandriva_MDVA_2010_056.nasl
2010-02-15 Name : Mandriva Update for openoffice.org MDVSA-2010:035 (openoffice.org)
File : nvt/gb_mandriva_MDVSA_2010_035.nasl
2010-02-03 Name : Solaris Update for Kernel 122300-48
File : nvt/gb_solaris_122300_48.nasl
2010-02-03 Name : Solaris Update for Kernel 122301-48
File : nvt/gb_solaris_122301_48.nasl
2009-12-30 Name : RedHat Security Advisory RHSA-2009:1694
File : nvt/RHSA_2009_1694.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:318 (xmlsec1)
File : nvt/mdksa_2009_318.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:322 (mono)
File : nvt/mdksa_2009_322.nasl
2009-11-17 Name : Mac OS X Version
File : nvt/macosx_version.nasl
2009-11-11 Name : SLES11: Security update for IBM Java 1.6.0
File : nvt/sles11_java-1_6_0-ibm1.nasl
2009-10-19 Name : Mandrake Security Advisory MDVSA-2009:267 (xmlsec1)
File : nvt/mdksa_2009_267.nasl
2009-10-19 Name : Mandrake Security Advisory MDVSA-2009:268 (mono)
File : nvt/mdksa_2009_268.nasl
2009-10-19 Name : Mandrake Security Advisory MDVSA-2009:269 (mono)
File : nvt/mdksa_2009_269.nasl
2009-10-13 Name : Solaris Update for pkg utilities 113713-28
File : nvt/gb_solaris_113713_28.nasl
2009-10-13 Name : Solaris Update for /usr/bin/ssh 114356-19
File : nvt/gb_solaris_114356_19.nasl
2009-10-13 Name : Solaris Update for /usr/bin/ssh 114357-18
File : nvt/gb_solaris_114357_18.nasl
2009-10-13 Name : Solaris Update for Kernel 122300-44
File : nvt/gb_solaris_122300_44.nasl
2009-10-13 Name : Solaris Update for Kernel 122301-44
File : nvt/gb_solaris_122301_44.nasl
2009-10-10 Name : SLES9: Security update for bind
File : nvt/sles9p5015338.nasl
2009-10-10 Name : SLES9: Security update for openssl
File : nvt/sles9p5020640.nasl
2009-09-23 Name : Solaris Update for pkg utilities 114568-27
File : nvt/gb_solaris_114568_27.nasl
2009-09-23 Name : Solaris Update for Kernel 122301-42
File : nvt/gb_solaris_122301_42.nasl
2009-09-21 Name : SuSE Security Summary SUSE-SR:2009:015
File : nvt/suse_sr_2009_015.nasl
2009-09-15 Name : CentOS Security Advisory CESA-2009:1428 (xmlsec1)
File : nvt/ovcesa2009_1428.nasl
2009-09-09 Name : RedHat Security Advisory RHSA-2009:1426
File : nvt/RHSA_2009_1426.nasl
2009-09-09 Name : RedHat Security Advisory RHSA-2009:1428
File : nvt/RHSA_2009_1428.nasl
2009-09-09 Name : Fedora Core 10 FEDORA-2009-9256 (openoffice.org)
File : nvt/fcore_2009_9256.nasl
2009-09-09 Name : CentOS Security Advisory CESA-2009:1426 (openoffice.org)
File : nvt/ovcesa2009_1426.nasl
2009-09-08 Name : OpenOffice.org Word Documents Parsing Buffer Overflow Vulnerability (Linux)
File : nvt/gb_openoffice_word_bof_vuln_lin.nasl
2009-09-08 Name : OpenOffice.org Word Documents Parsing Buffer Overflow Vulnerability (Win)
File : nvt/gb_openoffice_word_bof_vuln_win.nasl
2009-09-02 Name : Mandrake Security Advisory MDVSA-2009:209 (java-1.6.0-openjdk)
File : nvt/mdksa_2009_209.nasl
2009-09-02 Name : Ubuntu USN-826-1 (mono)
File : nvt/ubuntu_826_1.nasl
2009-08-17 Name : RedHat Security Advisory RHSA-2009:1200
File : nvt/RHSA_2009_1200.nasl
2009-08-17 Name : RedHat Security Advisory RHSA-2009:1201
File : nvt/RHSA_2009_1201.nasl
2009-08-17 Name : Debian Security Advisory DSA 1849-1 (xml-security-c)
File : nvt/deb_1849_1.nasl
2009-08-17 Name : Fedora Core 10 FEDORA-2009-8121 (xml-security-c)
File : nvt/fcore_2009_8121.nasl
2009-08-17 Name : Fedora Core 11 FEDORA-2009-8157 (xml-security-c)
File : nvt/fcore_2009_8157.nasl
