Lucene search
+L

121 matches found

OSV
OSV
added 2019/08/15 10:15 p.m.31 views

CVE-2019-9852

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice...

7.8CVSS6.8AI score0.01925EPSS
Exploits0References9
Prion
Prion
added 2019/08/15 10:15 p.m.23 views

Input validation

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on...

7.5CVSS9.5AI score0.31215EPSS
Exploits5References9Affected Software5
Prion
Prion
added 2019/08/15 10:15 p.m.24 views

Directory traversal

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice...

6.8CVSS8.5AI score0.67321EPSS
Exploits10References9Affected Software5
CVE
CVE
added 2019/08/15 9:40 p.m.346 views

CVE-2019-9852

LibreOffice CVE-2019-9852 is an insufficient URL encoding flaw in the allowed script location check for pre-installed macros, which could allow bypassing path verification and executing scripts. Affected products are Document Foundation LibreOffice versions prior to 6.2.6. Remediation per connect...

7.8CVSS8.9AI score0.01925EPSS
Exploits0References9Affected Software4
Debian CVE
Debian CVE
added 2019/08/15 9:40 p.m.42 views

CVE-2019-9852

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice...

7.8CVSS8.9AI score0.01925EPSS
Exploits0
CVE
CVE
added 2019/08/15 9:35 p.m.339 views

CVE-2019-9851

CVE-2019-9851 affects Document Foundation LibreOffice prior to 6.2.6, where documents can specify pre-installed scripts that run on global script events (e.g., document-open). The fixed versions validate global script event handlers equivalently to document script handlers, mitigating the issue. ...

9.8CVSS9.1AI score0.78347EPSS
Exploits4References9Affected Software4
CVE
CVE
added 2019/08/15 9:30 p.m.410 views

CVE-2019-9850

CVE-2019-9850 affects Document Foundation LibreOffice prior to 6.2.6 and is caused by an insufficient URL validation vulnerability that allows triggering LibreLogo from document script events, bypassing prior protections that blocked LibreLogo calls. This enables execution of arbitrary Python cod...

9.8CVSS9.2AI score0.0337EPSS
Exploits0References9Affected Software4
UbuntuCve
UbuntuCve
added 2019/08/15 12:0 a.m.35 views

CVE-2019-9852

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice...

7.8CVSS7.3AI score0.01925EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2019/08/15 12:0 a.m.48 views

CVE-2019-9850

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on...

9.8CVSS7.3AI score0.0337EPSS
Exploits0References5
OSV
OSV
added 2019/07/17 12:15 p.m.24 views

CVE-2019-9849

LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed...

4.3CVSS9.3AI score0.03149EPSS
Exploits0References9
Prion
Prion
added 2019/07/17 12:15 p.m.22 views

Design/Logic Flaw

LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed...

4CVSS6.5AI score0.03149EPSS
Exploits0References9Affected Software5
Cvelist
Cvelist
added 2019/07/17 11:26 a.m.25 views

CVE-2019-9849

LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed...

6.7AI score0.03149EPSS
Exploits0References9
Debian CVE
Debian CVE
added 2019/07/17 11:26 a.m.40 views

CVE-2019-9849

LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed...

4.3CVSS6.9AI score0.03149EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2019/07/17 11:26 a.m.41 views

CVE-2019-9849

LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed...

4.3CVSS6.9AI score0.03149EPSS
Exploits0
CVE
CVE
added 2019/07/17 11:21 a.m.259 views

CVE-2019-9848

CVE-2019-9848 affects Document Foundation LibreOffice prior to 6.2.5. It exploits LibreLogo invoked via document event handlers to execute arbitrary Python code contained in a document, enabling remote code execution without user warning. The root cause is the ability for documents to trigger pre...

9.8CVSS9.7AI score0.31215EPSS
Exploits5References10Affected Software1
AlpineLinux
AlpineLinux
added 2019/07/17 11:21 a.m.48 views

CVE-2019-9848

LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrar...

9.8CVSS10AI score0.31215EPSS
Exploits5
CNVD
CNVD
added 2019/07/17 12:0 a.m.2 views

Libreoffice Arbitrary Code Execution Vulnerability

LibreOffice is an open source office software suite from The Document Foundation TDF. The product includes applications such as Writer text documents, Calc spreadsheets and Impress presentations. A security vulnerability exists in Document Foundation LibreOffice versions prior to 6.2.5. An attack...

9.8CVSS7.4AI score0.31215EPSS
Exploits5References1
UbuntuCve
UbuntuCve
added 2019/07/16 12:0 a.m.36 views

CVE-2019-9849

LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed...

4.3CVSS7AI score0.03149EPSS
Exploits0References3
CNVD
CNVD
added 2018/02/09 12:0 a.m.5 views

LibreOffice Arbitrary File Read Vulnerability

LibreOffice is a free and open source office software suite developed by The Document Foundation TDF. The suite consists of Writer text documents, Calc spreadsheets and Impress presentations and other applications. A security vulnerability exists in LibreOffice 6.0.1 and earlier versions. A remot...

9.8CVSS6.8AI score0.23204EPSS
Exploits5References1
seebug.org
seebug.org
added 2017/10/19 12:0 a.m.102 views

The Document Foundation LibreOffice RTF Stylesheet Code Execution Vulnerability(CVE-2016-4324)

SUMMARY An exploitable Use After Free vulnerability exists in the RTF parser LibreOffice. A specially crafted file can cause a use after free resulting in a possible arbitrary code execution. To exploit the vulnerability a malicious file needs to be opened by the user via vulnerable application...

6.8CVSS8AI score0.02819EPSS
Exploits1
Rows per page
Query Builder