CVSS: 9.8EPSS: 97%CPEs: 10EXPL: 1CVE-2019-9851 – LibreLogo global-event script execution
https://notcve.org/view.php?id=CVE-2019-9851
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document event script handers, e.g. mouse over. However LibreOffice also has a separate feature where documents can specify that pre-installed scripts can be executed on various global script events such as document-open, etc. In the fixed versions, global script event handlers are validated equivalently to document script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6. • https://www.exploit-db.com/exploits/47298 http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html http://packetstormsecurity.com/files/154168/LibreOffice-Macro-Python-Code-Execution.html https://lists.debian.org/debian-lts-announce/2019/10/msg00005.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PMEGUWMWORC3DOVEHVXLFT3A5RSCMLBH https://seclists.org/bugtraq/2019/Aug/28 htt • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 1%CPEs: 11EXPL: 0CVE-2019-9850 – Insufficient url validation allowing LibreLogo script execution
https://notcve.org/view.php?id=CVE-2019-9850
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on various document script events such as mouse-over, etc. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from script event handers. However an insufficient url validation vulnerability in LibreOffice allowed malicious to bypass that protection and again trigger calling LibreLogo from script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html https://lists.debian.org/debian-lts-announce/2019/10/msg00005.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PMEGUWMWORC3DOVEHVXLFT3A5RSCMLBH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WVSDPZJG3UA43X3JXRHJAWXLDZEW77LM https://seclists.org/bugtraq/2019/Aug/28 https://usn.ubun • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 1CVE-2019-9849 – libreoffice: Remote resources protection module not applied to bullet graphics
https://notcve.org/view.php?id=CVE-2019-9849
LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where bullet graphics were omitted from this protection prior to version 6.2.5. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5. LibreOffice presenta un "stealth mode" en el que solo los documentos desde ubicaciones consideradas "trusted" pueden recuperar recursos remotos. • https://github.com/mbadanoiu/CVE-2019-9849 http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html http://www.securityfocus.com/bid/109374 https://lists.debian.org/debian-lts-announce/2019/10/msg00005.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PMEGUWMWORC3DOVEHVXLFT3A5RSCMLBH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 17%CPEs: 9EXPL: 0CVE-2019-9848 – libreoffice: LibreLogo script can be manipulated into executing arbitrary python commands
https://notcve.org/view.php?id=CVE-2019-9848
LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrary python commands. By using the document event feature to trigger LibreLogo to execute python contained within a document a malicious document could be constructed which would execute arbitrary python commands silently without warning. In the fixed versions, LibreLogo cannot be called from a document event handler. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html http://www.securityfocus.com/bid/109374 https://lists.debian.org/debian-lts-announce/2019/10/msg00005.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PMEGUWMWORC3DOVEHVXLFT3A5RSCMLBH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XPTZJCNN52VNGSVC5DFKVW3EDMRDWKMP https://seclists.org&#x • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-9847 – Executable hyperlink targets executed unconditionally on activation
https://notcve.org/view.php?id=CVE-2019-9847
A vulnerability in LibreOffice hyperlink processing allows an attacker to construct documents containing hyperlinks pointing to the location of an executable on the target users file system. If the hyperlink is activated by the victim the executable target is unconditionally launched. Under Windows and macOS when processing a hyperlink target explicitly activated by the user there was no judgment made on whether the target was an executable file, so such executable targets were launched unconditionally. This issue affects: All LibreOffice Windows and macOS versions prior to 6.1.6; LibreOffice Windows and macOS versions in the 6.2 series prior to 6.2.3. Una vulnerabilidad en el procesamiento de hipervínculos de LibreOffice permite a un atacante construir documentos que contengan hipervínculos que apunten a la ubicación de un ejecutable en el sistema de archivos de los usuarios victimas. • https://www.libreoffice.org/about-us/security/advisories/cve-2019-9847 • CWE-20: Improper Input Validation •