Lista CVE 2023/49xxx

CVE nel gruppo: 49xxx

CVE-2023-49052 (N/A)

CVE-2023-49058 (N/A)

CVE-2023-49060 (Directory Traversal vulnerability in SAP Master Data Governance)

CVE-2023-49061 (N/A)

CVE-2023-49062 (N/A)

CVE-2023-49068 (N/A)

CVE-2023-49069 (Apache DolphinScheduler: Information Leakage Vulnerability)

CVE-2023-49070 (N/A)

CVE-2023-49073 (Pre-auth RCE in Apache Ofbiz 18.12.09 due to XML-RPC still present)

CVE-2023-49074 (N/A)

CVE-2023-49075 (N/A)

CVE-2023-49076 (Pimcore Admin UI has Two Factor Authentication disabled for non admin security firewalls)

CVE-2023-49077 (Pimcore missing token/header to prevent CSRF)

CVE-2023-49078 (mailcow-dockerized XSS Vulnerability in Quarantine UI Allows Unauthorized Access and Data Manipulation)

CVE-2023-49079 (Cross-Site Scripting vulnerability in raptor-web 0.4.4)

CVE-2023-49080 (Misskey’s missing signature validation allows arbitrary users to impersonate any remote user.)

CVE-2023-49081 (Jupyter Server errors include tracebacks with path information)

CVE-2023-49082 (aiohttp’s ClientSession is vulnerable to CRLF injection via version)

CVE-2023-49083 (aiohttp’s ClientSession is vulnerable to CRLF injection via method)

CVE-2023-49084 (cryptography vulnerable to NULL-dereference when loading PKCS7 certificates)

CVE-2023-49085 (Local File Inclusion (RCE) in Cacti)

CVE-2023-49086 (Cacti SQL Injection vulnerability)

CVE-2023-49087 (Cacti is vulnerable to cross-Site scripting (XSS) DOM)

CVE-2023-49088 (Validation of SignedInfo)

CVE-2023-49089 (Cacti has incomplete fix for CVE-2023-39515)

CVE-2023-49090 (Umbraco CMS possible path traversal when creating packages from backoffice)

CVE-2023-49091 (CarrierWave has a content-type allowlist bypass vulnerability, possibly leading to XSS)

CVE-2023-49092 (Jwttoken in Cosmos server never expires after password changed and logging out)

CVE-2023-49093 (RustCrypto/RSA vulnerable to a Marvin Attack via key recovery through timing sidechannels)

CVE-2023-49094 (HtmlUnit vulnerable to Remote Code Execution (RCE) via XSTL)

CVE-2023-49095 (Symbolicator Server Side Request Forgery vulnerability)

CVE-2023-49096 (nexkey allows arbitrary users to impersonate any remote user due to missing signature validation)

CVE-2023-49097 (Argument Injection in FFmpeg codec parameters in Jellyfin)

CVE-2023-49098 (ZITADEL vulnerable account takeover via malicious host header injection)

CVE-2023-49099 (Reaction data for user notifications exposed in Discourse-reactions)

CVE-2023-49100 (Discourse secure uploads accessible to guests even when login is required)

CVE-2023-49101 (N/A)

CVE-2023-49102 (N/A)

CVE-2023-49103 (N/A)

CVE-2023-49104 (N/A)