{"vulnerability": "CVE-2022-3819", "sightings": [{"uuid": "f1d3f175-f112-4ff4-9ba4-df2273a5b154", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38199", "type": "seen", "source": "https://t.me/cibsecurity/52049", "content": "\u203c CVE-2022-38199 \u203c\n\nA remote file download issue can occur in some capabilities of Esri ArcGIS Server web services that may in some edge cases allow a remote, unauthenticated attacker to induce an unsuspecting victim to launch a process in the victim's PATH environment. Current browsers provide users with warnings against running unsigned executables downloaded from the internet.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-25T20:40:44.000000Z"}, {"uuid": "1576e3c0-17f4-404c-aedf-b4507806a609", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38198", "type": "seen", "source": "https://t.me/cibsecurity/52029", "content": "\u203c CVE-2022-38198 \u203c\n\nThere is a reflected cross site scripting issue in the Esri ArcGIS Server services directory versions 10.9.1 and below that may allow a remote, unauthenticated attacker to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim\u00e2\u20ac\u2122s browser.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-25T20:26:57.000000Z"}, {"uuid": "2a56dacf-1d3d-4717-8867-fd06a8ec6655", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38196", "type": "seen", "source": "https://t.me/cibsecurity/52059", "content": "\u203c CVE-2022-38196 \u203c\n\nEsri ArcGIS Server versions 10.9.1 and prior have a path traversal vulnerability that may result in a denial of service by allowing a remote, authenticated attacker to overwrite internal ArcGIS Server directory.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-25T20:47:01.000000Z"}, {"uuid": "34eac405-f506-476f-b6e3-31c01f4e3ef5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38194", "type": "seen", "source": "https://t.me/cibsecurity/48230", "content": "\u203c CVE-2022-38194 \u203c\n\nIn Esri Portal for ArcGIS versions 10.8.1, a system property is not properly encrypted. This may lead to a local user reading sensitive information from a properties file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-16T21:23:19.000000Z"}, {"uuid": "c28c771f-2db6-46fc-96a6-f8e1ee49731d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3819", "type": "seen", "source": "https://t.me/cibsecurity/52801", "content": "\u203c CVE-2022-3819 \u203c\n\nAn improper authorization issue in GitLab CE/EE affecting all versions from 15.0 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a malicious users to set emojis on internal notes they don't have access to.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-10T02:46:56.000000Z"}, {"uuid": "592bea35-ecac-48df-bdae-550bae60f3ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38193", "type": "seen", "source": "https://t.me/cibsecurity/48229", "content": "\u203c CVE-2022-38193 \u203c\n\nThere is a code injection vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below that may allow a remote, unauthenticated attacker to pass strings which could potentially cause arbitrary code execution in a victims browser.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-16T21:23:18.000000Z"}, {"uuid": "724f7c13-8e9f-4055-a355-4228369fd5fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38191", "type": "seen", "source": "https://t.me/cibsecurity/48193", "content": "\u203c CVE-2022-38191 \u203c\n\nThere is an HTML injection issue in Esri Portal for ArcGIS versions 10.9.0 and below which may allow a remote, authenticated attacker to inject HTML into some locations in the home application.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-16T00:38:33.000000Z"}, {"uuid": "6e1c247c-43d9-4a49-afed-f640eaca71a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38190", "type": "seen", "source": "https://t.me/cibsecurity/48188", "content": "\u203c CVE-2022-38190 \u203c\n\nA stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS configurable apps may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user\u00c3\u00a2\u00e2\u201a\u00ac\u00e2\u201e\u00a2s browser\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-16T00:38:25.000000Z"}]}