SUSE CVE-2015-8543

The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service NULL function pointer dereference and system crash or possibly gain...

DEBIAN-CVE-2023-22485

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior 0.29.0.gfm.7, a crafted markdown document can trigger an out-of-bounds read in the validateprotocol function. We believe this bug is harmless in practice, because the out-of-bounds...

Router can perform swaps, add/remove liquidity to pools that do not belong to the protocol.

Lines of code Vulnerability details Impact Users can lose their funds PoC In UniswapV3 decodeFirstPool returns the tuple address tokenOut, address tokenIn, uint24 fee . From there it lookups the corresponding pool address with getPooltokenIn, tokenOut, fee which may not exist. See However, in you...

urijs: Leading white space bypasses protocol validation

An improper input validation flaw was found in urijs where white space characters are not removed from the beginning of an URL. This issue allows bypassing the protocol validation...

CVE-2022-41706

CVE-2022-41706 affects Browsershot version 3.57.2, where the URL protocol passed to Browsershot::url is not validated. This allows an external attacker to remotely obtain arbitrary local files. The available documents describe the vulnerability and impact (remote local file access) but do not pro...

CVE-2022-41706 Browsershot 3.57.2 - Server Side XSS to LFR via URL

Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the URL protocol passed to the Browsershot::url method...

PT-2022-26035 · Unknown · Browsershot

Name of the Vulnerable Software and Affected Versions: Browsershot version 3.57.2 Description: The issue allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the URL protocol passed to the Browsershot::url method...

Joplin Remote Code Execution

Joplin version 2.8.8 allows an external attacker to execute arbitrary commands remotely on any client that opens a link in a malicious markdown file, via Joplin. This is possible because the application does not properly validate the schema/protocol of existing links in the markdown file before...

CVE-2022-40277

Joplin version 2.8.8 allows an external attacker to execute arbitrary commands remotely on any client that opens a link in a malicious markdown file, via Joplin. This is possible because the application does not properly validate the schema/protocol of existing links in the markdown file before...

AMD System Management Mode 数据伪造问题漏洞

AMD System Management Mode is a system management mode from AMD in the United States. It is a CPU execution mode. A security vulnerability exists in AMD System Management Mode that stems from a failure to validate a protocol in SMM, which could allow an attacker to take control of the protocol an...

Leading white space bypasses protocol validation

Impact Whitespace characters are not removed from the beginning of the protocol, so URLs are not parsed properly and protocol validation mechanisms may fail. Patches Patched in 1.19.9 Workarounds Remove leading whitespace from values before passing them to URI.parse e.g. via .hrefvalue or new...

GHSA-GMV4-R438-P67F Leading white space bypasses protocol validation

Impact Whitespace characters are not removed from the beginning of the protocol, so URLs are not parsed properly and protocol validation mechanisms may fail. Patches Patched in 1.19.9 Workarounds Remove leading whitespace from values before passing them to URI.parse e.g. via .hrefvalue or new...

Improper validation of URLs ('Cross-site Scripting') in Wagtail rich text fields

Impact When saving the contents of a rich text field in the admin interface, Wagtail does not apply server-side checks to ensure that link URLs use a valid protocol. A malicious user with access to the admin interface could thus craft a POST request to publish content with javascript: URLs...

PYSEC-2021-114

Wagtail is a Django content management system. In affected versions of Wagtail, when saving the contents of a rich text field in the admin interface, Wagtail does not apply server-side checks to ensure that link URLs use a valid protocol. A malicious user with access to the admin interface could...

npmjs-url-parse: Improper validation of protocol of the returned URL

An input validation flaw exists in the node.js-url-parse, which results in the URL being incorrectly set to the document location protocol instead of the URL being passed as an argument. An attacker could use this flaw to bypass security checks on URLs...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 1.0.10 Jaeger and Kiali security update

An update for Jaeger and Kiali is now available for Openshift Service Mesh 1.0. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

The vulnerability of Remote Desktop Services (RDS) for Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of Remote Desktop Services RDS for Windows operating systems arises due to errors in checking RDS service requests during RDP protocol connections. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted requests to the RDS...

CVE-2018-14339

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE dissector could go into an infinite loop. This was addressed in epan/proto.c by adding offset and length validation...

OracleVM 3.2 : kernel-uek (OVMSA-2016-0060)

The remote OracleVM system is missing necessary patches to address critical security updates : - IPoIB: increase send queue size to 4 times Ajaykumar Hotchandani - IB/ipoib: Change send workqueue size for CM mode Ajaykumar Hotchandani Orabug: 22287489 - Avoid 60sec timeout when receiving rtpg sen...

Unbreakable Enterprise kernel security update

2.6.39-400.278.3 - net: add validation for the socket syscall protocol argument Hannes Frederic Sowa Orabug: 23267976 CVE-2015-8543 CVE-2015-8543 - ipv6: addrconf: validate new MTU before applying it Marcelo Leitner Orabug: 23263251 CVE-2015-8215 - ext4: avoid hang when mounting non-journal...