CVE-2023-28439

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages ...

runc security update

4:1.1.12-4 - rebuild for CVE-2024-24783 - Resolves: RHEL-28439...

Fedora 39 : ckeditor (2023-426b3a500d)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-426b3a500d advisory. - 4.22.0/4.22.1 - 4.21.0 - GHSA-vh5c-xwqv-cv9g / CVE-2023-28439 - 4.20.2 - 4.20.1 Tenable has extracted the preceding description block directly from the...

Oracle Business Intelligence Enterprise Edition (OAS 7.0) (October 2023 CPU)

The version of Oracle Business Intelligence Enterprise Edition OAS 7.0.0.0 installed on the remote host is affected by multiple vulnerabilities as referenced in the October 2023 CPU advisory, including the following: - Vulnerability in the Oracle Business Intelligence Enterprise Edition product o...

Fedora: Security Advisory for ckeditor (FEDORA-2023-983ff03630)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 37 : ckeditor (2023-983ff03630)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-983ff03630 advisory. - 4.22.0/4.22.1 - 4.21.0 - GHSA-vh5c-xwqv-cv9g / CVE-2023-28439 - 4.20.2 - 4.20.1 Tenable has extracted the preceding description block directly from the...

Fedora 38 : ckeditor (2023-79b5902a52)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-79b5902a52 advisory. - 4.22.0/4.22.1 - 4.21.0 - GHSA-vh5c-xwqv-cv9g / CVE-2023-28439 - 4.20.2 - 4.20.1 Tenable has extracted the preceding description block directly from the...

Oracle Business Intelligence Enterprise Edition (OAS) (July 2023 CPU)

The version of Oracle Business Intelligence Enterprise Edition OAS 6.4.0.0.0 and 7.0.0.0 installed on the remote host are affected by a vulnerability as referenced in the July 2023 CPU advisory. - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics...

CKeditor 4.20.2 in use which is vulnerable to CVE-2023-28439

Description CKeditor 4.20.2 in use which is vulnerable to CVE-2023-28439 Proof of Concept 1 Go to https://demo.limesurvey.org/tmp/assets/a89a2fb4/ckeditor.js and note that version:"4.20.2" 2 Go to https://github.com/LimeSurvey/LimeSurvey/blob/master/assets/packages/ckeditor/ckeditor.js to verify...

CVE-2023-28439

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages ...

CVE-2023-28439 ckeditor4 plugins vulnerable to cross-site scripting caused by the editor instance destroying process

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages ...

CVE-2023-28439

CKEditor4 contains a cross-site scripting vulnerability affecting the Iframe Dialog and Media Embed plugins. The issue arises from improper input handling and specific initialization/destroy conditions that can trigger JavaScript execution on a page with insufficient CSP. A patch is available in ...

CVE-2022-28439

CVE-2022-28439 affects Baby Care System v1.0. A SQL injection vulnerability exists in the userid parameter of /admin/uesrs.php (query uses userid=4 with action=delete), allowing arbitrary SQL execution. Connected sources (CNVD, NVD, Red Hat, CVE listings, CNVD/CNNVD) consistently describe lack of...

CVE-2021-28439

Windows TCP/IP Driver Denial of Service Vulnerability...

CVE-2021-28439

Windows TCP/IP Driver Denial of Service Vulnerability...

CVE-2021-28439

Technical details for CVE-2021-28439 (Windows TCP/IP Driver DoS) are not present in the provided Connected documents. Public details, affected products/versions, impact, and fixes are not specified here—monitor for updates.

CVE-2021-28439 Windows TCP/IP Driver Denial of Service Vulnerability

...

KLA12142 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products Extended Support Update. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, cause denial of service, gain privileges, bypass security restrictions, spoof user interface. Below is a...

KB5001389: Windows Server 2008 Security Update (Apr 2021)

The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - Microsoft Internet Messaging API Remote Code Execution Vulnerability CVE-2021-27089 - Windows Kernel Information Disclosure Vulnerability CVE-2021-27093, CVE-2021-28309 - Windows Media...

KB5001347: Windows 10 version 1607 / Windows Server 2016 Security Update (Apr 2021)

The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - Win32k Elevation of Privilege Vulnerability CVE-2021-27072 - Windows Media Photo Codec Information Disclosure Vulnerability CVE-2021-27079 - Microsoft Internet Messaging API Remote Code...