VYPR

Libreoffice Online

by The Document Foundation

Source repositories

CVEs (35)

  • CVE-2021-25634HigOct 12, 2021
    risk 0.49cvss 7.5epss 0.01

    LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice…

  • CVE-2021-25633HigOct 11, 2021
    risk 0.49cvss 7.5epss 0.01

    LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice…

  • CVE-2019-9854HigSep 6, 2019
    risk 0.44cvss 7.8epss 0.02

    LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of…

  • CVE-2024-12426MedJan 7, 2025
    risk 0.42cvss 6.5epss 0.01

    Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be…

  • CVE-2020-12803MedJun 8, 2020
    risk 0.42cvss 6.5epss 0.02

    ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted…

  • CVE-2022-3140MedOct 11, 2022
    risk 0.41cvss 6.3epss 0.04

    LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed…

  • CVE-2025-2866MedApr 27, 2025
    risk 0.36cvss 5.5epss 0.00

    Improper Verification of Cryptographic Signature vulnerability in LibreOffice allows PDF Signature Spoofing by Improper Validation. In the affected versions of LibreOffice a flaw in the verification code for adbe.pkcs7.sha1 signatures could cause invalid signatures to be…

  • CVE-2021-25635MedMar 21, 2025
    risk 0.36cvss 5.5epss 0.00

    An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to self sign an ODF document, with a signature untrusted by the target, then modify it to change the signature algorithm to an invalid (or unknown to LibreOffice) algorithm and LibreOffice…

  • CVE-2024-3044MedMay 14, 2024
    risk 0.35cvss 6.5epss 0.01

    Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed…

  • CVE-2023-2255MedMay 25, 2023
    risk 0.35cvss 5.3epss 0.02

    Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used "floating frames" linked to…

  • CVE-2020-12802MedJun 8, 2020
    risk 0.35cvss 5.3epss 0.02

    LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a…

  • CVE-2020-12801MedMay 18, 2020
    risk 0.35cvss 5.3epss 0.01

    If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers to restore the document and prompts for the password to decrypt it. If the recovery is successful, and if the file format of the recovered document…

  • CVE-2019-9849MedJul 17, 2019
    risk 0.28cvss 4.3epss 0.03

    LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a…

  • CVE-2024-12425LowJan 7, 2025
    risk 0.21cvss 3.3epss 0.00

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal. An attacker can write to arbitrary locations, albeit suffixed with ".ttf", by supplying a file in a format that…

  • CVE-2015-4551Nov 10, 2015
    risk 0.01cvss epss 0.14

    LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links, which might allow remote attackers to obtain sensitive information via a crafted document, which…

Page 2 of 2