Lucene search
K

12 matches found

Snyk
Snyk
added 2023/12/12 8:52 p.m.1 views

Exposure of Sensitive Information

Overview Affected versions of this package are vulnerable to Exposure of Sensitive Information via a brute force attack. An attacker can collect valid usernames by repeatedly attempting to authenticate with different usernames. Remediation Upgrade Umbraco.Cms to version 10.8.1, 12.3.4 or higher...

5.3CVSS6.9AI score0.005EPSS
Exploits0References2
OSV
OSV
added 2022/12/29 8:15 p.m.4 views

CVE-2022-38207

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which may allow a remote remote, unauthenticated attacker to create a crafted link which when clicked which could execute arbitrary JavaScript code in the victim’s browser...

6.1CVSS6AI score0.00494EPSS
Exploits0References1
OSV
OSV
added 2022/12/29 8:15 p.m.5 views

CVE-2022-38203

Protections against potential Server-Side Request Forgery SSRF vulnerabilities in Esri Portal for ArcGIS versions 10.8.1 and below were not fully honored and may allow a remote, unauthenticated attacker to forge requests to arbitrary URLs from the system, potentially leading to network enumeratio...

7.5CVSS5.9AI score0.0074EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/08/16 12:0 a.m.5 views

Esri Portal For ArcGis 安全漏洞

Esri Portal For ArcGis is a component from Esri, Inc. that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. A security vulnerability exists in Portal for ArcGIS version 10.8.1 and earlier, which stems from the presence of an...

7.5CVSS7.5AI score0.00851EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/08/15 12:0 a.m.4 views

Esri Portal For ArcGis 跨站脚本漏洞

Esri Portal For ArcGis is a component of Esri, Inc. that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. A security vulnerability exists in Esri Portal For ArcGis versions 10.8.1 and earlier, which stems from the presence of a...

7.1CVSS7AI score0.00491EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/01/31 12:0 a.m.7 views

PT-2022-9908 · Esri · Esri Arcreader

Name of the Vulnerable Software and Affected Versions: Esri ArcReader versions 10.8.1 and earlier Description: An out-of-bounds read issue exists when parsing a specially crafted file, allowing an unauthenticated attacker to induce an information disclosure issue in the context of the current use...

5.5CVSS3.8AI score0.00331EPSS
Exploits0References4
OSV
OSV
added 2022/01/30 2:15 a.m.9 views

CVE-2022-22919

Adenza AxiomSL ControllerView through 10.8.1 allows redirection for SSO login URLs...

6.1CVSS5.8AI score0.00621EPSS
Exploits1References1
NCSC
NCSC
added 2021/07/12 12:0 a.m.6 views

Vulnerabilities fixed in Esri ArcGIS Server

Esri has fixed vulnerabilities in ArcGIS Server. A malicious party could exploit the vulnerabilities to perform of a Same-Site Request Forgery SSRF or Cross-Site Scripting XSS attack. The latter can lead to the execution of arbitrary script code in the browser used to visit the application visite...

7.3AI score
Exploits0
OSV
OSV
added 2021/07/11 2:15 a.m.5 views

CVE-2021-29103

A reflected Cross Site Scripting XXS vulnerability in ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser...

6.1CVSS6.6AI score0.00744EPSS
Exploits0References1
OSV
OSV
added 2021/05/05 7:15 p.m.2 views

CVE-2021-29101

ArcGIS GeoEvent Server versions 10.8.1 and below has a read-only directory path traversal vulnerability that could allow an unauthenticated, remote attacker to perform directory traversal attacks and read arbitrary files on the system...

7.5CVSS5.9AI score0.0229EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/04/20 12:0 a.m.3 views

PT-2021-16751

Name of the Vulnerable Software and Affected Versions AdTran Personal Phone Manager version 10.8.1 Description The issue allows for exfiltration of data over DNS, potentially enabling exposed AdTran Personal Phone Manager web servers to be used as DNS redirectors to tunnel arbitrary data over DNS...

7.5CVSS7AI score0.13418EPSS
Exploits5References8
OSV
OSV
added 2019/01/09 11:29 p.m.3 views

CVE-2018-0704

Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via Keitai Screen...

7.5CVSS5.9AI score0.01947EPSS
Exploits0References2
Rows per page
Query Builder