Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
esri arcgis vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2021-29097
Multiple buffer overflow vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and previous versions) and ArcGIS Pro 2.7 (and previous versions) allow an unauthenticated malicious user to achieve arbitrary code execution in...
Esri Arcgis
Esri Arcgis Desktop
Esri Arcgis Pro
Esri Arcreader
605
VMScore
CVE-2021-29098
Multiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and previous versions) and ArcGIS Pro 2.7 (and previous versions) allow an unauthenticated malicious user to achieve arbitrary code execut...
Esri Arcgis
Esri Arcgis Desktop
Esri Arcgis Pro
Esri Arcreader
605
VMScore
CVE-2021-29096
A use-after-free vulnerability when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and previous versions) and ArcGIS Pro 2.7 (and previous versions) allows an unauthenticated malicious user to achieve arbitrary code execution in the cont...
Esri Arcgis Desktop
Esri Arcgis Pro
Esri Arcreader
Esri Arcgis Engine
NA
CVE-2022-38199
A remote file download issue can occur in some capabilities of Esri ArcGIS Server web services that may in some edge cases allow a remote, unauthenticated malicious user to induce an unsuspecting victim to launch a process in the victim's PATH environment. Current browsers p...
Esri Arcgis Server 10.7.1
Esri Arcgis Server 10.8.1
Esri Arcgis Server 10.9.1
383
VMScore
CVE-2014-9741
Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Desktop, ArcGIS for Engine, and ArcGIS for Server 10.2.2 and previous versions allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Esri Arcgis For Desktop
Esri Arcgis For Engine
Esri Arcgis For Server
935
VMScore
CVE-2012-1661
ESRI ArcMap 9 and ArcGIS 10.0.2.3200 and previous versions does not properly prompt users before executing embedded VBA macros, which allows user-assisted remote malicious users to execute arbitrary VBA code via a crafted map (.mxd) file.
Esri Arcgis
Esri Arcgis 9.0
Esri Arcmap 9.0
1 EDB exploit
668
VMScore
CVE-2013-7232
SQL injection vulnerability in ESRI ArcGIS for Server up to and including 10.2 allows remote malicious users to execute arbitrary SQL commands via unspecified input to the map or feature service.
Esri Arcgis 10.1
Esri Arcgis
312
VMScore
CVE-2013-5221
The mobile-upload feature in Esri ArcGIS for Server 10.1 up to and including 10.2 allows remote authenticated users to upload .exe files by leveraging (1) publisher or (2) administrator privileges.
Esri Arcgis 10.2
Esri Arcgis 10.1
312
VMScore
CVE-2013-7231
Cross-site scripting (XSS) vulnerability in the Mobile Content Server in ESRI ArcGIS for Server 10.1 and 10.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-5222.
Esri Arcgis 10.1
Esri Arcgis 10.2
NA
CVE-2023-25830
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote, unauthenticated malicious user to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s brows...
Esri Portal For Arcgis 10.8.1
Esri Portal For Arcgis 10.7.1
Esri Portal For Arcgis 10.9.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »