Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
esri arcgis vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-25831
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote, unauthenticated malicious user to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s brows...
Esri Portal For Arcgis 10.8.1
Esri Portal For Arcgis 10.7.1
Esri Portal For Arcgis 10.9.1
6.1
CVSSv3
CVE-2022-38200
A cross site scripting vulnerability exists in some map service configurations of ArcGIS Server versions 10.8.1 and 10.7.1. Specifically crafted web requests can execute arbitrary JavaScript in the context of the victim's browser.
Esri Arcgis Server 10.8.1
Esri Arcgis Server 10.7.1
6.1
CVSSv3
CVE-2021-29116
A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server feature services versions 10.8.1 and 10.9 (only) feature services may allow a remote, unauthenticated malicious user to pass and store malicious strings via crafted queries which when accessed could potential...
Esri Arcgis Server 10.9.0
Esri Arcgis Server 10.8.1
6.1
CVSSv3
CVE-2023-25829
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and 10.9.1 that may allow a remote, unauthenticated malicious user to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.
Esri Portal For Arcgis 10.9.1
Esri Portal For Arcgis 11.0
6.1
CVSSv3
CVE-2022-38204
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which may allow a remote, unauthenticated malicious user to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.
Esri Portal For Arcgis 10.8.1
Esri Portal For Arcgis 10.7.1
6.1
CVSSv3
CVE-2022-38207
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which may allow a remote remote, unauthenticated malicious user to create a crafted link which when clicked which could execute arbitrary JavaScript code in the victim’s browser.
Esri Portal For Arcgis 10.8.1
Esri Portal For Arcgis 10.7.1
NA
CVE-2007-4278
Stack-based buffer overflow in the giomgr process in ESRI ArcSDE service 9.2, as used with ArcGIS, allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via a large number that requires more than 8 bytes to represent in ASCII, whic...
Esri Arcgis
NA
CVE-2007-1770
Buffer overflow in the ArcSDE service (giomgr) in Environmental Systems Research Institute (ESRI) ArcGIS prior to 9.2 Service Pack 2, when using three tiered ArcSDE configurations, allows remote malicious users to cause a denial of service (giomgr crash) and execute arbitrary cod...
Esri Arcgis
1 EDB exploit
NA
CVE-2005-1394
Format string vulnerability in ArcGIS for ESRI ArcInfo Workstation 9.0 allows local users to gain privileges via format string specifiers in the ARCHOME environment variable to (1) wservice or (2) lockmgr.
Esri Arcgis 9.0
Esri Arcinfo Workstation 9.0
1 EDB exploit
NA
CVE-2012-4949
SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote authenticated users to execute arbitrary SQL commands via the where parameter to a query URI for a REST service.
Esri Arcgis 10.1
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »