9 matches found
SUSE CVE-2026-46024
In the Linux kernel, the following vulnerability has been resolved: libceph: Prevent potential null-ptr-deref in cephhandleauthreply If a message of type CEPHMSGAUTHREPLY contains a zero value for both protocol and result, this is currently not treated as an error. In case of ac-negotiating == tr...
CVE-2026-46024
In the Linux kernel, the following vulnerability has been resolved: libceph: Prevent potential null-ptr-deref in cephhandleauthreply If a message of type CEPHMSGAUTHREPLY contains a zero value for both protocol and result, this is currently not treated as an error. In case of ac-negotiating == tr...
UBUNTU-CVE-2026-46024
In the Linux kernel, the following vulnerability has been resolved: libceph: Prevent potential null-ptr-deref in cephhandleauthreply If a message of type CEPHMSGAUTHREPLY contains a zero value for both protocol and result, this is currently not treated as an error. In case of ac-negotiating == tr...
CVE-2026-46024
In the Linux kernel, the following vulnerability has been resolved: libceph: Prevent potential null-ptr-deref in cephhandleauthreply If a message of type CEPHMSGAUTHREPLY contains a zero value for both protocol and result, this is currently not treated as an error. In case of ac-negotiating == tr...
WordPress Input Validation Error Vulnerability (CNVD-2020-03945)
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in the 'wpksesbadprotocol' function in the wp-includes/kses.php file in...
PT-2019-5222 · WordPress · Wordpress
Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.3.1 Description: The issue is related to the wp kses bad protocol function in WordPress, which mishandles the HTML5 colon named entity. This allows attackers to bypass input sanitization. For example, the...
Design/Logic Flaw
Certain input when passed into remarkable before 1.4.1 will bypass the bad protocol check that disallows the javascript: scheme allowing for javascript: url's to be injected into the rendered content...
CVE-2014-10065
Certain input when passed into remarkable before 1.4.1 will bypass the bad protocol check that disallows the javascript: scheme allowing for javascript: url's to be injected into the rendered content...
CVE-2014-10065
The CVE-2014-10065 entry concerns the remarkable Markdown parser. Affected: versions before 1.4.1. Root cause: input handling failed to properly restrict link protocols, permitting javascript: URLs to be injected into rendered content (XSS). Impact/notes: enables cross-site scripting via crafted ...