{"vulnerability": "cve-2023-4929", "sightings": [{"uuid": "654d793c-9448-4d61-b879-201b13e5dfc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2023-49291", "type": "seen", "source": "https://gist.github.com/krstp/6674b8ed7627efed95a167a099a0b67b", "content": "", "creation_timestamp": "2025-03-18T15:27:29.000000Z"}, {"uuid": "423737b7-8811-46e7-bde5-6a3064322882", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49293", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3mihlnmjq6h2f", "content": "", "creation_timestamp": "2026-04-01T21:02:37.122036Z"}, {"uuid": "60ea0704-3c10-472b-af4b-8b6484563e3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49299", "type": "seen", "source": "https://t.me/cibsecurity/74035", "content": "\u203c\ufe0fCVE-2023-49299\u203c\ufe0f\n\nImproper Input Validation vulnerability in Apache DolphinScheduler. An\u00a0authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server.This issue affects Apache DolphinScheduler until 3.1.9.  Users are recommended to upgrade to version 3.1.9, which fixes the issue.  \n\n\ud83d\udcd6 Read more\n\nVia \"National Vulnerability Database\"", "creation_timestamp": "2023-12-31T01:32:20.000000Z"}, {"uuid": "c959de00-f02d-4a53-8116-3f4bac12be64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49299", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4345", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-49299\n\ud83d\udd25 CVSS Score: 8.7 (CVSS_V3)\n\ud83d\udd39 Description: Improper Input Validation vulnerability in Apache DolphinScheduler. An\u00a0authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server.This issue affects Apache DolphinScheduler: until 3.1.9.\n\nUsers are recommended to upgrade to version 3.1.9, which fixes the issue.\n\ud83d\udccf Published: 2023-12-30T18:30:37Z\n\ud83d\udccf Modified: 2025-02-13T19:30:08Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2023-49299\n2. https://github.com/apache/dolphinscheduler/pull/15228\n3. https://github.com/apache/dolphinscheduler/commit/b5eddc0ce85d379080a51bf2162477f7d8c1b7d2\n4. https://github.com/apache/dolphinscheduler\n5. https://lists.apache.org/thread/tnf99qoc6tlnwrny4t1zk6mfszgdsokm\n6. http://www.openwall.com/lists/oss-security/2024/02/23/3", "creation_timestamp": "2025-02-13T20:15:46.000000Z"}, {"uuid": "5dddd8e0-675b-4da5-a329-a48b2a2d019d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49298", "type": "seen", "source": "https://t.me/ctinow/155426", "content": "https://ift.tt/mSgCKNp\nCVE-2023-49298 | OpenZFS up to 2.1.13/2.2.1 /etc/hosts.deny access control (ID 15526)", "creation_timestamp": "2023-12-16T15:17:59.000000Z"}, {"uuid": "195f4c95-54ec-42c4-ba90-c0f10e0e35fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49299", "type": "seen", "source": "https://t.me/ctinow/170860", "content": "https://ift.tt/oyjEn6L\nCVE-2023-49299 | Apache DolphinScheduler up to 3.1.9 code injection", "creation_timestamp": "2024-01-21T15:16:15.000000Z"}, {"uuid": "0e18dd40-3993-4a89-8ff3-adbc21bf00cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4929", "type": "seen", "source": "https://t.me/cibsecurity/71510", "content": "\u203c CVE-2023-4929 \u203c\n\nAll firmware versions of the NPort 5000 Series are affected by an improper validation of integrity check vulnerability. This vulnerability results from insufficient checks on firmware updates or upgrades, potentially allowing malicious users to manipulate the firmware and gain control of devices.