Apache open10/12/2023 (CVE-2022-47052) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version Solution Upgrade to Apache OpenOffice version 4.1.14 or later. In the affected versions of OpenOffice, approval for certain links is not requested when activated, such links could therefore result in arbitrary script execution. The execution of such links must be subject to user approval. Links can be activated by clicks, or by automatic document events. Several URI Schemes are defined for this purpose. Apache OpenOffice, a leading Open Source office document productivity suite, announced today Apache OpenOffice 4.1.13, as usual available in 41 languages for Windows, macOS and Linux. (CVE-2022-38745) - Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. The Apache Directory Project provides directory solutions entirely written in Java. This may lead to run arbitrary Java code from the current directory. (CVE-2022-40674) - Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. It is, therefore, affected by multiple vulnerabilities: - libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. Description The version of Apache OpenOffice installed on the remote host is a version prior to 4.1.14. All code donations from external organisations and existing external projects seeking to join the Apache community enter through the Incubator. Synopsis The remote Windows host has an application installed that is affected by multiple vulnerabilities. The Apache Incubator is the primary entry path into The Apache Software Foundation for projects and their communities wishing to become part of the Foundation’s efforts.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |