Vulnerabilities > Libreoffice > Libreoffice > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-09-17 | CVE-2024-7788 | Improper Verification of Cryptographic Signature vulnerability in Libreoffice Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOfficeThis issue affects LibreOffice: from 24.2 before < 24.2.5. | 7.8 |
2023-12-11 | CVE-2023-6185 | Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system. | 8.8 |
2023-12-11 | CVE-2023-6186 | Improper Preservation of Permissions vulnerability in multiple products Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user. | 8.8 |
2023-05-25 | CVE-2023-0950 | Improper Validation of Array Index vulnerability in multiple products Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. | 7.8 |
2022-07-25 | CVE-2022-26305 | Improper Certificate Validation vulnerability in Libreoffice 7.2.0/7.3.0/7.3.1 An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro was signed by a trusted author was done by only matching the serial number and issuer string of the used certificate with that of a trusted certificate. | 7.5 |
2022-07-25 | CVE-2022-26306 | Use of Insufficiently Random Values vulnerability in multiple products LibreOffice supports the storage of passwords for web connections in the user’s configuration database. | 7.5 |
2022-07-25 | CVE-2022-26307 | LibreOffice supports the storage of passwords for web connections in the user’s configuration database. | 8.8 |
2022-02-24 | CVE-2021-25636 | Improper Certificate Validation vulnerability in multiple products LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. | 7.5 |
2021-10-12 | CVE-2021-25634 | Improper Certificate Validation vulnerability in multiple products LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. | 7.5 |
2021-10-11 | CVE-2021-25633 | Improper Certificate Validation vulnerability in multiple products LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. | 7.5 |