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-03T18:46:19.000000Z"}, {"uuid": "2491291d-aaa0-4e75-9b46-1a20444da42c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49292", "type": "seen", "source": "https://t.me/ctinow/158808", "content": "https://ift.tt/Nkqm7l1\nCVE-2023-49292 | ecies go 2.0.8 Encapsulate/Decapsulate/ECDH information disclosure (GHSA-8j98-cjfr-qx3h)", "creation_timestamp": "2023-12-23T13:11:28.000000Z"}, {"uuid": "9f0bc99e-9b95-4f8a-ae6d-4709dd78c93e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49295", "type": "seen", "source": "https://t.me/ctinow/174969", "content": "https://ift.tt/zYuyRVh\nCVE-2023-49295 | quic-go Path Validation denial of service", "creation_timestamp": "2024-01-28T15:26:38.000000Z"}, {"uuid": "59beb6bb-ae1a-407e-b34c-d78ef8a3771a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49291", "type": "seen", "source": "https://t.me/ctinow/158804", "content": "https://ift.tt/rg9cPdK\nCVE-2023-49291 | tj-actions branch-names up to 7.0.6 input validation (GHSA-8v8w-v8xg-79rf)", "creation_timestamp": "2023-12-23T12:41:37.000000Z"}, {"uuid": "9ca9a03d-dc18-478e-a5c7-1c4d66ba7f8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49299", "type": "seen", "source": "https://t.me/ctinow/160938", "content": "https://ift.tt/Ej9h34p\nCVE-2023-49299", "creation_timestamp": "2023-12-30T18:26:12.000000Z"}, {"uuid": "c34e7e6f-dcfe-4584-b5ef-2bb841d7aebf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49297", "type": "seen", "source": "https://t.me/ctinow/159037", "content": "https://ift.tt/WTjIk14\nCVE-2023-49297 | iterative PyDrive2 1.17.0 YAML deserialization (GHSA-v5f6-hjmf-9mc5)", "creation_timestamp": "2023-12-24T15:26:19.000000Z"}, {"uuid": "5c80b106-8cb9-4e98-a110-b25cbd57d68c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49295", "type": "seen", "source": "https://t.me/ctinow/166367", "content": "https://ift.tt/gfd1W3E\nCVE-2023-49295", "creation_timestamp": "2024-01-11T08:46:30.000000Z"}, {"uuid": "1419ebac-d9cf-4036-8a9b-126002d07ced", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49298", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9649", "content": "#exploit\n1. CVE-2023-51385:\nSSH ProxyCommand == unexpected code execution\nhttps://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html\n\n2. CVE-2023-49298:\nOpenZFS security bypass\nhttps://github.com/openzfs/zfs/pull/15571", "creation_timestamp": "2024-12-24T01:14:04.000000Z"}, {"uuid": "2e9d7005-df91-4442-8f81-e2acd3ea9254", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49296", "type": "seen", "source": "https://t.me/ctinow/165790", "content": "https://ift.tt/ptfRuwg\nCVE-2023-49296 | Arduino Create Agent up to 1.3.5 Web Interface /certificate.crt cross site scripting (GHSA-j5hc-wx84-844h)", "creation_timestamp": "2024-01-10T14:07:03.000000Z"}, {"uuid": "60c6477a-07b8-4860-ba9d-01916f44691f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2023-49290", "type": "published-proof-of-concept", "source": "https://github.com/lestrrat-go/jwx/security/advisories/GHSA-7f9x-gw85-8grf", "content": "", "creation_timestamp": "2023-12-03T07:27:59.000000Z"}, {"uuid": "c8e91b84-6b73-4661-aaef-ee7017bac106", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49298", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/2338", "content": "#exploit\n1. CVE-2023-51385:\nSSH ProxyCommand == unexpected code execution\nhttps://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html\n2. CVE-2023-49298:\nOpenZFS security bypass\nhttps://github.com/openzfs/zfs/pull/15571", "creation_timestamp": "2024-08-16T08:57:37.000000Z"}, {"uuid": "f465f7a0-f898-4c20-b2c6-d64e00e95cdd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2023-49293", "type": "published-proof-of-concept", "source": "https://github.com/vitejs/vite/security/advisories/GHSA-92r3-m2mg-pj97", "content": "", "creation_timestamp": "2023-12-04T22:07:59.000000Z"}, {"uuid": "7c3091b3-0a9b-4a07-a575-ae4a030d1332", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2023-49297", "type": "published-proof-of-concept", "source": "https://github.com/iterative/PyDrive2/security/advisories/GHSA-v5f6-hjmf-9mc5", "content": "", "creation_timestamp": "2023-12-05T13:13:17.000000Z"}]}