2009-08-17 Name : Fedora Core 11 FEDORA-2009-8329 (java-1.6.0-openjdk)
File : nvt/fcore_2009_8329.nasl
2009-08-17 Name : Fedora Core 10 FEDORA-2009-8337 (java-1.6.0-openjdk)
File : nvt/fcore_2009_8337.nasl
2009-08-17 Name : Fedora Core 10 FEDORA-2009-8456 (xmlsec1)
File : nvt/fcore_2009_8456.nasl
2009-08-17 Name : Fedora Core 11 FEDORA-2009-8473 (xmlsec1)
File : nvt/fcore_2009_8473.nasl
2009-08-17 Name : FreeBSD Ports: mono
File : nvt/freebsd_mono0.nasl
2009-08-17 Name : CentOS Security Advisory CESA-2009:1201 (java-1.6.0-openjdk)
File : nvt/ovcesa2009_1201.nasl
2009-08-17 Name : Ubuntu USN-814-1 (openjdk-6)
File : nvt/ubuntu_814_1.nasl
2009-06-03 Name : Solaris Update for pkg utilities 113713-27
File : nvt/gb_solaris_113713_27.nasl
2009-06-03 Name : Solaris Update for NSPR 4.1.6 / NSS 3.3.4.8 114049-14
File : nvt/gb_solaris_114049_14.nasl
2009-06-03 Name : Solaris Update for /usr/bin/ssh 114356-18
File : nvt/gb_solaris_114356_18.nasl
2009-06-03 Name : Solaris Update for /usr/bin/ssh 114357-17
File : nvt/gb_solaris_114357_17.nasl
2009-06-03 Name : Solaris Update for pkg utilities 114568-26
File : nvt/gb_solaris_114568_26.nasl
2009-06-03 Name : Solaris Update for wanboot 117123-08
File : nvt/gb_solaris_117123_08.nasl
2009-06-03 Name : Solaris Update for kernel 120011-14
File : nvt/gb_solaris_120011_14.nasl
2009-06-03 Name : Solaris Update for Kernel 122300-40
File : nvt/gb_solaris_122300_40.nasl
2009-06-03 Name : Solaris Update for Kernel 122301-40
File : nvt/gb_solaris_122301_40.nasl
2009-06-03 Name : Solaris Update for wanboot 122715-02
File : nvt/gb_solaris_122715_02.nasl
2009-06-03 Name : Solaris Update for bootconfchk 123376-01
File : nvt/gb_solaris_123376_01.nasl
2009-06-03 Name : Solaris Update for bootconfchk 123377-01
File : nvt/gb_solaris_123377_01.nasl
2009-06-03 Name : Solaris Update for kernel 127127-11
File : nvt/gb_solaris_127127_11.nasl
2009-06-03 Name : Solaris Update for kernel 127128-11
File : nvt/gb_solaris_127128_11.nasl
2009-05-05 Name : HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
File : nvt/gb_hp_ux_HPSBUX02186.nasl
2009-05-05 Name : HP-UX Update for BIND HPSBUX02219
File : nvt/gb_hp_ux_HPSBUX02219.nasl
2009-01-28 Name : SuSE Update for IBMJava2 SUSE-SA:2007:010
File : nvt/gb_suse_2007_010.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200609-05 (openssl)
File : nvt/glsa_200609_05.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200609-18 (opera)
File : nvt/glsa_200609_18.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200610-06 (nss)
File : nvt/glsa_200610_06.nasl
2008-09-04 Name : FreeBSD Ports: openssl
File : nvt/freebsd_openssl1.nasl
2008-09-04 Name : FreeBSD Ports: opera, opera-devel, linux-opera
File : nvt/freebsd_opera2.nasl
2008-09-04 Name : FreeBSD Security Advisory (FreeBSD-SA-06:19.openssl.asc)
File : nvt/freebsdsa_openssl3.nasl
2008-01-17 Name : Debian Security Advisory DSA 1173-1 (openssl)
File : nvt/deb_1173_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1174-1 (openssl096)
File : nvt/deb_1174_1.nasl
0000-00-00 Name : Slackware Advisory SSA:2006-257-02 openssl
File : nvt/esoft_slk_ssa_2006_257_02.nasl
0000-00-00 Name : Slackware Advisory SSA:2006-310-01 bind
File : nvt/esoft_slk_ssa_2006_310_01.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
76178 OpenOffice.org (OOo) Out-of-of Bounds Read DOC FIle Handling Remote DoS
70718 OpenOffice.org (OOo) Impress Crafted TGA File Handling Overflow

