80 matches found
CKEditor 4.0 < 4.17.0 Multiple Vulnerabilities - Windows
CKEditor is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
DEBIAN-CVE-2021-41164
CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter ACF module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result ...
Hardcoded credentials
CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter ACF module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result ...
CVE-2021-41164
CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter ACF module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result ...
UBUNTU-CVE-2021-41164
CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter ACF module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result ...
Advanced Content Filter (ACF) vulnerability allowing to execute JavaScript code using malformed HTML
Affected packages The vulnerability has been discovered in the Advanced Content Filter ACF module and may affect all plugins used by CKEditor 4. Impact A potential vulnerability has been discovered in CKEditor 4 Advanced Content Filter ACF core module. The vulnerability allowed to inject malforme...
PT-2021-6875 · Unknown +1 · Ckeditor 4 +1
Name of the Vulnerable Software and Affected Versions: CKEditor 4 versions prior to 4.17.0 Description: The issue is related to the Advanced Content Filter ACF module in CKEditor 4, which fails to properly protect the structure of web pages. This allows a remote attacker to bypass existing access...
Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2021-011
The Drupal project uses the CKEditor library for WYSIWYG editing. CKEditor has released a security update that impacts Drupal, along with a hotfix for that update. Vulnerabilities are possible if Drupal is configured to allow use of the CKEditor library for WYSIWYG editing. An attacker that can...
Denial Of Service
gpac is vulnerable to denial of service. The vulnerability exists due to an exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library...
GPAC Project on Advanced Content Integer Overflow Vulnerability (CNVD-2021-82985)
GPAC Project on Advanced Content is an open source cross-platform library that implements the MPEG-4 system standard and provides tools for media playback, vector graphics, and 3D rendering. an integer overflow vulnerability exists in the MPEG-4 decoding functionality in GPAC Project on Advanced...
GPAC Project on Advanced Content Integer Overflow Vulnerability (CNVD-2021-82984)
GPAC Project on Advanced Content is an open source cross-platform library that implements the MPEG-4 system standard and provides tools for media playback, vector graphics, and 3D rendering. an integer overflow vulnerability exists in the MPEG-4 decoding functionality in GPAC Project on Advanced...
DEBIAN-CVE-2021-21848
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The library will actually reuse the parser for atoms with the “stsz” FOURCC code when parsing atoms that use the “stz2” FOURCC code and can cause a...
CVE-2021-21834
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when decoding the atom for the “co64” FOURCC can cause an integer overflow due to unchecked arithmetic resulting i...
UBUNTU-CVE-2021-21841
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when reading an atom using the 'sbgp' FOURCC code can cause an integer overflow due to unchecked arithmetic...
UBUNTU-CVE-2021-21849
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the “tfra” FOURCC code due to unchecked...
UBUNTU-CVE-2021-21835
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when decoding the atom associated with the “csgp” FOURCC can cause an integer overflow due to unchecked arithmetic...
CVE-2021-21849
GPAC library (GPAC Project on Advanced Content), version 1.0.1, contains an exploitable integer overflow in MPEG‑4 decoding for atoms using tfra (and related FOURCCs), leading to a heap‑based buffer overflow and memory corruption. The flaw is triggered by specially crafted MPEG‑4 input and can be...
CVE-2021-21840
GPAC Project on Advanced Content (GPAC) library v1.0.1 contains a vulnerability in MPEG-4 decoding. A crafted MPEG-4 input targeting the saio FOURCC can trigger an integer overflow, leading to a heap-based buffer overflow and memory corruption. The issue is exploitable when a user opens a malicio...
CVE-2021-21836
CVE-2021-21836 concerns the GPAC Project on Advanced Content library (GPAC) v1.0.1. The vulnerability is a heap-based buffer overflow triggered by an exploitable integer overflow in the MPEG-4 decoding path when processing the ctts atom/FOURCC, due to unchecked arithmetic. This can lead to memory...
GPAC Project on Advanced Content Integer Overflow Vulnerability (CNVD-2022-03633)
GPAC Project on Advanced Content is an open source cross-platform library that implements the MPEG-4 system standard and provides tools for media playback, vector graphics, and 3D rendering.GPAC Project on Advanced Content is vulnerable to an integer overflow vulnerability that originates from an...