MINI-4397-8VFX-FQ46

Bulletin has no description...

CVE-2025-4397

Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials to modify encrypted drive data...

CVE-2026-4397

creationtimestamp| type| source ---|---|--- 2026-03-25 14:30:08+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mhvchgeqhw23...

XenServer Security Update for CVE-2026-4397

Severity: Medium Description of Problem An issue has been identified in XenServer 8.4 which, when starting a VM on a host with limited available memory, may allow a privileged user in that newly starting VM to access memory data of a previously terminated VM. This issue has the following...

EUVD-2026-4397

Cross-Site Request Forgery CSRF vulnerability in Timur Kamaev Kama Thumbnail kama-thumbnail allows Cross Site Request Forgery.This issue affects Kama Thumbnail: from n/a through = 3.5.1...

MiracleLinux 4 : libtar-1.2.11-17.AXS4.1 (AXSA:2014-078:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2014-078:01 advisory. libtar is a C library for manipulating tar archives. It supports both the strict POSIX tar format and many of the commonly-used GNU extensions. Security issue...

CVE-2009-4397

Cross-site scripting XSS vulnerability in the Diocese of Portsmouth Resources Database pdresources extension 0.1.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CGA-H4J4-4397-8RFH

Bulletin has no description...

CVE-2022-4397

A vulnerability was found in morontt zend-blog-number-2. It has been classified as problematic. Affected is an unknown function of the file application/forms/Comment.php of the component Comment Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack...

CVE-2024-4397

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'savepostmaterials' function in versions up to, and including, 4.2.6.5. This makes it possible for authenticated attackers, with Instructor-level permissio...

WordPress LearnPress Plugin <= 4.2.6.5 is vulnerable to Arbitrary File Upload

Software LearnPress Type Plugin Vulnerable versions = 4.2.6.5 Fixed in 4.2.6.6 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-4397 Patch priority Medium CVSS severity Medium 9.1 Developer Claim ownership PSID e486f6c14d9b Credits JoanClarke2 Required privilege...

CVE-2019-4397

creationtimestamp| type| source ---|---|--- 2024-01-27 10:41:42+00:00| seen| https://t.me/ctinow/174733...

Zyxel USG / ATP < 5.37 Buffer Overflow

Firmware version of the Zyxel USG or ATP device is less than 5.37. This means the Zyxel device is vulnerable to the following buffer overflow vulnerability: - A buffer overflow vulnerability could allow an authenticated local attacker with administrator privileges to cause denial-of-service DoS...

CVE-2023-4397

The CVE-2023-4397 issue is a buffer overflow in Zyxel ATP/USG firmware (5.37 primarily) that can be triggered by an authenticated local attacker with administrator privileges via crafted CLI strings, leading to DoS. Affected: Zyxel ATP series, USG FLEX series, USG FLEX 50(W), USG20(W)-VPN; root c...

CVE-2021-4397

The Staff Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6. This is due to missing or incorrect nonce validation on the saveCustomFields function. This makes it possible for unauthenticated attackers to save custom fields via ...

CVE-2021-4397 Staff Directory Plugin <= 3.6 - Cross-Site Request Forgery Bypass

The Staff Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6. This is due to missing or incorrect nonce validation on the saveCustomFields function. This makes it possible for unauthenticated attackers to save custom fields via ...

CVE-2021-4397

CVE-2021-4397 affects the WordPress Staff Directory Plugin up to version 3.6, where CSRF is possible due to missing/incorrect nonce validation in saveCustomFields(). Unauthenticated attackers could trigger saving custom fields by tricking an admin. Mitigation per connected data: update to a versi...

K16015326: libtar vulnerability CVE-2013-4397

Security Advisory Description Multiple integer overflows in the thread function in lib/block.c in libtar before 1.2.20 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long 1 name or 2 link in an archive, which triggers a heap-based buffer...

CVE-2022-4397

creationtimestamp| type| source ---|---|--- 2022-12-11 09:23:53+00:00| seen| https://t.me/cibsecurity/54258...

CVE-2022-4397

The CVE-2022-4397 entry concerns morontt zend-blog-number-2, where a vulnerability in the Comment Handler (file application/forms/Comment.php) allows cross-site request forgery. The issue arises from a manipulation of an unknown function in that file, with remote execution of the CSRF attack poss...