Vulnerabilities > Libreoffice
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-11 | CVE-2023-6185 | Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system. | 8.8 |
| 2023-12-11 | CVE-2023-6186 | Improper Preservation of Permissions vulnerability in multiple products Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user. | 8.8 |
| 2023-07-10 | CVE-2023-1183 | Path Traversal vulnerability in multiple products A flaw was found in the Libreoffice package. | 5.5 |
| 2023-05-25 | CVE-2023-0950 | Improper Validation of Array Index vulnerability in multiple products Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. | 7.8 |
| 2023-05-25 | CVE-2023-2255 | Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. | 5.3 |
| 2022-10-11 | CVE-2022-3140 | Argument Injection or Modification vulnerability in multiple products LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. | 6.3 |
| 2022-07-25 | CVE-2022-26305 | Improper Certificate Validation vulnerability in Libreoffice 7.2.0/7.3.0/7.3.1 An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro was signed by a trusted author was done by only matching the serial number and issuer string of the used certificate with that of a trusted certificate. | 7.5 |
| 2022-07-25 | CVE-2022-26306 | Use of Insufficiently Random Values vulnerability in multiple products LibreOffice supports the storage of passwords for web connections in the user’s configuration database. | 7.5 |
| 2022-07-25 | CVE-2022-26307 | LibreOffice supports the storage of passwords for web connections in the user’s configuration database. | 8.8 |
| 2022-02-24 | CVE-2021-25636 | Improper Certificate Validation vulnerability in multiple products LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. | 7.5 |