Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
arcgis vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2015-2002
The ESRI ArcGis Runtime SDK prior to 10.2.6-2 for Android might allow malicious users to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.
Esri Arcgisruntime Sdk
NA
CVE-2024-25690
There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.1 and below that may allow a remote, unauthenticated malicious user to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser.
NA
CVE-2024-25695
There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions <= 11.2 that may allow a remote, authenticated malicious user to provide input that is not sanitized properly and is rendered in error messages. The are no privileges required to execute this attack...
NA
CVE-2024-25696
There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions <=11.0 that may allow a remote, authenticated malicious user to create a crafted link which when accessing the page editor an image will render in the victim’s browser. The privileges required...
NA
CVE-2024-25698
There is a reflected cross site scripting vulnerability in the home application in Esri Portal for ArcGIS 11.1 and below on Windows and Linux that allows a remote, unauthenticated malicious user to create a crafted link which when clicked could potentially execute arbitrary JavaS...
3.4
CVSSv3
CVE-2023-25840
There is a Cross-site Scripting vulnerability in ArcGIS Server in versions 10.8.1 – 11.1 that may allow a remote, authenticated malicious user to create a crafted link which onmouseover wont execute but could potentially render an image in the victims browser. The privileg...
Esri Arcgis Server
NA
CVE-2024-25697
There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions <=11.1 that may allow a remote, authenticated malicious user to create a crafted link which when opening an authenticated users bio page will render an image in the victims browser. The privileges ...
NA
CVE-2024-25692
There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.1 and below that may in some cases allow a remote, unauthenticated malicious user to trick an authorized user into executing unwanted actions via a crafted form. The impact to Confidentiali...
NA
CVE-2024-25708
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Web App Builder versions 10.8.1 – 10.9.1 that may allow a remote, authenticated malicious user to create a crafted link which when clicked could potentially execute arbitrary JavaScrip...
7
CVSSv3
CVE-2023-25839
There is SQL injection vulnerability in Esri ArcGIS Insights Desktop for Mac and Windows version 2022.1 that may allow a local, authorized malicious user to execute arbitrary SQL commands against the back-end database. The effort required to generate the crafted input required t...
Esri Arcgis Insights 2022.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9