Search for vulnerabilities
| Vulnerability ID | VCID-sega-433y-v7bb |
| Aliases |
CVE-2019-9851
|
| Summary | security update |
| Status | Published |
| Exploitability | 2.0 |
| Weighted Severity | 7.0 |
| Risk | 10.0 |
| Affected and Fixed Packages | Package Details |
| System | Score | Found at |
|---|---|---|
| cvssv3 | 7.8 | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9851.json |
| epss | 0.85784 | https://api.first.org/data/v1/epss?cve=CVE-2019-9851 |
| epss | 0.85784 | https://api.first.org/data/v1/epss?cve=CVE-2019-9851 |
| epss | 0.85784 | https://api.first.org/data/v1/epss?cve=CVE-2019-9851 |
| epss | 0.85784 | https://api.first.org/data/v1/epss?cve=CVE-2019-9851 |
| epss | 0.85784 | https://api.first.org/data/v1/epss?cve=CVE-2019-9851 |
| epss | 0.85784 | https://api.first.org/data/v1/epss?cve=CVE-2019-9851 |
| epss | 0.85784 | https://api.first.org/data/v1/epss?cve=CVE-2019-9851 |
| epss | 0.85784 | https://api.first.org/data/v1/epss?cve=CVE-2019-9851 |
| epss | 0.85784 | https://api.first.org/data/v1/epss?cve=CVE-2019-9851 |
| epss | 0.85784 | https://api.first.org/data/v1/epss?cve=CVE-2019-9851 |
| epss | 0.85784 | https://api.first.org/data/v1/epss?cve=CVE-2019-9851 |
| epss | 0.85784 | https://api.first.org/data/v1/epss?cve=CVE-2019-9851 |
| cvssv3 | 5.9 | https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml |
| Data source | Metasploit |
|---|---|
| Description | LibreOffice comes bundled with sample macros written in Python and allows the ability to bind program events to them. LibreLogo is a macro that allows a program event to execute text as Python code, allowing RCE. This module generates an ODT file with a dom loaded event that, when triggered, will execute arbitrary python code and the metasploit payload. |
| Note | Reliability: - unknown-reliability Stability: - unknown-stability SideEffects: - unknown-side-effects |
| Ransomware campaign use | Unknown |
| Source publication date | July 16, 2019 |
| Platform | Python |
| Source URL | https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/fileformat/libreoffice_logo_exec.rb |
| Data source | Exploit-DB |
|---|---|
| Date added | Aug. 21, 2019 |
| Description | LibreOffice < 6.2.6 Macro - Python Code Execution (Metasploit) |
| Ransomware campaign use | Unknown |
| Source publication date | Aug. 21, 2019 |
| Exploit type | remote |
| Platform | multiple |
| Source update date | Aug. 21, 2019 |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Percentile | 0.99375 |
| EPSS Score | 0.85784 |
| Published At | April 1, 2026, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-04-01T13:59:48.699742+00:00 | Debian Oval Importer | Import | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 38.0.0 |