Lucene search
K

80 matches found

OpenVAS
OpenVAS
added 2021/11/18 12:0 a.m.23 views

CKEditor 4.0 < 4.17.0 Multiple Vulnerabilities - Windows

CKEditor is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.2CVSS5.9AI score0.0147EPSS
Exploits0References2
OSV
OSV
added 2021/11/17 7:15 p.m.2 views

DEBIAN-CVE-2021-41164

CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter ACF module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result ...

5.4CVSS6.9AI score0.01257EPSS
Exploits0References1
Prion
Prion
added 2021/11/17 7:15 p.m.65 views

Hardcoded credentials

CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter ACF module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result ...

3.5CVSS6AI score0.01257EPSS
Exploits0References8Affected Software10
ATTACKERKB
ATTACKERKB
added 2021/11/17 7:15 p.m.3 views

CVE-2021-41164

CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter ACF module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result ...

8.2CVSS6.6AI score0.01257EPSS
Exploits0References11Affected Software1
OSV
OSV
added 2021/11/17 7:15 p.m.2 views

UBUNTU-CVE-2021-41164

CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter ACF module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result ...

8.2CVSS6.7AI score0.01257EPSS
Exploits0References6
RubySec
RubySec
added 2021/11/17 12:0 a.m.4 views

Advanced Content Filter (ACF) vulnerability allowing to execute JavaScript code using malformed HTML

Affected packages The vulnerability has been discovered in the Advanced Content Filter ACF module and may affect all plugins used by CKEditor 4. Impact A potential vulnerability has been discovered in CKEditor 4 Advanced Content Filter ACF core module. The vulnerability allowed to inject malforme...

8.2CVSS6.9AI score0.01257EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2021/11/17 12:0 a.m.8 views

PT-2021-6875 · Unknown +1 · Ckeditor 4 +1

Name of the Vulnerable Software and Affected Versions: CKEditor 4 versions prior to 4.17.0 Description: The issue is related to the Advanced Content Filter ACF module in CKEditor 4, which fails to properly protect the structure of web pages. This allows a remote attacker to bypass existing access...

8.2CVSS6.6AI score0.01257EPSS
Exploits0References25
Drupal
Drupal
added 2021/11/17 12:0 a.m.44 views

Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2021-011

The Drupal project uses the CKEditor library for WYSIWYG editing. CKEditor has released a security update that impacts Drupal, along with a hotfix for that update. Vulnerabilities are possible if Drupal is configured to allow use of the CKEditor library for WYSIWYG editing. An attacker that can...

8.2CVSS6.1AI score0.0147EPSS
Exploits0References16
Veracode
Veracode
added 2021/09/02 6:59 p.m.25 views

Denial Of Service

gpac is vulnerable to denial of service. The vulnerability exists due to an exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library...

8.8CVSS4.7AI score0.01695EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2021/08/26 12:0 a.m.24 views

GPAC Project on Advanced Content Integer Overflow Vulnerability (CNVD-2021-82985)

GPAC Project on Advanced Content is an open source cross-platform library that implements the MPEG-4 system standard and provides tools for media playback, vector graphics, and 3D rendering. an integer overflow vulnerability exists in the MPEG-4 decoding functionality in GPAC Project on Advanced...

6.8CVSS3.7AI score0.01703EPSS
Exploits1Affected Software1
CNVD
CNVD
added 2021/08/26 12:0 a.m.16 views

GPAC Project on Advanced Content Integer Overflow Vulnerability (CNVD-2021-82984)

GPAC Project on Advanced Content is an open source cross-platform library that implements the MPEG-4 system standard and provides tools for media playback, vector graphics, and 3D rendering. an integer overflow vulnerability exists in the MPEG-4 decoding functionality in GPAC Project on Advanced...

6.8CVSS3.7AI score0.01695EPSS
Exploits1Affected Software1
OSV
OSV
added 2021/08/25 7:15 p.m.4 views

DEBIAN-CVE-2021-21848

An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The library will actually reuse the parser for atoms with the “stsz” FOURCC code when parsing atoms that use the “stz2” FOURCC code and can cause a...

8.8CVSS8.4AI score0.01695EPSS
Exploits1References1
OSV
OSV
added 2021/08/25 7:15 p.m.20 views

CVE-2021-21834

An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when decoding the atom for the “co64” FOURCC can cause an integer overflow due to unchecked arithmetic resulting i...

8.8CVSS7AI score
Exploits0References2
OSV
OSV
added 2021/08/25 7:15 p.m.3 views

UBUNTU-CVE-2021-21841

An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when reading an atom using the 'sbgp' FOURCC code can cause an integer overflow due to unchecked arithmetic...

8.8CVSS7.6AI score0.01703EPSS
Exploits1References5
OSV
OSV
added 2021/08/25 7:15 p.m.3 views

UBUNTU-CVE-2021-21849

An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the “tfra” FOURCC code due to unchecked...

8.8CVSS7.6AI score0.01695EPSS
Exploits1References5
OSV
OSV
added 2021/08/25 7:15 p.m.3 views

UBUNTU-CVE-2021-21835

An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when decoding the atom associated with the “csgp” FOURCC can cause an integer overflow due to unchecked arithmetic...

8.8CVSS7.5AI score0.0143EPSS
Exploits1References5
CVE
CVE
added 2021/08/25 6:24 p.m.100 views

CVE-2021-21849

GPAC library (GPAC Project on Advanced Content), version 1.0.1, contains an exploitable integer overflow in MPEG‑4 decoding for atoms using tfra (and related FOURCCs), leading to a heap‑based buffer overflow and memory corruption. The flaw is triggered by specially crafted MPEG‑4 input and can be...

8.8CVSS8.6AI score0.01695EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2021/08/25 6:21 p.m.93 views

CVE-2021-21840

GPAC Project on Advanced Content (GPAC) library v1.0.1 contains a vulnerability in MPEG-4 decoding. A crafted MPEG-4 input targeting the saio FOURCC can trigger an integer overflow, leading to a heap-based buffer overflow and memory corruption. The issue is exploitable when a user opens a malicio...

8.8CVSS8.6AI score0.01695EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2021/08/25 6:21 p.m.73 views

CVE-2021-21836

CVE-2021-21836 concerns the GPAC Project on Advanced Content library (GPAC) v1.0.1. The vulnerability is a heap-based buffer overflow triggered by an exploitable integer overflow in the MPEG-4 decoding path when processing the ctts atom/FOURCC, due to unchecked arithmetic. This can lead to memory...

8.8CVSS8.6AI score0.01695EPSS
Exploits1References2Affected Software1
CNVD
CNVD
added 2021/08/23 12:0 a.m.30 views

GPAC Project on Advanced Content Integer Overflow Vulnerability (CNVD-2022-03633)

GPAC Project on Advanced Content is an open source cross-platform library that implements the MPEG-4 system standard and provides tools for media playback, vector graphics, and 3D rendering.GPAC Project on Advanced Content is vulnerable to an integer overflow vulnerability that originates from an...

8.8CVSS2.7AI score0.01695EPSS
Exploits1References1
Rows per page
Query Builder