MINI-QXM4-2438-767R

Bulletin has no description...

AlmaLinux 10 : pcs (ALSA-2026:2438)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:2438 advisory. lodash: prototype pollution in .unset and .omit functions CVE-2025-13465 Tenable has extracted the preceding description block directly from the AlmaLinux securit...

RHEL 10 : pcs (RHSA-2026:2438)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:2438 advisory. The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: lodash: prototype pollution i...

EUVD-2020-2438

Malware in sbrugna...

CVE-2009-2438

Cross-site scripting XSS vulnerability in index.php in the search module in ClanSphere 2009.0 and 2009.0.2 allows remote attackers to inject arbitrary web script or HTML via the text parameter in a list action. NOTE: this might overlap CVE-2008-1399...

CVE-2007-2438

creationtimestamp| type| source ---|---|--- 2025-04-10 19:09:41+00:00| seen| https://gist.github.com/eduardoarakaki/a203f83ced3b0992af6de67c2eeeb7a3...

Oracle Linux 9 : pam (ELSA-2024-2438)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-2438 advisory. - pamnamespace: protectdir: use ODIRECTORY to prevent local DoS situations. CVE-2024-22365. Resolves: RHEL-21244 Tenable has extracted the preceding description...

RHEL 9 : pam (RHSA-2024:2438)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2438 advisory. Pluggable Authentication Modules PAM provide a system to set up authentication policies without the need to recompile programs to handle...

CVE-2023-2438

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'userprosaveuserdata' function. This makes it possible for unauthenticated attackers to update the user meta and inject...

CVE-2023-2438

CVE-2023-2438 : A CSRF flaw in the WordPress plugin UserPro (WordPress,

WordPress Userpro Plugin <= 5.1.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Userpro Type Plugin Vulnerable versions = 5.1.0 Fixed in 5.1.1 OWASP Top 10 A8: Cross Site Request Forgery CSRF Classification Cross Site Request Forgery CSRF CVE CVE-2023-2438 Patch priority Low CVSS severity Low 6.1 Developer Claim ownership PSID c77096ae6f7c Credits István Márton...

K49405623: Linux vulnerability CVE-2002-2438

Security Advisory Description TCP firewalls could be circumvented by sending a SYN Packets with other flags like e.g. RST flag set, which was not correctly discarded by the Linux TCP stack after firewalling. CVE-2002-2438 Impact There is no impact; F5 products are not affected by this...

SUSE CVE-2007-2653

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-2438. Reason: This candidate is a duplicate of CVE-2007-2438. Notes: All CVE users should reference CVE-2007-2438 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage...

SUSE CVE-2014-2438

Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication...

CVE-2022-2438

creationtimestamp| type| source ---|---|--- 2022-09-06 22:13:16+00:00| seen| https://t.me/cibsecurity/49329...

CVE-2022-2438

The Broken Link Checker plugin for WordPress is vulnerable to deserialization of untrusted input via the '$logfile' value in versions up to, and including 1.11.16. This makes it possible for authenticated attackers with administrative privileges and above to call files using a PHAR wrapper that...

CVE-2022-2438

The CVE-2022-2438 entry concerns the WordPress Broken Link Checker plugin (versions up to 1.11.16). Root cause: deserialization of untrusted input via the '$log_file' value, which can be used with a PHAR wrapper to deserialize data and call arbitrary PHP objects. This requires an authenticated at...

Ubuntu: Security Advisory (USN-2438-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2014-0239)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Sourcing (CVE-2021-2438)

Summary An Oracle Database Server security vulnerability has been addressed in IBM Emptoris Sourcing. Vulnerability Details CVEID: CVE-2021-2438 DESCRIPTION: An unspecified vulnerability in Oracle Database Server related to the Java VM component could allow an authenticated attacker to cause a...