Lucene search
Redhat.comRH:CVE-2019-9852HistoryAug 23, 2019 - 4:52 a.m.
CVE-2019-9852
2019-08-2304:52:13
redhat.com
access.redhat.com
26
0.963 High
EPSS
Percentile
99.6%
LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2018-16858, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed. However this new protection could be bypassed by a URL encoding attack. In the fixed versions, the parsed url describing the script location is correctly encoded before further processing. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6.
Related
nvd
nvd
debiancve
debiancve
cvelist
cvelist
CVE-2018-16858
2019-03-25 17:43:08
CVE-2019-9854 Unsafe URL assembly flaw in allowed script location check
2019-09-06 00:00:00
cve
cve
ubuntucve
ubuntucve
prion
prion
Directory traversal
2019-08-15 22:15:00
Directory traversal
2019-03-25 18:29:00
Directory traversal
2019-09-06 19:15:00
osv
osv
CVE-2019-9852
2019-08-15 22:15:22
libreoffice - security update
2019-02-08 00:00:00
CVE-2018-16858
2019-03-25 18:29:00
alpinelinux
alpinelinux
CVE-2019-9852
2019-08-15 22:15:22
CVE-2019-9854
2019-09-06 19:15:11
debian
debian
[SECURITY] [DSA 4501-1] libreoffice security update
2019-08-15 20:05:33
[SECURITY] [DSA 4381-1] libreoffice security update
2019-02-02 18:24:32
[SECURITY] [DLA 1669-1] libreoffice security update
2019-02-08 21:29:11
nessus
nessus
Debian DSA-4501-1 : libreoffice - security update
2019-08-20 00:00:00
SUSE SLED15 / SLES15 Security Update : libreoffice (SUSE-SU-2019:2003-1)
2019-08-12 00:00:00
CentOS 7 : libreoffice (CESA-2019:2130)
2019-08-30 00:00:00
thn
thn
Severe RCE Flaw Disclosed in Popular LibreOffice and OpenOffice Software
2019-02-05 11:11:00
Patches for 2 Severe LibreOffice Flaws Bypassed — Update to Patch Again
2019-08-16 09:19:00
malwarebytes
malwarebytes
New critical vulnerability discovered in open-source office suites
2019-02-06 17:16:50
redhat
redhat
(RHSA-2019:2130) Low: libreoffice security and bug fix update
2019-08-06 08:04:23
(RHSA-2020:1598) Moderate: libreoffice security and bug fix update
2020-04-28 08:55:11
(RHSA-2020:1151) Moderate: libreoffice security and bug fix update
2020-03-31 09:25:19
metasploit
metasploit
LibreOffice Macro Code Execution
2019-04-12 19:01:29
LibreOffice Macro Python Code Execution
2019-07-30 21:07:20
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2019:1894-1)
2021-06-09 00:00:00
Mageia: Security Advisory (MGASA-2019-0102)
2022-01-28 00:00:00
LibreOffice RCE Vulnerability (Feb 2019) - Mac OS X
2019-02-07 00:00:00
suse
suse
Security update for LibreOffice (moderate)
2019-08-18 00:00:00
Security update for libreoffice (important)
2019-09-03 00:00:00
Security update for libreoffice (moderate)
2019-09-25 00:00:00
centos
centos
autocorr, libreoffice, libreofficekit security update
2019-08-30 03:27:17
autocorr, libreoffice, libreofficekit security update
2020-04-08 18:36:06
redhatcve
redhatcve
CVE-2018-16858
2019-02-03 03:49:24
CVE-2019-9854
2019-11-07 17:25:52
veracode
veracode
Denial Of Service
2020-04-01 00:38:31
Directory Traversal
2019-08-08 00:07:51
kaspersky
kaspersky
KLA11407 ACE vulnerability in LibreOffice
2019-02-01 00:00:00
KLA11542 Multiple vulnerabilities in LibreOffice
2019-08-15 00:00:00
packetstorm
packetstorm
LibreOffice Macro Code Execution
2019-04-17 00:00:00
LibreOffice Macro Python Code Execution
2019-08-20 00:00:00
oraclelinux
oraclelinux
libreoffice security and bug fix update
2019-08-13 00:00:00
libreoffice security and bug fix update
2020-05-05 00:00:00
libreoffice security and bug fix update
2020-04-06 00:00:00
attackerkb
attackerkb
LibreOffice Macro Code Execution
2019-03-25 00:00:00
checkpoint_advisories
checkpoint_advisories
LibreOffice and Openoffice Remote Code Execution (CVE-2018-16858)
2019-02-04 00:00:00
mageia
mageia
Updated libreoffice packages fix security vulnerability
2019-02-22 04:08:50
Updated libreoffice packages fix security vulnerabilities
2019-11-30 16:06:06
zdt
zdt
LibreOffice 6.0.7 / 6.1.3 - Macro Code Execution Exploit
2019-04-18 00:00:00
LibreOffice < 6.2.6 Macro - Python Code Execution Exploit
2019-08-21 00:00:00
exploitdb
exploitdb
LibreOffice < 6.0.7 / 6.1.3 - Macro Code Execution (Metasploit)
2019-04-18 00:00:00
LibreOffice < 6.2.6 Macro - Python Code Execution (Metasploit)
2019-08-21 00:00:00
fedora
fedora
[SECURITY] Fedora 28 Update: libreoffice-6.0.7.3-1.fc28
2019-02-08 02:31:05
[SECURITY] Fedora 30 Update: libreoffice-6.2.6.2-1.fc30
2019-08-18 00:56:11
[SECURITY] Fedora 29 Update: libreoffice-6.1.6.3-3.fc29
2019-08-25 03:03:59
ubuntu
ubuntu
LibreOffice vulnerabilities
2019-08-19 00:00:00
LibreOffice vulnerabilities
2019-02-06 00:00:00
exploitpack
exploitpack
LibreOffice 6.2.6 Macro - Python Code Execution (Metasploit)
2019-08-21 00:00:00