CVSS: 9.8EPSS: 85%CPEs: 9EXPL: 0CVE-2019-9848 – libreoffice: LibreLogo script can be manipulated into executing arbitrary python commands
https://notcve.org/view.php?id=CVE-2019-9848
17 Jul 2019 — LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrary python commands. By using the document event feature to trigger LibreLogo to execute python contained within a document a malicious document could be constructed which would execute arbitrary python commands silen... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00006.html • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 6%CPEs: 9EXPL: 1CVE-2019-9849 – libreoffice: Remote resources protection module not applied to bullet graphics
https://notcve.org/view.php?id=CVE-2019-9849
17 Jul 2019 — LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where bullet graphics were omitted from this protection prior to version 6.2.5. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5. LibreOffice presenta un "stealth mode" en el que solo los... • https://github.com/mbadanoiu/CVE-2019-9849 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-9847 – Executable hyperlink targets executed unconditionally on activation
https://notcve.org/view.php?id=CVE-2019-9847
09 May 2019 — A vulnerability in LibreOffice hyperlink processing allows an attacker to construct documents containing hyperlinks pointing to the location of an executable on the target users file system. If the hyperlink is activated by the victim the executable target is unconditionally launched. Under Windows and macOS when processing a hyperlink target explicitly activated by the user there was no judgment made on whether the target was an executable file, so such executable targets were launched unconditionally. Thi... • https://www.libreoffice.org/about-us/security/advisories/cve-2019-9847 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 92%CPEs: 2EXPL: 7CVE-2018-16858 – LibreOffice < 6.0.7 / 6.1.3 - Macro Code Execution
https://notcve.org/view.php?id=CVE-2018-16858
04 Feb 2019 — It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location. Se ha observado que libreoffice en versiones anteriores a la 6.0.7 y 6.1.3 era vulnerable a ataques de salto de directori... • https://packetstorm.news/files/id/152560 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-356: Product UI does not Warn User of Unsafe Actions •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-14939
https://notcve.org/view.php?id=CVE-2018-14939
05 Aug 2018 — The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact if LibreOffice is automatically launched during web browsing with pathnames controlled by a remote web site. La función get_app_path en desktop/unx/source/start.c en LibreOffice hasta la versión 6.0.5 gestiona... • http://www.securityfocus.com/bid/105047 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 63%CPEs: 10EXPL: 6CVE-2018-10583 – LibreOffice/Open Office - '.odt' Information Disclosure
https://notcve.org/view.php?id=CVE-2018-10583
01 May 2018 — An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document. Ocurre una vulnerabilidad de divulgación de información cuando LibreOffice 6.0.3 y Apache OpenOffice Writer 4.1.5 procesan automáticamente e inician una conexión SMB embebida en un archivo malicioso, ... • https://packetstorm.news/files/id/180738 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2018-10119 – libreoffice: Use-after-free in sdstor/stgstrms.cxx:StgSmallStrm class allows for denial of service with crafted document
https://notcve.org/view.php?id=CVE-2018-10119
15 Apr 2018 — sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service (use-after-free with write access) or possibly have unspecified other impact via a crafted document that uses the structured storage ole2 wrapper file format. sot/source/sdstor/stgstrms.cxx en LibreOffice, en versiones anteriores a la 5.4.5.1 y versiones 6.x anteriores a la 6.0.1.1, emplea un tipo de dato... • https://access.redhat.com/errata/RHSA-2018:3054 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2018-10120 – libreoffice: Out of bounds write in filter/ww8/ww8toolbar.cxx:SwCTBWrapper class allows for denial of service with crafted document
https://notcve.org/view.php?id=CVE-2018-10120
15 Apr 2018 — The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of service (heap-based buffer overflow with write access) or possibly have unspecified other impact via a crafted document that contains a certain Microsoft Word record. La función SwCTBWrapper::Read en sw/source/filter/ww8/ww8toolbar.cxx en LibreOffice, en versiones anteriores a la 5.4.6.1 y vers... • https://access.redhat.com/errata/RHSA-2018:3054 • CWE-129: Improper Validation of Array Index CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 50%CPEs: 22EXPL: 3CVE-2018-6871 – LibreOffice < 6.0.1 - '=WEBSERVICE' Remote Arbitrary File Disclosure
https://notcve.org/view.php?id=CVE-2018-6871
08 Feb 2018 — LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function. LibreOffice, en versiones anteriores a la 5.4.5 y versiones 6.x anteriores a la 6.0.1, permite que atacantes remotos lean archivos arbitrarios mediante llamadas =WEBSERVICE en un documento, que emplea la función COM.MICROSOFT.WEBSERVICE. A flaw was found in libreoffice before 5.4.5 and before 6.0.1. Arbitrary remote file disclosur... • https://packetstorm.news/files/id/146319 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2017-14226
https://notcve.org/view.php?id=CVE-2017-14226
09 Sep 2017 — WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the WPXTableList class in WPXTable.cpp). This vulnerability can be triggered in LibreOffice before 5.3.7. It may lead to suffering a remote attack against a LibreOffice application. WP1StylesListener.cpp, WP5StylesListener.cpp, y WP42StylesListener.cpp en libwpd 0.10.1 no gestiona iteradores correctamente, lo... • https://bugs.documentfoundation.org/show_bug.cgi?id=112269 • CWE-125: Out-of-bounds Read •