Lista CVE 2023/49xxx

CVE nel gruppo: 49xxx

CVE-2023-49085 (N/A)

CVE-2023-49086 (Cacti SQL Injection vulnerability)

CVE-2023-49087 (Cacti is vulnerable to cross-Site scripting (XSS) DOM)

CVE-2023-49088 (Validation of SignedInfo)

CVE-2023-49089 (Cacti has incomplete fix for CVE-2023-39515)

CVE-2023-49090 (Umbraco CMS possible path traversal when creating packages from backoffice)

CVE-2023-49091 (CarrierWave has a content-type allowlist bypass vulnerability, possibly leading to XSS)

CVE-2023-49092 (Jwttoken in Cosmos server never expires after password changed and logging out)

CVE-2023-49093 (RustCrypto/RSA vulnerable to a Marvin Attack via key recovery through timing sidechannels)

CVE-2023-49094 (HtmlUnit vulnerable to Remote Code Execution (RCE) via XSTL)

CVE-2023-49095 (Symbolicator Server Side Request Forgery vulnerability)

CVE-2023-49096 (nexkey allows arbitrary users to impersonate any remote user due to missing signature validation)

CVE-2023-49097 (Argument Injection in FFmpeg codec parameters in Jellyfin)

CVE-2023-49098 (ZITADEL vulnerable account takeover via malicious host header injection)

CVE-2023-49099 (Reaction data for user notifications exposed in Discourse-reactions)

CVE-2023-49100 (Discourse secure uploads accessible to guests even when login is required)

CVE-2023-49101 (N/A)

CVE-2023-49102 (N/A)

CVE-2023-49103 (N/A)

CVE-2023-49104 (N/A)

CVE-2023-49105 (N/A)

CVE-2023-49106 (N/A)

CVE-2023-49107 (Missing Password Field Masking Vulnerability in Hitachi Device Manager)

CVE-2023-49108 (Generation of Error Message Containing Sensitive Information Vulnerability in Hitachi Device Manager)

CVE-2023-49109 (N/A)

CVE-2023-49110 (Remote Code Execution in Apache Dolphinscheduler)

CVE-2023-49111 (XML External Entity Injection in Kiuwan SAST)

CVE-2023-49112 (Reflected Cross-Site-Scripting in Kiuwan SAST)

CVE-2023-49113 (Insecure Direct Object Reference in Kiuwan SAST)

CVE-2023-49114 (Sensitive Data Stored Insecurely in Kiuwan SAST Local Analyzer)

CVE-2023-49115 (Local Privilege Escalation via DLL Hijacking)

CVE-2023-49117 (MachineSense FeverWarn Missing Authentication for Critical Function)

CVE-2023-49118 (N/A)

CVE-2023-49119 (Dsoftbus has an out-of-bounds read vulnerability)

CVE-2023-49121 (N/A)

CVE-2023-49122 (N/A)

CVE-2023-49123 (N/A)

CVE-2023-49124 (N/A)

CVE-2023-49125 (N/A)

CVE-2023-49126 (N/A)

CVE-2023-49127 (N/A)

CVE-2023-49128 (N/A)

CVE-2023-49129 (N/A)

CVE-2023-49130 (N/A)

CVE-2023-49131 (N/A)

CVE-2023-49132 (N/A)

CVE-2023-49133 (N/A)

CVE-2023-49134 (N/A)

CVE-2023-49135 (N/A)

CVE-2023-49140 (multimedia player has a UAF vulnerability)

CVE-2023-49141 (N/A)

CVE-2023-49142 (N/A)

CVE-2023-49143 (multimedia audio has a UAF vulnerability)

CVE-2023-49144 (N/A)

CVE-2023-49145 (N/A)

CVE-2023-49146 (Apache NiFi: Improper Neutralization of Input in Advanced User Interface for Jolt)

CVE-2023-49147 (N/A)

CVE-2023-49148 (N/A)

CVE-2023-49149 (WordPress Affiliate Booster – Pros & Cons, Notice, and CTA Blocks for Affiliates Plugin <= 3.0.5 is vulnerable to Cross Site Request Forgery (CSRF))

CVE-2023-49150 (WordPress Currency Converter Calculator Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS))