RHSA-2026:4243 Red Hat Security Advisory: kernel security update

Bulletin has no description...

📄 macOS 10.13.4 (17E199) fgetattrlist Heap Overflow

Proof of concept Metasploit module that exploits a macOS version 10.13.4 heap overflow vulnerability. A kernel heap overflow exists in fgetattrlist due to missing lower-bound buffer size validation when writing returned attributes to caller-supplied memory...

📄 macOS 10.13.4 (17E199) fgetattrlist Heap Overflow

CVE-2018-4243 is a critical kernel heap overflow vulnerability in macOS and iOS affecting the fgetattrlist system call. The vulnerability allows local attackers to trigger kernel heap corruption, potentially leading to kernel panic, privilege escalation, or arbitrary code execution. This particul...

EUVD-2026-4243

An improper certificate validation vulnerability exists in ToDesktop Builder v0.32.1 This vulnerability allows an unauthenticated, on-path attacker to spoof backend responses by exploiting insufficient certificate validation...

MiracleLinux 7 : rsyslog-8.24.0-38.el7 (AXSA:2019-4243:02)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-4243:02 advisory. rsyslog: imptcp: integer overflow when Octet-Counted TCP Framing is enabled CVE-2018-16881 Tenable has extracted the preceding description block directly fro...

MiracleLinux 4 : kernel-2.6.32-71.18.1.el6 (AXSA:2011-80:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-80:02 advisory. The kernel package contains the Linux kernel vmlinuz, the core of any Linux operating system. The kernel handles the basic functions of the operating...

DLA-4243-1 batik - security update

Bulletin has no description...

CVE-2022-4243

The ImageInject WordPress plugin through 1.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2006-4243

linux vserver 2.6 before 2.6.17 suffers from privilege escalation in remount code...

CVE-2025-4243

A vulnerability, which was classified as critical, has been found in code-projects Online Bus Reservation System 1.0. Affected by this issue is some unknown functionality of the file /print.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The...

CVE-2025-4243

creationtimestamp| type| source ---|---|--- 2025-05-03 19:17:10+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/14703 2025-05-03 19:41:56+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3loc2vuyvd7s2 2025-05-03...

CVE-2025-4243 code-projects Online Bus Reservation System print.php sql injection

A vulnerability, which was classified as critical, has been found in code-projects Online Bus Reservation System 1.0. Affected by this issue is some unknown functionality of the file /print.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The...

Oracle Linux 8 : python3 (ELSA-2024-4243)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-4243 advisory. 3.12.3-2 - Enable importing of hash-based .pyc files under FIPS mode Resolves: RHEL-40776 3.12.3-1 - Update to 3.12.3 Related: RHEL-33685 3.12.2-3 - Move all te...

AlmaLinux 8 : python3 (ALSA-2024:4243)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:4243 advisory. python: The zipfile module is vulnerable to zip-bombs leading to denial of service CVE-2024-0450 Tenable has extracted the preceding description block directly fro...

CVE-2024-4243 Tenda W9 wifiSSIDset formwrlSSIDset stack-based overflow

A vulnerability classified as critical has been found in Tenda W9 1.0.0.74456. Affected is the function formwrlSSIDset of the file /goform/wifiSSIDset. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has be...

CVE-2019-4243

creationtimestamp| type| source ---|---|--- 2024-02-26 17:47:22+00:00| seen| https://t.me/ctinow/193577...

CVE-2023-4243

The FULL - Customer plugin for WordPress is vulnerable to Arbitrary File Upload via the /install-plugin REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authenticated attackers with subscriber-level permissions and above to execute code by installing...

CVE-2023-4243 FULL - Customer <= 2.2.3 - Authenticated(Subscriber+) Improper Authorization to Arbitrary Plugin Installation

The FULL - Customer plugin for WordPress is vulnerable to Arbitrary File Upload via the /install-plugin REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authenticated attackers with subscriber-level permissions and above to execute code by installing...

WordPress FULL Customer Plugin <= 2.2.3 is vulnerable to Broken Access Control

Software FULL Customer Type Plugin Vulnerable versions = 2.2.3 Fixed in 2.3 OWASP Top 10 A6: Security Misconfiguration Classification Broken Access Control CVE CVE-2023-4243 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 72dc4e55ce85 Credits Ramuel Gall Required privile...

Fedora: Security Advisory for sympa (FEDORA-2023-419ca55dd3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...