USN-7258-1: CKEditor vulnerabilities

Read Time:57 Second

Kevin Backhouse discovered that CKEditor did not properly sanitize HTML
content. An attacker could possibly use this issue to perform cross site
scripting and obtain sensitive information. This issue only affected
Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
(CVE-2022-24728)

It was discovered that CKEditor did not properly handle the creation of
editor instances in the Iframe Dialog and Media Embed packages. An
attacker could possibly use this issue to perform cross site scripting
and obtain sensitive information. This issue only affected
Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
(CVE-2023-28439)

It was discovered that CKEditor did not properly handle parsing HTML
content. An attacker could possibly use this issue to perform cross site
scripting and obtain sensitive information.
(CVE-2024-24815, CVE-2024-24816)

It was discovered that CKEditor did not properly sanitize version
notifications. An attacker could possibly use this issue to perform cross
site scripting and obtain sensitive information. This issue only affected
Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2024-43411)

ClickFix: How to Infect Your PC in Three Easy Steps

Friday Squid Blogging: SQUID Band

Upcoming Speaking Engagements

LockBit Ransomware Developer Extradited to US

TP-Link Router Botnet

Fraudsters Impersonate Clop Ransomware to Extort Businesses

Cybersecurity Industry Falls Short on Collaboration, Says Former GCHQ Director

Volt Typhoon Accessed US OT Network for Nearly a Year

CISA, FBI Warn of Medusa Ransomware Impacting Critical Infrastructure

USN-7258-1: CKEditor vulnerabilities

OpenIPMI-2.0.36-1.fc41

DSA-5879-1 opensaml – security update

chromium-134.0.6998.88-3.fc42

jupyterlab-4.3.6-1.fc41

jupyterlab-4.3.6-1.fc40

MS-ISAC CYBERSECURITY ADVISORY – Multiple Vulnerabilities in Sante PACS Server Could Allow for Remote Code Execution – PATCH NOW – TLP: CLEAR