OpenOffice.org is prone to an overflow condition. The Impress component fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted TGA file, a context-dependent attacker can potentially execute arbitrary code.
70717 OpenOffice.org (OOo) Impress Crafted PNG File Handling Overflow

OpenOffice.org is prone to an overflow condition. The Impress component fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted PNG file, a context-dependent attacker can potentially execute arbitrary code.
70716 OpenOffice.org (OOo) soffice LD_LIBRARY_PATH Zero-length Directory Name Path ...

OpenOffice.org is prone to a flaw in the way it handles a a zero-length directory name in the LD_LIBRARY_PATH. The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.
70715 OpenOffice.org (OOo) oowriter WW8DopTypography::ReadFromMem Function Crafted ...

OpenOffice.org is prone to an overflow condition. The 'WW8DopTypography::ReadFromMem' function in oowriter fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With specially crafted typography information in a crafted .DOC file which triggers an out-of-bound write, a context-dependent attacker can potentially execute arbitrary code.
70714 OpenOffice.org (OOo) oowriter WW8ListManager::WW8ListManager Function Crafted...

OpenOffice.org is prone to an overflow condition. The WW8ListManager::WW8ListManager function in oowriter fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted .DOC file containing certain WW8 data which triggers an out-of-bounds write, a context-dependent attacker can potentially execute arbitrary code.
70713 OpenOffice.org (OOo) oowriter RTF Document Crafted Tags Use-after-free Overflow

OpenOffice.org is prone to an overflow condition. The suite tool, oowriter, fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted RTF file, a context-dependent attacker can potentially execute arbitrary code.
70712 OpenOffice.org (OOo) oowriter RTF Document Malformed Table Use-after-free Ove...

OpenOffice.org is prone to an overflow condition. The suite tool, oowriter, fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted RTF document which triggers an out-of-bounds memory read, a context-dependent attacker can potentially execute arbitrary code.
70711 OpenOffice.org (OOo) Multiple File Type Traversal Arbitrary File Overwrite

OpenOffice.org contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the program not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via an XSLT JAR filter description file, an Extension (.oxt) file, or possibly other JAR or ZIP files. This directory traversal attack would allow the attacker to overwrite arbitrary files.
67041 OpenOffice.org (OOo) Impress Multiple Unspecified Overflows
65203 OpenOffice.org (OOo) Scripting IDE Python Code Parsing Arbitrary Code Execution
62385 OpenOffice.org (OOo) filter/ww8/ww8par2.cxx sprmTSetBrc Table Boundary Error DoS
62384 OpenOffice.org (OOo) filter/ww8/ww8par2.cxx sprmTDefTable Table Underflow
62383 OpenOffice.org (OOo) filter.vcl/lgif/decode.cxx GIFLZWDecompressor::GIFLZWDec...
62382 OpenOffice.org (OOo) filter.vcl/ixpm/svt_xpmread.cxx XPMReader::ReadXPM Funct...
58211 StarOffice / StarSuite Word Document Table Parsing Heap Overflow
58210 StarOffice / StarSuite Word Document Table Parsing Buffer Overflow
57659 OpenOffice.org (OOo) Word Document Table Parsing Heap Overflow
57658 OpenOffice.org (OOo) Word Document Table Parsing Buffer Overflow
56243 W3C XML Signature Syntax and Processing (XMLDsig) HMACOutputLength Signature ...
55907 Oracle BEA WebLogic Server Web Services Package HMACOutputLength Signature Sp...
55895 Oracle Application Server Security Developer Tools HMACOutputLength Signature...
28549 OpenSSL RSA Key PKCS #1 v1.5 Signature Forgery

OpenSSL contains a flaw that may allow a malicious user to bypass certain security restrictions. The issue is triggered due to an error within the verification of certain signatures, if an RSA key with exponent 3 is used it may be possible to forge a PKCS #1 v1.5 signature signed by that key. It is possible that the flaw may allow bypassing security restrictions resulting in a loss of integrity.

Information Assurance Vulnerability Management (IAVM)

Date Description
2010-06-10 IAVM : 2010-B-0046 - Microsoft .NET Framework Data Tampering Vulnerability
Severity : Category II - VMSKEY : V0024367

Snort® IPS/IDS

Date Description
2015-07-22 OpenOffice Word document table parsing sprmTDelete heap buffer overflow attempt
RuleID : 34925 - Revision : 2 - Type : FILE-OFFICE
2015-07-22 OpenOffice Word document table parsing sprmTDelete heap buffer overflow attempt
RuleID : 34924 - Revision : 2 - Type : FILE-OFFICE
2014-01-10 Microsoft Windows WordPad sprmTSetBrc SPRM overflow attempt
RuleID : 26676 - Revision : 5 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Word file sprmTSetBrc processing buffer overflow attempt
RuleID : 26675 - Revision : 2 - Type : FILE-OFFICE
2014-01-10 Apache XML HMAC truncation authentication bypass attempt
RuleID : 21337 - Revision : 4 - Type : SERVER-APACHE
2014-01-10 OpenOffice.org XPM file processing integer overflow attempt
RuleID : 18537 - Revision : 13 - Type : FILE-OTHER
2014-01-10 OpenOffice.org Microsoft Office Word file processing integer underflow attempt
RuleID : 18536 - Revision : 15 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Word file sprmTSetBrc processing buffer overflow attempt
RuleID : 18535 - Revision : 15 - Type : FILE-OFFICE
2014-01-10 OpenOffice Word document table parsing heap buffer overflow attempt
RuleID : 17665 - Revision : 8 - Type : FILE-OFFICE
2014-01-10 Microsoft Windows WordPad sprmTSetBrc SPRM overflow attempt
RuleID : 17250 - Revision : 18 - Type : FILE-OFFICE
2014-01-10 Microsoft Windows .NET framework XMLDsig data tampering attempt
RuleID : 16636 - Revision : 14 - Type : OS-WINDOWS

