| Max CVSS | 9.3 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2020-12803 | 4.3 |
ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which
|
31-12-2023 - 14:15 | 08-06-2020 - 16:15 | |
| CVE-2012-2665 | 7.5 |
Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Open Do
|
13-02-2023 - 04:33 | 06-08-2012 - 18:55 | |
| CVE-2014-3693 | 7.5 |
Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to TCP p
|
13-02-2023 - 00:42 | 07-11-2014 - 19:55 | |
| CVE-2016-0795 | 9.3 |
LibreOffice before 5.0.5 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LwpTocSuperLayout record in a LotusWordPro (lwp) document.
|
12-02-2023 - 23:16 | 18-02-2016 - 21:59 | |
| CVE-2015-1774 | 6.8 |
The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-
|
07-02-2022 - 16:32 | 28-04-2015 - 14:59 | |
| CVE-2018-10583 | 5.0 |
An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg with
|
21-10-2020 - 13:15 | 01-05-2018 - 16:29 | |
| CVE-2019-9854 | 6.8 |
LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Script
|
24-08-2020 - 17:37 | 06-09-2019 - 19:15 | |
| CVE-2018-6871 | 5.0 |
LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.
|
03-10-2019 - 00:03 | 09-02-2018 - 06:29 | |
| CVE-2018-16858 | 7.5 |
It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice
|
06-08-2019 - 17:15 | 25-03-2019 - 18:29 | |
| CVE-2017-3157 | 4.3 |
By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections
|
08-05-2019 - 18:51 | 20-11-2017 - 20:29 | |
| CVE-2017-7870 | 7.5 |
LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in tools/source/generic/poly.cxx.
|
05-01-2018 - 02:31 | 14-04-2017 - 04:59 | |
| CVE-2015-5214 | 6.8 |
LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via an index to a non-existent bookmark in a DOC
|
01-07-2017 - 01:29 | 10-11-2015 - 17:59 |