Test ID:	1.3.6.1.4.1.25623.1.0.845289
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-5340-1)
Summary:	The remote host is missing an update for the 'ckeditor' package(s) announced via the USN-5340-1 advisory.
Description:	Summary: The remote host is missing an update for the 'ckeditor' package(s) announced via the USN-5340-1 advisory. Vulnerability Insight: Kyaw Min Thein discovered that CKEditor incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affects Ubuntu 18.04 LTS. (CVE-2018-9861) Micha Bentkowski discovered that CKEditor incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affects Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-9281) Anton Subbotin discovered that CKEditor incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affects Ubuntu 21.10. (CVE-2021-32808) Anton Subbotin discovered that CKEditor incorrectly handled certain inputs. An attacker could possibly use this issue to inject arbitrary code. (CVE-2021-32809) Or Sahar discovered that CKEditor incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affects Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-33829) Mika Kulmala discovered that CKEditor incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2021-37695) Affected Software/OS: 'ckeditor' package(s) on Ubuntu 18.04, Ubuntu 20.04, Ubuntu 21.10. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-9861 BugTraq ID: 103924 http://www.securityfocus.com/bid/103924 https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html Common Vulnerability Exposure (CVE) ID: CVE-2020-9281 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4HHYQ6N452XTCIROFMJOTYEUWSB6FR4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7OJ4BSS3VEAEXPNSOOUAXX6RDNECGZNO/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L322YA73LCV3TO7ORY45WQDAFJVNKXBE/ https://github.com/ckeditor/ckeditor4 https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpujan2021.html https://www.oracle.com/security-alerts/cpujan2022.html https://www.oracle.com/security-alerts/cpuoct2020.html https://www.oracle.com/security-alerts/cpuoct2021.html Common Vulnerability Exposure (CVE) ID: CVE-2021-32808 https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-6226-h7ff-ch6c https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD/ https://github.com/ckeditor/ckeditor4/releases/tag/4.16.2 Common Vulnerability Exposure (CVE) ID: CVE-2021-32809 https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7889-rm5j-hpgg Common Vulnerability Exposure (CVE) ID: CVE-2021-33829 https://ckeditor.com/blog/ckeditor-4.16.1-with-accessibility-enhancements/#improvements-for-comments-in-html-parser https://lists.debian.org/debian-lts-announce/2021/11/msg00007.html Common Vulnerability Exposure (CVE) ID: CVE-2021-37695 https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-m94c-37g6-cjhc https://github.com/ckeditor/ckeditor4/commit/de3c001540715f9c3801aaa38a1917de46cfcf58
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.