Nessus® Vulnerability Scanner

Date Description
2015-03-26 Name : The remote Debian host is missing a security update.
File : debian_DLA-44.nasl - Type : ACT_GATHER_INFO
2015-03-26 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20150305_libreoffice_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2015-03-18 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2015-0377.nasl - Type : ACT_GATHER_INFO
2015-03-13 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-0377.nasl - Type : ACT_GATHER_INFO
2015-03-05 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0377.nasl - Type : ACT_GATHER_INFO
2014-10-10 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL6623.nasl - Type : ACT_GATHER_INFO
2014-09-01 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201408-19.nasl - Type : ACT_GATHER_INFO
2014-07-18 Name : The remote host contains an application that is affected by a vulnerability t...
File : libreoffice_425.nasl - Type : ACT_GATHER_INFO
2014-07-18 Name : The remote host contains an application that is affected by a vulnerability t...
File : macosx_libreoffice_425.nasl - Type : ACT_GATHER_INFO
2014-07-03 Name : The remote Fedora host is missing a security update.
File : fedora_2014-7679.nasl - Type : ACT_GATHER_INFO
2014-07-02 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-446.nasl - Type : ACT_GATHER_INFO
2014-06-24 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2253-1.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-183.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-187.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_OpenOffice_org-110330.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_OpenOffice_org-draw-100906.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_libreoffice-34-111007.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_libreoffice-34-111007.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2006-0661.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1201.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1426.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1428.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0101.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0643.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0181.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0183.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0410.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0705.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-1135.nasl - Type : ACT_GATHER_INFO
2013-07-09 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1901-1.nasl - Type : ACT_GATHER_INFO
2013-02-22 Name : The remote Unix host contains a runtime environment that is affected by multi...
File : sun_java_jre_263408_unix.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-0062.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-0073.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1426.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1636.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1637.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1649.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1650.nasl - Type : ACT_GATHER_INFO
2012-12-14 Name : The remote host has an application installed that is affected by multiple vul...
File : lotus_symphony_3_0_1_fp2.nasl - Type : ACT_GATHER_INFO
2012-09-25 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201209-05.nasl - Type : ACT_GATHER_INFO
2012-09-06 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-172.nasl - Type : ACT_GATHER_INFO
2012-09-06 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-063.nasl - Type : ACT_GATHER_INFO
2012-09-06 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-091.nasl - Type : ACT_GATHER_INFO
2012-09-06 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-123.nasl - Type : ACT_GATHER_INFO
2012-08-30 Name : The remote Windows host has a program affected by multiple heap-based buffer ...
File : openoffice_341.nasl - Type : ACT_GATHER_INFO
2012-08-14 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1536-1.nasl - Type : ACT_GATHER_INFO
2012-08-14 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1537-1.nasl - Type : ACT_GATHER_INFO
2012-08-13 Name : The remote Fedora host is missing a security update.
File : fedora_2012-11402.nasl - Type : ACT_GATHER_INFO
2012-08-06 Name : The remote host contains an application that is affected by multiple buffer o...
File : libreoffice_355.nasl - Type : ACT_GATHER_INFO
2012-08-06 Name : The remote host contains an application that is affected by multiple buffer o...
File : macosx_libreoffice_355.nasl - Type : ACT_GATHER_INFO
2012-08-03 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-1135.nasl - Type : ACT_GATHER_INFO
2012-08-03 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-1136.nasl - Type : ACT_GATHER_INFO
2012-08-03 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2520.nasl - Type : ACT_GATHER_INFO
2012-08-03 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120801_libreoffice_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-03 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120801_openoffice_org_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-02 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1135.nasl - Type : ACT_GATHER_INFO
2012-08-02 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1136.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090806_java_1_6_0_openjdk_on_SL5_3.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090824_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090904_openoffice_org_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090908_xmlsec1_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100212_openoffice_org_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100212_openoffice_org_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100212_openoffice_org_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100607_openoffice_org2_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100607_openoffice_org_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100823_openoffice_org2_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100823_openoffice_org_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100823_openoffice_org_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110128_openoffice_org_and_openoffice_org2_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110128_openoffice_org_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110128_openoffice_org_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120322_openoffice_org_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120322_raptor_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120604_openoffice_org_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120626_libwpd_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-07-31 Name : The remote Fedora host is missing a security update.
File : fedora_2012-10590.nasl - Type : ACT_GATHER_INFO
2012-07-31 Name : The remote Fedora host is missing a security update.
File : fedora_2012-10591.nasl - Type : ACT_GATHER_INFO
2012-07-03 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1495-1.nasl - Type : ACT_GATHER_INFO
2012-07-03 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1496-1.nasl - Type : ACT_GATHER_INFO
2012-06-29 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2487.nasl - Type : ACT_GATHER_INFO
2012-06-28 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-1043.nasl - Type : ACT_GATHER_INFO
2012-06-27 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1043.nasl - Type : ACT_GATHER_INFO
2012-06-22 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201206-13.nasl - Type : ACT_GATHER_INFO
2012-06-19 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1480-1.nasl - Type : ACT_GATHER_INFO
2012-06-14 Name : The remote Fedora host is missing a security update.
File : fedora_2012-8114.nasl - Type : ACT_GATHER_INFO
2012-06-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0705.nasl - Type : ACT_GATHER_INFO
2012-06-05 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0705.nasl - Type : ACT_GATHER_INFO
2012-05-29 Name : The remote Fedora host is missing a security update.
File : fedora_2012-8042.nasl - Type : ACT_GATHER_INFO
2012-05-18 Name : The remote Windows host has a program affected by multiple memory corruption ...
File : openoffice_34.nasl - Type : ACT_GATHER_INFO
2012-05-17 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2473.nasl - Type : ACT_GATHER_INFO
2012-05-17 Name : The remote host contains an application affected by multiple memory corruptio...
File : libreoffice_353.nasl - Type : ACT_GATHER_INFO
2012-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-061.nasl - Type : ACT_GATHER_INFO
2012-04-13 Name : The remote Fedora host is missing a security update.
File : fedora_2012-4663.nasl - Type : ACT_GATHER_INFO
2012-04-12 Name : The remote Fedora host is missing a security update.
File : fedora_2012-4629.nasl - Type : ACT_GATHER_INFO
2012-04-12 Name : The remote host is running an application affected by a data leakage vulnerab...
File : libreoffice_351.nasl - Type : ACT_GATHER_INFO
2012-04-12 Name : The remote host is running an application affected by a data leakage vulnerab...
File : macosx_libreoffice_351.nasl - Type : ACT_GATHER_INFO
2012-04-12 Name : The remote host is running an application affected by a data leakage vulnerab...
File : openoffice_2012_0037.nasl - Type : ACT_GATHER_INFO
2012-04-12 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libreoffice-345-120316.nasl - Type : ACT_GATHER_INFO
2012-04-03 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_libreoffice-345-8022.nasl - Type : ACT_GATHER_INFO
2012-03-26 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0410.nasl - Type : ACT_GATHER_INFO
2012-03-26 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0411.nasl - Type : ACT_GATHER_INFO
2012-03-26 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_60f81af3769011e1942300235a5f2c9a.nasl - Type : ACT_GATHER_INFO
2012-03-26 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libraptor-devel-120217.nasl - Type : ACT_GATHER_INFO
2012-03-23 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2438.nasl - Type : ACT_GATHER_INFO
2012-03-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0410.nasl - Type : ACT_GATHER_INFO
2012-03-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0411.nasl - Type : ACT_GATHER_INFO
2012-01-24 Name : The remote web server may be affected by multiple vulnerabilities.
File : oracle_application_server_pci.nasl - Type : ACT_GATHER_INFO
2012-01-04 Name : The SSL layer on the remote server does not properly verify signatures.
File : openssl_0_9_7k_0_9_8c.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libreoffice-34-111012.nasl - Type : ACT_GATHER_INFO
2011-10-19 Name : The remote Fedora host is missing a security update.
File : fedora_2011-14036.nasl - Type : ACT_GATHER_INFO
2011-10-19 Name : The remote Fedora host is missing a security update.
File : fedora_2011-14049.nasl - Type : ACT_GATHER_INFO
2011-10-06 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2315.nasl - Type : ACT_GATHER_INFO
2011-05-28 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2006-310-01.nasl - Type : ACT_GATHER_INFO
2011-05-09 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-0182.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_OpenOffice_org-110330.nasl - Type : ACT_GATHER_INFO
2011-03-21 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libreoffice331-110318.nasl - Type : ACT_GATHER_INFO
2011-03-21 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_libreoffice331-7365.nasl - Type : ACT_GATHER_INFO
2011-02-17 Name : The remote Fedora host is missing a security update.
File : fedora_2011-0837.nasl - Type : ACT_GATHER_INFO
2011-02-15 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-027.nasl - Type : ACT_GATHER_INFO
2011-02-14 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_f2b43905354511e08e810022190034c0.nasl - Type : ACT_GATHER_INFO
2011-02-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-0181.nasl - Type : ACT_GATHER_INFO
2011-02-03 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1056-1.nasl - Type : ACT_GATHER_INFO
2011-01-31 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0181.nasl - Type : ACT_GATHER_INFO
2011-01-31 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0182.nasl - Type : ACT_GATHER_INFO
2011-01-31 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0183.nasl - Type : ACT_GATHER_INFO
2011-01-27 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2151.nasl - Type : ACT_GATHER_INFO
2011-01-27 Name : The remote Windows host has a program affected by multiple vulnerabilities.
File : openoffice_33.nasl - Type : ACT_GATHER_INFO
2011-01-27 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_OpenOffice_org-6469.nasl - Type : ACT_GATHER_INFO
2011-01-27 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_OpenOffice_org-6883.nasl - Type : ACT_GATHER_INFO
2011-01-27 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_OpenOffice_org-6884.nasl - Type : ACT_GATHER_INFO
2011-01-27 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_OpenOffice_org-7079.nasl - Type : ACT_GATHER_INFO
2011-01-27 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_OpenOffice_org-7148.nasl - Type : ACT_GATHER_INFO
2011-01-21 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_OpenOffice_org-090828.nasl - Type : ACT_GATHER_INFO
2011-01-21 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_OpenOffice_org-100225.nasl - Type : ACT_GATHER_INFO
2011-01-21 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_OpenOffice_org-321-100505.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_OpenOffice_org-100907.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_OpenOffice_org-321-090221.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_OpenOffice_org-321-100624.nasl - Type : ACT_GATHER_INFO
2010-11-07 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-221.nasl - Type : ACT_GATHER_INFO
2010-10-18 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_OpenOffice_org-draw-100906.nasl - Type : ACT_GATHER_INFO
2010-10-18 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_OpenOffice_org-draw-100906.nasl - Type : ACT_GATHER_INFO
2010-08-31 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2099.nasl - Type : ACT_GATHER_INFO
2010-08-26 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0643.nasl - Type : ACT_GATHER_INFO
2010-08-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0643.nasl - Type : ACT_GATHER_INFO
2010-07-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-269.nasl - Type : ACT_GATHER_INFO
2010-07-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-035.nasl - Type : ACT_GATHER_INFO
2010-07-19 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_OpenOffice_org-100622.nasl - Type : ACT_GATHER_INFO
2010-07-19 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_OpenOffice_org-base-drivers-postgresql-100622.nasl - Type : ACT_GATHER_INFO
2010-07-19 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_OpenOffice_org-base-drivers-postgresql-100622.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-1847.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-1941.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-9576.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-9628.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-9633.nasl - Type : ACT_GATHER_INFO
2010-06-17 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0459.nasl - Type : ACT_GATHER_INFO
2010-06-09 Name : It is possible to tamper with signed XML content without being detected on th...
File : smb_nt_ms10-041.nasl - Type : ACT_GATHER_INFO
2010-06-08 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2055.nasl - Type : ACT_GATHER_INFO
2010-06-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0459.nasl - Type : ACT_GATHER_INFO
2010-06-08 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-949-1.nasl - Type : ACT_GATHER_INFO
2010-06-07 Name : The remote Windows host has an application installed that is affected by mult...
File : openoffice_321.nasl - Type : ACT_GATHER_INFO
2010-05-24 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-105.nasl - Type : ACT_GATHER_INFO
2010-03-17 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_OpenOffice_org-100211.nasl - Type : ACT_GATHER_INFO
2010-03-17 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_OpenOffice_org-base-drivers-postgresql-100211.nasl - Type : ACT_GATHER_INFO
2010-03-17 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_OpenOffice_org-base-drivers-postgresql-100216.nasl - Type : ACT_GATHER_INFO
2010-03-16 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_OpenOffice_org-100226.nasl - Type : ACT_GATHER_INFO
2010-03-08 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-056.nasl - Type : ACT_GATHER_INFO
2010-03-01 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_c97d7a37223311df96dd001b2134ef46.nasl - Type : ACT_GATHER_INFO
2010-02-25 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-903-1.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1849.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1880.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1995.nasl - Type : ACT_GATHER_INFO
2010-02-15 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0101.nasl - Type : ACT_GATHER_INFO
2010-02-15 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0101.nasl - Type : ACT_GATHER_INFO
2010-02-12 Name : The remote Windows host has a program affected by multiple buffer overflows.
File : openoffice_32.nasl - Type : ACT_GATHER_INFO
2010-01-15 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0043.nasl - Type : ACT_GATHER_INFO
2010-01-13 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-ibm-100105.nasl - Type : ACT_GATHER_INFO
