Vulnerabilities > Libreoffice
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-11 | CVE-2022-3140 | Argument Injection or Modification vulnerability in multiple products LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. | 6.3 |
| 2022-07-25 | CVE-2022-26305 | Improper Certificate Validation vulnerability in Libreoffice 7.2.0/7.3.0/7.3.1 An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro was signed by a trusted author was done by only matching the serial number and issuer string of the used certificate with that of a trusted certificate. | 7.5 |
| 2022-07-25 | CVE-2022-26306 | Inadequate Encryption Strength vulnerability in Libreoffice LibreOffice supports the storage of passwords for web connections in the user’s configuration database. | 7.5 |
| 2022-07-25 | CVE-2022-26307 | Cleartext Storage of Sensitive Information vulnerability in Libreoffice LibreOffice supports the storage of passwords for web connections in the user’s configuration database. | 8.8 |
| 2022-02-24 | CVE-2021-25636 | Improper Certificate Validation vulnerability in multiple products LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. | 7.5 |
| 2021-10-12 | CVE-2021-25634 | Improper Certificate Validation vulnerability in multiple products LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. | 5.0 |
| 2021-10-11 | CVE-2021-25633 | Improper Certificate Validation vulnerability in multiple products LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. | 5.0 |
| 2021-05-03 | CVE-2021-25631 | Unspecified vulnerability in Libreoffice 7.0.4/7.1.0/7.1.1 In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type. | 9.3 |
| 2021-01-07 | CVE-2018-18688 | Improper Verification of Cryptographic Signature vulnerability in multiple products The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. network low complexity code-industry foxitsoftware gonitro iskysoft libreoffice nuance qoppa soft-xpansion CWE-347 | 5.0 |
| 2020-06-08 | CVE-2020-12803 | Improper Input Validation vulnerability in multiple products ODF documents can contain forms to be filled out by the user. | 6.5 |