CVE Vulnerabilities for reMarkable
| CVE | Published | Severity | Details | Exploitability | Impact | Vector |
|---|---|---|---|---|---|---|
| CVE‑2019‑12043 | 2019‑05‑13 14:29:02 | MEDIUM (4) | In remarkable 1.7.1, lib/parser_inline.js mishandles URL filtering, which allows attackers to trigger XSS via unprintable characters, as demonstrated by a \x0ejavascript: URL. | 0 | 0 | NETWORK |
| CVE‑2019‑12041 | 2019‑05‑13 13:29:02 | HIGH (8) | lib/common/html_re.js in remarkable 1.7.1 allows Regular Expression Denial of Service (ReDoS) via a CDATA section. | 4 | 4 | NETWORK |
| CVE‑2017‑16006 | 2018‑06‑04 19:29:01 | MEDIUM (4) | Remarkable is a markdown parser. In versions 1.6.2 and lower, remarkable allows the use of `data:` URIs in links and can therefore execute javascript. | 0 | 0 | NETWORK |
| CVE‑2014‑10065 | 2018‑05‑31 20:29:00 | MEDIUM (4) | Certain input when passed into remarkable before 1.4.1 will bypass the bad protocol check that disallows the javascript: scheme allowing for javascript: url's to be injected into the rendered content. | 0 | 0 | NETWORK |
View OS-specific patching for:
Windows Mac Linux
Logos, products, trade names, and company names are all the property of their respective trademark holders.
The above listing includes products that Lavawall® monitors through public information and/or proprietary statistical analysis.
Although we do have a partner relationship with some of the listed products and companies, they do not necessarily endorse Lavawall® or have integrations with our systems.