Lucene search
K

118 matches found

OSV
OSV
added 2022/10/11 9:15 p.m.2 views

DEBIAN-CVE-2022-3140

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal...

6.3CVSS6.6AI score0.04354EPSS
Exploits0References1
OSV
OSV
added 2022/07/25 3:15 p.m.8 views

CVE-2022-26305

An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro was signed by a trusted author was done by only matching the serial number and issuer string of the used certificate with that of a trusted certificate. This is not sufficient to verify that the...

7.5CVSS8.8AI score0.00998EPSS
Exploits0References2
CVE
CVE
added 2022/06/14 7:5 a.m.70 views

CVE-2022-27176

The CVE-2022-27176 issue concerns incomplete filtering of special elements in RevoWorks components (SCVX, Browser, Desktop) using the File Sanitization Library/Option. The underlying problem is incomplete filtering that fails to detect/remove Microsoft Excel 4.0 macros, enabling a user to downloa...

7.8CVSS7.5AI score0.00579EPSS
Exploits0References2Affected Software3
Malwarebytes
Malwarebytes
added 2021/12/23 11:36 p.m.25 views

Dridex affiliate dresses up as Scrooge

Threat actors are hoping to catch a few more victims before they leave work for the Christmas holidays. The recent malicious spam campaigns malspam we and others have observed appear to have been created by someone who wants to play Scrooge and add onto peoples already heightened state of anxiety...

0.3AI score
Exploits0
ThreatPost
ThreatPost
added 2020/06/11 8:37 p.m.37 views

Microsoft Outlook Users Targeted By Gamaredon's New VBA Macro

The Gamaredon threat group has given its post-compromise toolset a facelift with the addition of a new Visual Basic for Applications VBA macro. The VBA macro leverages compromised victims’ Microsoft Outlook email accounts to send spear-phishing emails to their contacts – rapidly widening the...

7.2AI score
Exploits0References6
The Hacker News
The Hacker News
added 2020/04/20 10:58 a.m.7 views

COVID-Themed Lures Target SCADA Sectors With Data Stealing Malware

A new malware campaign has been found using coronavirus-themed lures to strike government and energy sectors in Azerbaijan with remote access trojans RAT capable of exfiltrating sensitive documents, keystrokes, passwords, and even images from the webcam. The targeted attacks employ Microsoft Word...

5.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 2020/03/31 7:54 p.m.2 views

libreoffice: Unsafe URL assembly flaw in allowed script location check

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice...

7.8CVSS5.8AI score0.0193EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/03/31 7:54 p.m.5 views

libreoffice: Insufficient URL decoding flaw in categorizing macro location

LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw existed in how the urls to the macros within the document were processed and categorized, resulting in...

7.8CVSS6AI score0.03188EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2020/02/03 9:23 a.m.31 views

CVE-2019-9853

LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw existed in how the urls to the macros within the document were processed and categorized, resulting in...

7.8CVSS4.1AI score0.03188EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2019/11/12 12:0 a.m.33 views

Automatic macro execution bug in Office Mac _when_ macros are disabled

A security feature bypass vulnerability exists in Microsoft Office software by not enforcing macro settings on an Excel document, aka ‘Microsoft Office Excel Security Feature Bypass’. Recent assessments: busterb at November 14, 2019 10:37pm UTC reported: Saw this on Patrick Wardle’s twitter accou...

7.8CVSS7.4AI score0.03264EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/11/12 12:0 a.m.45 views

EulerOS 2.0 SP5 : libreoffice (EulerOS-SA-2019-2169)

According to the version of the libreoffice packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over,...

7.8CVSS8.3AI score0.0193EPSS
Exploits0References2
OSV
OSV
added 2019/09/27 4:15 p.m.28 views

CVE-2019-9853

LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw existed in how the urls to the macros within the document were processed and categorized, resulting in...

7.8CVSS9.4AI score0.03188EPSS
Exploits1References17
OSV
OSV
added 2019/09/27 4:15 p.m.9 views

UBUNTU-CVE-2019-9853

LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw existed in how the urls to the macros within the document were processed and categorized, resulting in...

7.8CVSS7.1AI score0.03188EPSS
Exploits1References5
Prion
Prion
added 2019/09/27 4:15 p.m.20 views

Design/Logic Flaw

LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw existed in how the urls to the macros within the document were processed and categorized, resulting in...

6.8CVSS7.6AI score0.03188EPSS
Exploits1References17Affected Software1
CVE
CVE
added 2019/09/27 3:7 p.m.294 views

CVE-2019-9853

LibreOffice: CVE-2019-9853 — A URL decoding flaw in how macro URLs are processed and categorized lets an attacker craft a document that bypasses macro security settings, enabling arbitrary macro execution. Affected versions: LibreOffice 6.2 before 6.2.7 and 6.3 before 6.3.1. Remediation: update t...

7.8CVSS8.7AI score0.03188EPSS
Exploits1References17Affected Software1
NVD
NVD
added 2019/09/06 7:15 p.m.19 views

CVE-2019-9854

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice...

7.8CVSS8.5AI score0.0193EPSS
Exploits0References9
OSV
OSV
added 2019/09/06 7:15 p.m.27 views

CVE-2019-9854

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice...

7.8CVSS6.5AI score0.0193EPSS
Exploits0References9
OSV
OSV
added 2019/09/06 7:15 p.m.3 views

DEBIAN-CVE-2019-9854

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice...

7.8CVSS8.2AI score0.0193EPSS
Exploits0References1
CVE
CVE
added 2019/09/06 6:30 p.m.305 views

CVE-2019-9854

CVE-2019-9854 affects LibreOffice before 6.2.7 and before 6.3.1. Root cause: an insufficient URL assembly in the final script location from path components allowed bypassing the sanitized path verification, enabling a directory-traversal-style bypass for pre-installed macros script locations. Imp...

7.8CVSS8.6AI score0.0193EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2019/09/06 12:0 a.m.9 views

UBUNTU-CVE-2019-9854

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice...

7.8CVSS7.2AI score0.0193EPSS
Exploits0References4
Rows per page
Query Builder