Lucene search
K

89 matches found

Veracode
Veracode
added 2021/01/27 5:34 a.m.33 views

Regular Expression Denial Of Service (ReDoS)

ckeditor4 is vulnerable to regular expression denial of service. An insecure usage of the regular expression allows an attacker to crash the user's browser through excessive memory consumption by tricking a user into pasting a malicious text into nto the editor, and then press Enter or Space in t...

6.5CVSS4.6AI score0.02223EPSS
Exploits0References5Affected Software3
NVD
NVD
added 2021/01/26 9:15 p.m.28 views

CVE-2021-26272

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space in the Autolink plugin...

6.5CVSS6.5AI score0.02223EPSS
Exploits0References5
OSV
OSV
added 2021/01/26 9:15 p.m.3 views

DEBIAN-CVE-2021-26272

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space in the Autolink plugin...

6.5CVSS6.9AI score0.02223EPSS
Exploits0References1
OSV
OSV
added 2021/01/26 9:15 p.m.32 views

CVE-2021-26272

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space in the Autolink plugin...

6.5CVSS6.8AI score
Exploits0References5
Prion
Prion
added 2021/01/26 9:15 p.m.59 views

Design/Logic Flaw

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space in the Autolink plugin...

4.3CVSS6.6AI score0.02223EPSS
Exploits0References5Affected Software10
UbuntuCve
UbuntuCve
added 2021/01/26 9:15 p.m.41 views

CVE-2021-26272

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space in the Autolink plugin...

6.5CVSS7AI score0.02223EPSS
Exploits0References2
OSV
OSV
added 2021/01/26 9:15 p.m.3 views

UBUNTU-CVE-2021-26272

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space in the Autolink plugin...

6.5CVSS7.2AI score0.02223EPSS
Exploits0References3
CVE
CVE
added 2021/01/26 8:39 p.m.648 views

CVE-2021-26272

CVE-2021-26272 is a ReDoS in CKEditor 4 Autolink: by pasting crafted URL-like text and pressing Enter/Space, a victim can trigger a denial-of-service. The publicly documented detail confirms CKEditor 4.x up to before 4.16 is affected; remediation is to upgrade to CKEditor 4.16+ or apply a fix as ...

6.5CVSS6.6AI score0.02223EPSS
Exploits0References5Affected Software1
Debian CVE
Debian CVE
added 2021/01/26 8:39 p.m.37 views

CVE-2021-26272

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space in the Autolink plugin...

6.5CVSS6.7AI score0.02223EPSS
Exploits0
Cvelist
Cvelist
added 2021/01/26 8:39 p.m.46 views

CVE-2021-26272

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space in the Autolink plugin...

7AI score0.02223EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/01/26 12:0 a.m.7 views

CKEditor Security Vulnerabilities

CKEditor is an open source, web-based text editor. A security vulnerability exists in CKEditor versions prior to 4.16, which is triggered by tricking a victim into pasting edited url-like text into the editor and then pressing enter or space in the Autolink plugin...

6.5CVSS6.7AI score0.02223EPSS
Exploits0References14
Malwarebytes
Malwarebytes
added 2018/05/10 7:58 p.m.2876 views

Internet Explorer zero-day: browser is once again under attack

Update 2018-05-25: CVE-2018-8174 has been added to the RIG exploit kit MDNC. Update 2018-05-22: Security researcher Richard Warren mentioned that a fully working IE zero-day now patched with payload was uploaded to VirusTotal. We decided to test Malwarebytes against it, since last time we only ha...

9.3CVSS8.3AI score0.99933EPSS
Exploits48
NVD
NVD
added 2017/10/19 8:29 a.m.14 views

CVE-2017-15612

mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline such as in java\nscript: or a crafted email address, related to the escape and autolink functions...

6.1CVSS5.9AI score0.00923EPSS
Exploits1References1
Prion
Prion
added 2017/10/19 8:29 a.m.15 views

Design/Logic Flaw

mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline such as in java\nscript: or a crafted email address, related to the escape and autolink functions...

4.3CVSS5.8AI score0.00923EPSS
Exploits1References1Affected Software1
PyPA
PyPA
added 2017/10/19 8:29 a.m.8 views

PYSEC-2017-80

mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline such as in java\nscript: or a crafted email address, related to the escape and autolink functions...

6.1CVSS6.2AI score0.00923EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2017/10/19 8:29 a.m.2 views

DEBIAN-CVE-2017-15612

mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline such as in java\nscript: or a crafted email address, related to the escape and autolink functions...

6.1CVSS6.2AI score0.00923EPSS
Exploits1References1
OSV
OSV
added 2017/10/19 8:29 a.m.5 views

UBUNTU-CVE-2017-15612

mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline such as in java\nscript: or a crafted email address, related to the escape and autolink functions...

6.1CVSS6.4AI score0.00923EPSS
Exploits1References3
OSV
OSV
added 2017/10/19 8:29 a.m.24 views

PYSEC-2017-80

mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline such as in java\nscript: or a crafted email address, related to the escape and autolink functions...

6.1CVSS3.6AI score0.00923EPSS
Exploits1References2
CVE
CVE
added 2017/10/19 8:0 a.m.90 views

CVE-2017-15612

The CVE relates to Mistune Python package: mistune.py in Mistune 0.7.4 contains an XSS vulnerability triggered by an unexpected newline (e.g., java\nscript:) or crafted email addresses, tied to escape and autolink handling. Connected sources document this vulnerability and show mitigations: openS...

6.1CVSS5.7AI score0.00923EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2017/10/19 8:0 a.m.36 views

CVE-2017-15612

mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline such as in java\nscript: or a crafted email address, related to the escape and autolink functions...

5.9AI score0.00923EPSS
Exploits1References1
Rows per page
Query Builder