81 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-4395
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap-based buffer overflow in the KCAPI ECC code path of wceccimportx963ex in wolfSSL wolfcrypt allows a remote attacker to write attacker-controlled data past...
CVE-2026-4395 Heap-based buffer overflow in wc_ecc_import_x963_ex KCAPI path
Heap-based buffer overflow in the KCAPI ECC code path of wceccimportx963ex in wolfSSL wolfcrypt allows a remote attacker to write attacker-controlled data past the bounds of the pubkeyraw buffer via a crafted oversized EC public key point. The WOLFSSLKCAPIECC code path copies the input to...
EUVD-2026-4395
In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix a memory leak in tpm2loadcmd 'tpm2loadcmd' allocates a tempoary blob indirectly via 'tpm2keydecode' but it is not freed in the failure paths. Address this by wrapping the blob into with a cleanup helper...
CVE-2023-4395
Cross-site Scripting XSS - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.4...
Debian dla-4395 : krita - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4395 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4395-1 [email protected] https://www.debian.org/lts/security/...
DLA-4395-1 krita - security update
Bulletin has no description...
CVE-2025-4395
Medtronic MyCareLink Patient Monitor has a built-in user account with an empty password, which allows an attacker with physical access to log in with no password and access modify system functionality. This issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025...
CVE-2025-4395
Medtronic MyCareLink Patient Monitor has a built-in user account with an empty password, which allows an attacker with physical access to log in with no password and access modify system functionality. This issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025...
CVE-2025-4395 Medtronic MyCareLink Patient Monitor Empty Password Vulnerability
Medtronic MyCareLink Patient Monitor has a built-in user account with an empty password, which allows an attacker with physical access to log in with no password and access modify system functionality. This issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025...
CVE-2025-4395
Medtronic MyCareLink Patient Monitor (models 24950/24952) is affected by CVE-2025-4395 due to a built-in user account with an empty password, enabling a physically present attacker to log in without authentication and modify system functionality. Affected component: built-in user account on the d...
CVE-2022-4395
The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE...
CVE-2018-4395
This issue was addressed with improved checks. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5...
CVE-2009-4395
Cross-site scripting XSS vulnerability in the Random Prayer 2 steprayer2 extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2024-4395 Lack of Client Validation in Jamf Compliance Editor's Helper Service May Result in Privilege Escalation
The XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on macOS can lead to local privilege escalation...
CVE-2024-4395 Lack of Client Validation in Jamf Compliance Editor's Helper Service May Result in Privilege Escalation
The XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on macOS can lead to local privilege escalation...
CGA-4395-8975-MGHJ
Bulletin has no description...
CVE-2022-4395
creationtimestamp| type| source ---|---|--- 2023-11-27 23:59:07+00:00| seen| https://t.me/arpsyndicate/615 2024-09-19 15:32:04+00:00| published-proof-of-concept| Telegram/M-RM6JUeRS-yLbXH47dffFKYpTJTdkiqAiI6xYlcLmjs7Mv7LQ 2024-09-19 15:32:09+00:00| published-proof-of-concept|...
CVE-2023-4395
Cockpit XSS vulnerability (CVE-2023-4395) affects cockpit-hq/cockpit prior to version 2.6.4. The issue is a Stored XSS in the web UI, caused by input not being properly escaped in templates, allowing an authenticated attacker to inject JavaScript into Cockpit pages (Veracode description). Public ...
CVE-2023-4395 Cross-site Scripting (XSS) - Stored in cockpit-hq/cockpit
Cross-site Scripting XSS - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.4...
CVE-2023-4395 Cross-site Scripting (XSS) - Stored in cockpit-hq/cockpit
Cross-site Scripting XSS - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.4...