121 matches found
CVE-2019-9852
LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice...
Input validation
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on...
Directory traversal
LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice...
CVE-2019-9852
LibreOffice CVE-2019-9852 is an insufficient URL encoding flaw in the allowed script location check for pre-installed macros, which could allow bypassing path verification and executing scripts. Affected products are Document Foundation LibreOffice versions prior to 6.2.6. Remediation per connect...
CVE-2019-9852
LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice...
CVE-2019-9851
CVE-2019-9851 affects Document Foundation LibreOffice prior to 6.2.6, where documents can specify pre-installed scripts that run on global script events (e.g., document-open). The fixed versions validate global script event handlers equivalently to document script handlers, mitigating the issue. ...
CVE-2019-9850
CVE-2019-9850 affects Document Foundation LibreOffice prior to 6.2.6 and is caused by an insufficient URL validation vulnerability that allows triggering LibreLogo from document script events, bypassing prior protections that blocked LibreLogo calls. This enables execution of arbitrary Python cod...
CVE-2019-9852
LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice...
CVE-2019-9850
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on...
CVE-2019-9849
LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed...
Design/Logic Flaw
LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed...
CVE-2019-9849
LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed...
CVE-2019-9849
LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed...
CVE-2019-9849
LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed...
CVE-2019-9848
CVE-2019-9848 affects Document Foundation LibreOffice prior to 6.2.5. It exploits LibreLogo invoked via document event handlers to execute arbitrary Python code contained in a document, enabling remote code execution without user warning. The root cause is the ability for documents to trigger pre...
CVE-2019-9848
LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrar...
Libreoffice Arbitrary Code Execution Vulnerability
LibreOffice is an open source office software suite from The Document Foundation TDF. The product includes applications such as Writer text documents, Calc spreadsheets and Impress presentations. A security vulnerability exists in Document Foundation LibreOffice versions prior to 6.2.5. An attack...
CVE-2019-9849
LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed...
LibreOffice Arbitrary File Read Vulnerability
LibreOffice is a free and open source office software suite developed by The Document Foundation TDF. The suite consists of Writer text documents, Calc spreadsheets and Impress presentations and other applications. A security vulnerability exists in LibreOffice 6.0.1 and earlier versions. A remot...
The Document Foundation LibreOffice RTF Stylesheet Code Execution Vulnerability(CVE-2016-4324)
SUMMARY An exploitable Use After Free vulnerability exists in the RTF parser LibreOffice. A specially crafted file can cause a use after free resulting in a possible arbitrary code execution. To exploit the vulnerability a malicious file needs to be opened by the user via vulnerable application...