CVE-2019-9848

LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrar...

CVE-2019-9848

LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrar...

CVE-2019-9848

LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrar...

Libreoffice Arbitrary Code Execution Vulnerability

LibreOffice is an open source office software suite from The Document Foundation TDF. The product includes applications such as Writer text documents, Calc spreadsheets and Impress presentations. A security vulnerability exists in Document Foundation LibreOffice versions prior to 6.2.5. An attack...

CVE-2019-9848

LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrar...

UBUNTU-CVE-2019-9848

LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrar...

CVE-2019-7537

An issue was discovered in Donfig 0.3.0. There is a vulnerability in the collectyaml method in configobj.py. It can execute arbitrary Python commands, resulting in command execution...

Design/Logic Flaw

An issue was discovered in Donfig 0.3.0. There is a vulnerability in the collectyaml method in configobj.py. It can execute arbitrary Python commands, resulting in command execution...

conference-scheduler-cli Command Execution Vulnerability

conference-scheduler-cli is a command line tool for managing conference schedules. A security vulnerability exists in the importscheduledefinition method of the io.py file in conference-scheduler-cli. A remote attacker can exploit this vulnerability to execute arbitrary python commands with the...

Unsafe deserialization in confire

An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from "/.confire.yaml" using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command execution. An...

GHSA-GCR6-RF47-JRGF Loaded Databook of Tablib prone to python insertion resulting in command execution

An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability...

GHSA-CCMQ-QVCP-5MRM Unsafe deserialization in owlmixin

An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A "Load YAML" string or file aka loadyaml or loadyamlf can execute arbitrary Python commands resulting in command execution because load is used where safeload should have been used. An...

GHSA-XPM8-98MX-H4C5 Unsafe deserialization in MLAlchemy

An exploitable vulnerability exists in the YAML parsing functionality in the parseyamlquery method in parser.py in MLAlchemy before 0.2.2. When processing YAML-Based queries for data, a YAML parser can execute arbitrary Python commands resulting in command execution because load is used where...

django_make_app is vulnerable to Code Injection

An exploitable vulnerability exists in the YAML parsing functionality in the readyamlfile method in ioutils.py in djangomakeapp 0.1.3. A YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability...

Code injection in ansible

An exploitable vulnerability exists in the yaml loading functionality of ansible-vault before 1.0.5. A specially crafted vault can execute arbitrary python commands resulting in command execution. An attacker can insert python into the vault to trigger this vulnerability...

GHSA-C2W9-48QC-QPJ4 Code injection in ansible

An exploitable vulnerability exists in the yaml loading functionality of ansible-vault before 1.0.5. A specially crafted vault can execute arbitrary python commands resulting in command execution. An attacker can insert python into the vault to trigger this vulnerability...

Confire config.py File Arbitrary Command Execution Vulnerability

Confire is a set of application configuration tools built on Scapy, Django and other configuration parsers. A security vulnerability in the YAML parsing function of the config.py file in Confire version 0.2.0 stems from the program using the 'yaml.load' function to load user-specific configuratio...

Remote Code Execution (RCE)

djangomakeapp is vulnerable to remote code execution RCE attacks. The attacks can happen because the ioutils.py file allows users to parse a yaml file to generate django apps, allowing attackers to inject and execute arbitrary python commands through the yaml.load function of the YAML parser...

Input validation

An exploitable vulnerability exists in the YAML parsing functionality in the readyamlfile method in ioutils.py in djangomakeapp 0.1.3. A YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability...

Input validation

An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from "/.confire.yaml" using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command execution. An...