GHSA-4HGW-F49W-4349 vulnerabilities

Vulnerabilities for packages: chromium...

CVE-2026-4349

A vulnerability was determined in Duende IdentityServer4 up to 4.1.2. The affected element is an unknown function of the file /connect/authorize of the component Token Renewal Endpoint. This manipulation of the argument idtokenhint causes improper authentication. It is possible to initiate the...

MiracleLinux 7 : java-11-openjdk-11.0.5.10-0.el7 (AXSA:2019-4349:04)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-4349:04 advisory. OpenJDK: Improper handling of Kerberos proxy credentials Kerberos, 8220302 CVE-2019-2949 OpenJDK: Unexpected exception thrown during regular...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004349)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004349 advisory. An issue was discovered in the Linux kernel before 5.6.5. There is a use-after-free in block/bfq-iosched.c related to bfqidleslicetimerbody. Tenable has extracted th...

CGA-PCWJ-4349-3CP5

Bulletin has no description...

EUVD-2018-4349

Malware in sbrugna...

CVE-2022-4349

A vulnerability classified as problematic has been found in CTF-hacker pwn. This affects an unknown part of the file delete.html. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The...

CVE-2025-4349

creationtimestamp| type| source ---|---|--- 2025-05-06 12:20:55+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/15096 2025-05-06 14:21:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3loj3eoi4xy2h 2025-05-06 16:09:26+00:00| seen|...

CVE-2021-4349

The Process Steps Template Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This makes it possible for unauthenticated attackers to conduct unspecified attacks via forged request granted they can trick a site administrator into...

Oracle Linux 9 : kernel (ELSA-2024-4349)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-4349 advisory. - xen-netfront: Add missing skbmarkforrecycle Vitaly Kuznetsov RHEL-37626 RHEL-36573 CVE-2024-27393 - net/mlx5e: fix a potential double-free in...

CVE-2024-4349

A vulnerability has been found in SourceCodester Pisay Online E-Learning System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /lesson/controller.php. The manipulation of the argument file leads to unrestricted upload. The attack can be...

CVE-2024-4349 SourceCodester Pisay Online E-Learning System controller.php unrestricted upload

A vulnerability has been found in SourceCodester Pisay Online E-Learning System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /lesson/controller.php. The manipulation of the argument file leads to unrestricted upload. The attack can be...

openSUSE: Security Advisory for chromium (openSUSE-SU-2023:0234-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE 15 Security Update : opera (openSUSE-SU-2023:0251-1)

The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0251-1 advisory. - Use after free in Offline in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process...

KLA61310 Multiple vulnerabilities in Opera

Multiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, spoof user interface. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in Audio can be exploited to cause denial of servi...

Chromium: CVE-2023-4349 Use after free in Device Trust Connectors

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Debian: Security Advisory (DSA-5479-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-5479-1 : chromium - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5479 advisory. Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. For...

CVE-2023-4349

creationtimestamp| type| source ---|---|--- 2023-08-17 15:06:22+00:00| seen| https://t.me/truesecator/4742...

CVE-2023-4349

CVE-2023-4349 : Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96. A remote attacker could potentially exploit heap corruption via a crafted HTML page. Affected product is Chrome (Chromium-based). The issue is addressed by updating to the latest Chrome/Chromium bui...