EUVD-2025-7377

Malicious code in bioql PyPI...

CVE-2025-1080

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could be constructed with...

PT-2025-9702 · Document Foundation +9 · Libreoffice +9

Name of the Vulnerable Software and Affected Versions: LibreOffice versions 24.8 through 24.8.4 LibreOffice versions 25.2 through 25.2.0 Description: The issue affects LibreOffice's integration with MS SharePoint server, where an additional scheme 'vnd.libreoffice.command' was added to support...

Rocky Linux 8 : libreoffice (RLSA-2023:0089)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0089 advisory. - An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro was signed by a trusted author was done by only...

Debian dla-3368 : fonts-opensymbol - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3368 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3368-1 [email protected]...

GLSA-202212-04 : LibreOffice: Arbitrary Code Execution

The remote host is affected by the vulnerability described in GLSA-202212-04 LibreOffice: Arbitrary Code Execution - LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffi...

Updated libreoffice packages fix security vulnerability

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal...

SUSE SLED15 / SLES15 Security Update : libreoffice (SUSE-SU-2022:3650-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3650-1 advisory. - An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro was...

CVE-2022-3140

A vulnerability was found in LibreOffice that affects the Office URI Schemes. These schemes enable browser integration of LibreOffice with the MS SharePoint server. In LibreOffice, the links using the scheme 'vnd.libreoffice.command' could be constructed to call internal macros with arbitrary...

Debian DSA-5252-1 : libreoffice - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5252 advisory. - LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific t...

CVE-2022-3140

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal...

Design/Logic Flaw

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal...

CVE-2022-3140 Macro URL arbitrary script execution

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal...

CVE-2022-3140

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal...

CVE-2022-3140

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal...

sharepoint-xss.txt

Hi! I think this is a XSS in MS SharePoint, you can reproduce it in SharePoint test server using for example following url: http://www.example.com/sharepoint/default.aspx/%22;iftruealert%22qwertytis This is due a lack of string stripping when putting the path into javascript. It seems to work at...