2010-01-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0264.nasl - Type : ACT_GATHER_INFO
2010-01-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0525.nasl - Type : ACT_GATHER_INFO
2010-01-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0629.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1201.nasl - Type : ACT_GATHER_INFO
2009-12-27 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1694.nasl - Type : ACT_GATHER_INFO
2009-12-08 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-322.nasl - Type : ACT_GATHER_INFO
2009-12-07 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-318.nasl - Type : ACT_GATHER_INFO
2009-11-05 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-ibm-091102.nasl - Type : ACT_GATHER_INFO
2009-10-13 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-268.nasl - Type : ACT_GATHER_INFO
2009-10-12 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-267.nasl - Type : ACT_GATHER_INFO
2009-10-06 Name : The remote openSUSE host is missing a security update.
File : suse_OpenOffice_org-6421.nasl - Type : ACT_GATHER_INFO
2009-10-02 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-840-1.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_OpenOffice_org-090829.nasl - Type : ACT_GATHER_INFO
2009-09-09 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1428.nasl - Type : ACT_GATHER_INFO
2009-09-09 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1428.nasl - Type : ACT_GATHER_INFO
2009-09-08 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1426.nasl - Type : ACT_GATHER_INFO
2009-09-08 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_OpenOffice_org-090810.nasl - Type : ACT_GATHER_INFO
2009-09-08 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_OpenOffice_org-math-090810.nasl - Type : ACT_GATHER_INFO
2009-09-04 Name : The remote Fedora host is missing a security update.
File : fedora_2009-9256.nasl - Type : ACT_GATHER_INFO
2009-09-03 Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_10_5_update5.nasl - Type : ACT_GATHER_INFO
2009-09-01 Name : The remote Windows host has a program affected by multiple buffer overflows.
File : openoffice_311.nasl - Type : ACT_GATHER_INFO
2009-08-31 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_java-1_6_0-openjdk-090826.nasl - Type : ACT_GATHER_INFO
2009-08-31 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_java-1_6_0-openjdk-090827.nasl - Type : ACT_GATHER_INFO
2009-08-27 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-826-1.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-209.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1200.nasl - Type : ACT_GATHER_INFO
2009-08-12 Name : The remote Fedora host is missing a security update.
File : fedora_2009-8456.nasl - Type : ACT_GATHER_INFO
2009-08-12 Name : The remote Fedora host is missing a security update.
File : fedora_2009-8473.nasl - Type : ACT_GATHER_INFO
2009-08-11 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-814-1.nasl - Type : ACT_GATHER_INFO
2009-08-10 Name : The remote Fedora host is missing a security update.
File : fedora_2009-8337.nasl - Type : ACT_GATHER_INFO
2009-08-07 Name : The remote Fedora host is missing a security update.
File : fedora_2009-8329.nasl - Type : ACT_GATHER_INFO
2009-08-07 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1201.nasl - Type : ACT_GATHER_INFO
2009-08-05 Name : The remote Windows host contains a runtime environment that is affected by mu...
File : sun_java_jre_263408.nasl - Type : ACT_GATHER_INFO
2009-08-01 Name : The remote Fedora host is missing a security update.
File : fedora_2009-8121.nasl - Type : ACT_GATHER_INFO
2009-08-01 Name : The remote Fedora host is missing a security update.
File : fedora_2009-8157.nasl - Type : ACT_GATHER_INFO
2009-07-30 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_708c65a57c5811dea9940030843d3802.nasl - Type : ACT_GATHER_INFO
2009-06-03 Name : The remote host is missing Sun Security Patch number 141709-03
File : solaris10_141709.nasl - Type : ACT_GATHER_INFO
2009-06-03 Name : The remote host is missing Sun Security Patch number 141710-03
File : solaris10_x86_141710.nasl - Type : ACT_GATHER_INFO
2009-06-03 Name : The remote host is missing Sun Security Patch number 141709-03
File : solaris9_141709.nasl - Type : ACT_GATHER_INFO
2009-06-03 Name : The remote host is missing Sun Security Patch number 141710-03
File : solaris9_x86_141710.nasl - Type : ACT_GATHER_INFO
2009-01-19 Name : The remote host is missing Sun Security Patch number 128640-30
File : solaris10_128640.nasl - Type : ACT_GATHER_INFO
2009-01-19 Name : The remote host is missing Sun Security Patch number 128641-30
File : solaris10_x86_128641.nasl - Type : ACT_GATHER_INFO
2009-01-19 Name : The remote host is missing Sun Security Patch number 128640-30
File : solaris9_128640.nasl - Type : ACT_GATHER_INFO
2009-01-19 Name : The remote host is missing Sun Security Patch number 128641-30
File : solaris9_x86_128641.nasl - Type : ACT_GATHER_INFO
2008-04-02 Name : The remote Windows host has an application that is affected by multiple issues.
File : vmware_multiple_vmsa_2008_0005.nasl - Type : ACT_GATHER_INFO
2007-12-17 Name : The remote host is affected by multiple vulnerabilities.
File : macosx_java_rel6.nasl - Type : ACT_GATHER_INFO
2007-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_bind-2268.nasl - Type : ACT_GATHER_INFO
2007-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_compat-openssl097g-2163.nasl - Type : ACT_GATHER_INFO
2007-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_openssl-2082.nasl - Type : ACT_GATHER_INFO
2007-11-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-339-1.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote openSUSE host is missing a security update.
File : suse_bind-2269.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote openSUSE host is missing a security update.
File : suse_compat-openssl097g-2171.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote openSUSE host is missing a security update.
