Low
CVSS: 0.9
An Authentication Bypass vulnerability existed where the application bundled an interpreter (Python) that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle
By executing…
Low
CVSS: 2.4
Improper Verification of Cryptographic Signature vulnerability in LibreOffice allows PDF Signature Spoofing by Improper Validation.
In the affected versions of LibreOffice a flaw in the verification code for adbe.pkcs7.sha1 signatures c…
Medium
CVSS: 5.2
An Improper Certificate Validation vulnerability in LibreOffice allowed
an attacker to self sign an ODF document, with a signature untrusted by
the target, then modify it to change the signature algorithm to an
invalid (or unknown to Lib…
High
CVSS: 7.2
LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link…
High
CVSS: 7.2
Improper Input Validation vulnerability in The Document Foundation LibreOffice allows Windows Executable hyperlink targets to be executed unconditionally on activation.This issue affects LibreOffice: from 24.8 before < 24.8.5.
Medium
CVSS: 6.7
Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice.
URLs could be constructed which expanded environmental variables or INI file values, so pot…
Low
CVSS: 2.4
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal.
An attacker can write to arbitrary locations, albeit suffixed with ".ttf…