Vulnerabilities > Libreoffice > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-05-03 | CVE-2021-25631 | Unspecified vulnerability in Libreoffice 7.0.4/7.1.0/7.1.1 In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type. | 9.3 |
2019-09-06 | CVE-2019-9855 | Channel and Path Errors vulnerability in multiple products LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. | 9.8 |
2019-08-15 | CVE-2019-9851 | Improper Input Validation vulnerability in multiple products LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. | 9.8 |
2019-08-15 | CVE-2019-9850 | Improper Input Validation vulnerability in multiple products LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. | 9.8 |
2019-07-17 | CVE-2019-9848 | Code Injection vulnerability in multiple products LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. | 9.8 |
2014-08-26 | CVE-2014-3524 | Command Injection vulnerability in multiple products Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet. | 9.3 |
2011-07-21 | CVE-2011-2685 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libreoffice Stack-based buffer overflow in the Lotus Word Pro import filter in LibreOffice before 3.3.3 allows remote attackers to execute arbitrary code via a crafted .lwp file. | 9.3 |