rpm package
opensuse/libreoffice&distro=openSUSE Leap 15.1
pkg:rpm/opensuse/libreoffice&distro=openSUSE%20Leap%2015.1
Vulnerabilities (12)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-12803 | — | < 6.4.5.2-lp151.3.18.1 | 6.4.5.2-lp151.3.18.1 | Jun 8, 2020 | ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted w | ||
| CVE-2020-12802 | — | < 6.4.5.2-lp151.3.18.1 | 6.4.5.2-lp151.3.18.1 | Jun 8, 2020 | LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a documen | ||
| CVE-2020-12801 | — | < 6.4.4.2-lp151.3.15.1 | 6.4.4.2-lp151.3.15.1 | May 18, 2020 | If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers to restore the document and prompts for the password to decrypt it. If the recovery is successful, and if the file format of the recovered document was | ||
| CVE-2019-9853 | — | < 6.3.3.2-lp151.3.9.1 | 6.3.3.2-lp151.3.9.1 | Sep 27, 2019 | LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw existed in how the urls to the macros within the document were processed and categori | ||
| CVE-2019-9855 | — | < 6.2.7.1-lp151.3.6.1 | 6.2.7.1-lp151.3.6.1 | Sep 6, 2019 | LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be | ||
| CVE-2019-9854 | — | < 6.2.7.1-lp151.3.6.1 | 6.2.7.1-lp151.3.6.1 | Sep 6, 2019 | LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of th | ||
| CVE-2019-9852 | — | < 6.2.7.1-lp151.3.6.1 | 6.2.7.1-lp151.3.6.1 | Aug 15, 2019 | LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of th | ||
| CVE-2019-9851 | — | < 6.2.7.1-lp151.3.6.1 | 6.2.7.1-lp151.3.6.1 | Aug 15, 2019 | LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document eve | ||
| CVE-2019-9850 | — | < 6.2.7.1-lp151.3.6.1 | 6.2.7.1-lp151.3.6.1 | Aug 15, 2019 | LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be | ||
| CVE-2019-9849 | — | < 6.2.7.1-lp151.3.6.1 | 6.2.7.1-lp151.3.6.1 | Jul 17, 2019 | LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a documen | ||
| CVE-2019-9848 | — | < 6.2.7.1-lp151.3.6.1 | 6.2.7.1-lp151.3.6.1 | Jul 17, 2019 | LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into e | ||
| CVE-2018-16858 | — | < 6.2.5.2-lp151.3.3.4 | 6.2.5.2-lp151.3.3.4 | Mar 25, 2019 | It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python metho |
- CVE-2020-12803Jun 8, 2020affected < 6.4.5.2-lp151.3.18.1fixed 6.4.5.2-lp151.3.18.1
ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted w
- CVE-2020-12802Jun 8, 2020affected < 6.4.5.2-lp151.3.18.1fixed 6.4.5.2-lp151.3.18.1
LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a documen
- CVE-2020-12801May 18, 2020affected < 6.4.4.2-lp151.3.15.1fixed 6.4.4.2-lp151.3.15.1
If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers to restore the document and prompts for the password to decrypt it. If the recovery is successful, and if the file format of the recovered document was
- CVE-2019-9853Sep 27, 2019affected < 6.3.3.2-lp151.3.9.1fixed 6.3.3.2-lp151.3.9.1
LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw existed in how the urls to the macros within the document were processed and categori
- CVE-2019-9855Sep 6, 2019affected < 6.2.7.1-lp151.3.6.1fixed 6.2.7.1-lp151.3.6.1
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be
- CVE-2019-9854Sep 6, 2019affected < 6.2.7.1-lp151.3.6.1fixed 6.2.7.1-lp151.3.6.1
LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of th
- CVE-2019-9852Aug 15, 2019affected < 6.2.7.1-lp151.3.6.1fixed 6.2.7.1-lp151.3.6.1
LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of th
- CVE-2019-9851Aug 15, 2019affected < 6.2.7.1-lp151.3.6.1fixed 6.2.7.1-lp151.3.6.1
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document eve
- CVE-2019-9850Aug 15, 2019affected < 6.2.7.1-lp151.3.6.1fixed 6.2.7.1-lp151.3.6.1
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be
- CVE-2019-9849Jul 17, 2019affected < 6.2.7.1-lp151.3.6.1fixed 6.2.7.1-lp151.3.6.1
LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a documen
- CVE-2019-9848Jul 17, 2019affected < 6.2.7.1-lp151.3.6.1fixed 6.2.7.1-lp151.3.6.1
LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into e
- CVE-2018-16858Mar 25, 2019affected < 6.2.5.2-lp151.3.3.4fixed 6.2.5.2-lp151.3.3.4
It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python metho