File : suse_openssl-2069.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote openSUSE host is missing a security update.
File : suse_opera-2181.nasl - Type : ACT_GATHER_INFO
2007-10-12 Name : The remote host is missing Sun Security Patch number 125136-97
File : solaris10_125136.nasl - Type : ACT_GATHER_INFO
2007-10-12 Name : The remote host is missing Sun Security Patch number 125136-97
File : solaris8_125136.nasl - Type : ACT_GATHER_INFO
2007-10-12 Name : The remote host is missing Sun Security Patch number 125136-97
File : solaris9_125136.nasl - Type : ACT_GATHER_INFO
2007-10-12 Name : The remote host is missing Sun Security Patch number 122715-03
File : solaris9_x86_122715.nasl - Type : ACT_GATHER_INFO
2007-09-25 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHNE_35920.nasl - Type : ACT_GATHER_INFO
2007-09-25 Name : The remote host is missing Sun Security Patch number 117123-10
File : solaris9_117123.nasl - Type : ACT_GATHER_INFO
2007-02-18 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2006-166.nasl - Type : ACT_GATHER_INFO
2007-02-18 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2006-177.nasl - Type : ACT_GATHER_INFO
2007-02-18 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2006-178.nasl - Type : ACT_GATHER_INFO
2007-02-18 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2006-207.nasl - Type : ACT_GATHER_INFO
2007-02-18 Name : The remote host is missing a vendor-supplied security patch
File : suse_SA_2006_055.nasl - Type : ACT_GATHER_INFO
2007-02-18 Name : The remote host is missing a vendor-supplied security patch
File : suse_SA_2006_061.nasl - Type : ACT_GATHER_INFO
2007-02-09 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-0072.nasl - Type : ACT_GATHER_INFO
2007-01-17 Name : The remote Fedora Core host is missing a security update.
File : fedora_2006-1004.nasl - Type : ACT_GATHER_INFO
2007-01-17 Name : The remote Fedora Core host is missing one or more security updates.
File : fedora_2006-953.nasl - Type : ACT_GATHER_INFO
2006-12-30 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_077c2dca8f9a11dbab33000e0c2e438a.nasl - Type : ACT_GATHER_INFO
2006-12-16 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2006-161.nasl - Type : ACT_GATHER_INFO
2006-11-22 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHSS_35110.nasl - Type : ACT_GATHER_INFO
2006-11-22 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHSS_35111.nasl - Type : ACT_GATHER_INFO
2006-11-22 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHSS_35436.nasl - Type : ACT_GATHER_INFO
2006-11-22 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHSS_35437.nasl - Type : ACT_GATHER_INFO
2006-11-22 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHSS_35458.nasl - Type : ACT_GATHER_INFO
2006-11-22 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHSS_35459.nasl - Type : ACT_GATHER_INFO
2006-11-22 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHSS_35460.nasl - Type : ACT_GATHER_INFO
2006-11-22 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHSS_35461.nasl - Type : ACT_GATHER_INFO
2006-11-22 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHSS_35462.nasl - Type : ACT_GATHER_INFO
2006-11-22 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHSS_35463.nasl - Type : ACT_GATHER_INFO
2006-11-22 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHSS_35480.nasl - Type : ACT_GATHER_INFO
2006-11-22 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHSS_35481.nasl - Type : ACT_GATHER_INFO
2006-11-06 Name : The remote host is missing Sun Security Patch number 116648-25
File : solaris10_116648.nasl - Type : ACT_GATHER_INFO
2006-11-06 Name : The remote host is missing Sun Security Patch number 114045-14
File : solaris8_114045.nasl - Type : ACT_GATHER_INFO
2006-11-06 Name : The remote host is missing Sun Security Patch number 116648-25
File : solaris8_116648.nasl - Type : ACT_GATHER_INFO
2006-11-06 Name : The remote host is missing Sun Security Patch number 119209-36
File : solaris8_119209.nasl - Type : ACT_GATHER_INFO
2006-11-06 Name : The remote host is missing Sun Security Patch number 116648-25
File : solaris9_116648.nasl - Type : ACT_GATHER_INFO
2006-10-20 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200610-06.nasl - Type : ACT_GATHER_INFO
2006-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1173.nasl - Type : ACT_GATHER_INFO
2006-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1174.nasl - Type : ACT_GATHER_INFO
2006-09-22 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_1fe734bf4a0611dbb48d00508d6a62df.nasl - Type : ACT_GATHER_INFO
2006-09-15 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2006-257-02.nasl - Type : ACT_GATHER_INFO
2006-09-12 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2006-0661.nasl - Type : ACT_GATHER_INFO
2006-09-12 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200609-05.nasl - Type : ACT_GATHER_INFO
2006-09-12 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2006-0661.nasl - Type : ACT_GATHER_INFO
2005-10-19 Name : The remote host is missing Sun Security Patch number 119213-36
File : solaris10_119213.nasl - Type : ACT_GATHER_INFO
2005-10-19 Name : The remote host is missing Sun Security Patch number 119214-36
File : solaris10_x86_119214.nasl - Type : ACT_GATHER_INFO
2005-10-05 Name : The remote host is missing Sun Security Patch number 119211-36
File : solaris9_119211.nasl - Type : ACT_GATHER_INFO
2005-10-05 Name : The remote host is missing Sun Security Patch number 119212-36
File : solaris9_x86_119212.nasl - Type : ACT_GATHER_INFO
2004-07-12 Name : The remote host is missing Sun Security Patch number 114049-14
File : solaris9_114049.nasl - Type : ACT_GATHER_INFO
2004-07-12 Name : The remote host is missing Sun Security Patch number 114050-14
File : solaris9_x86_114050.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-09-02 13:24:32
  • Multiple Updates
2014-08-31 17:21:28
  • First insertion