Pagina 2 – Azienda Sicura

Lista CVE 2023/41xxx

CVE-2023-41040 (Sandbox escape via various forms of “format” in RestrictedPython)

CVE-2023-41041 (GitPython blind local file inclusion)

CVE-2023-41042 (User session is still usable after logout in graylog2-server )

CVE-2023-41043 (Discourse DoS via remote theme assets)

CVE-2023-41044 (Discourse DoS via SvgSprite cache)

CVE-2023-41045 (Partial path traversal vulnerability in Support Bundle feature of Graylog)

CVE-2023-41046 (Insecure source port usage for DNS queries in Graylog)

CVE-2023-41047 (Velocity execution without script rights in Xwiki platform)

CVE-2023-41048 (Improper Neutralization of Special Elements Used in a Template Engine in OctoPrint)

CVE-2023-41049 (plone.namedfile vulnerable to Stored Cross Site Scripting with SVG images)

CVE-2023-41050 (Improper Neutralization of Script in Attributes in @dcl/single-sign-on-client)

CVE-2023-41051 (Information disclosure through Python’s “format” functionality in Zope AccessControl)

CVE-2023-41052 (Default functions in VolatileMemory trait lack bounds checks in vm-memory)

CVE-2023-41053 (Vyper: incorrect order of evaluation of side effects for some builtins)

CVE-2023-41054 (Redis SORT_RO may bypass ACL configuration)

CVE-2023-41055 (LibreY Server-Side Request Forgery (SSRF) vulnerability in image_proxy.php)

CVE-2023-41056 (LibreY Server-Side Request Forgery (SSRF) vulnerability via wikipedia_language cookie)

CVE-2023-41057 (Redis vulnerable to integer overflow in certain payloads)

CVE-2023-41058 (Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) in hyper-bump-it)

CVE-2023-41060 (Trigger `beforeFind` not invoked in internal query pipeline in parse-server)

CVE-2023-41081 (Apache Tomcat: Open redirect with FORM authentication)