Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
arcgis vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2021-29097
Multiple buffer overflow vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and previous versions) and ArcGIS Pro 2.7 (and previous versions) allow an unauthenticated malicious user to achieve arbitrary code execution in...
Esri Arcgis
Esri Arcgis Pro
Esri Arcreader
Esri Arcmap
7.8
CVSSv3
CVE-2021-29098
Multiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and previous versions) and ArcGIS Pro 2.7 (and previous versions) allow an unauthenticated malicious user to achieve arbitrary code execut...
Esri Arcgis
Esri Arcgis Pro
Esri Arcreader
Esri Arcmap
6.1
CVSSv3
CVE-2023-25829
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and 10.9.1 that may allow a remote, unauthenticated malicious user to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.
Esri Portal For Arcgis 10.9.1
Esri Portal For Arcgis 11.0
7.8
CVSSv3
CVE-2021-29096
A use-after-free vulnerability when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and previous versions) and ArcGIS Pro 2.7 (and previous versions) allows an unauthenticated malicious user to achieve arbitrary code execution in the cont...
Esri Arcgis Pro
Esri Arcreader
Esri Arcgis Engine
Esri Arcmap
6.1
CVSSv3
CVE-2022-38204
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which may allow a remote, unauthenticated malicious user to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.
Esri Portal For Arcgis 10.8.1
Esri Portal For Arcgis 10.7.1
6.1
CVSSv3
CVE-2022-38207
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which may allow a remote remote, unauthenticated malicious user to create a crafted link which when clicked which could execute arbitrary JavaScript code in the victim’s browser.
Esri Portal For Arcgis 10.8.1
Esri Portal For Arcgis 10.7.1
NA
CVE-2007-4278
Stack-based buffer overflow in the giomgr process in ESRI ArcSDE service 9.2, as used with ArcGIS, allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via a large number that requires more than 8 bytes to represent in ASCII, whic...
Esri Arcgis
NA
CVE-2007-1770
Buffer overflow in the ArcSDE service (giomgr) in Environmental Systems Research Institute (ESRI) ArcGIS prior to 9.2 Service Pack 2, when using three tiered ArcSDE configurations, allows remote malicious users to cause a denial of service (giomgr crash) and execute arbitrary cod...
Esri Arcgis
1 EDB exploit
NA
CVE-2013-5222
Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Server 10.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Esri Arcgis 10.1
5.3
CVSSv3
CVE-2021-29099
A SQL injection vulnerability exists in some configurations of ArcGIS Server versions 10.8.1 and previous versions. Specially crafted web requests can expose information that is not intended to be disclosed (not customer datasets). Web Services that use file based data sources (f...
Esri Arcgis Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »