Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
arcgis vulnerabilities and exploits
(subscribe to this query)
935
VMScore
CVE-2012-1661
ESRI ArcMap 9 and ArcGIS 10.0.2.3200 and previous versions does not properly prompt users before executing embedded VBA macros, which allows user-assisted remote malicious users to execute arbitrary VBA code via a crafted map (.mxd) file.
Esri Arcgis
Esri Arcgis 9.0
Esri Arcmap 9.0
1 EDB exploit
383
VMScore
CVE-2021-29116
A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server feature services versions 10.8.1 and 10.9 (only) feature services may allow a remote, unauthenticated malicious user to pass and store malicious strings via crafted queries which when accessed could potential...
Esri Arcgis Server 10.9.0
Esri Arcgis Server 10.8.1
NA
CVE-2022-38200
A cross site scripting vulnerability exists in some map service configurations of ArcGIS Server versions 10.8.1 and 10.7.1. Specifically crafted web requests can execute arbitrary JavaScript in the context of the victim's browser.
Esri Arcgis Server 10.8.1
Esri Arcgis Server 10.7.1
NA
CVE-2022-38204
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which may allow a remote, unauthenticated malicious user to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.
Esri Portal For Arcgis 10.8.1
Esri Portal For Arcgis 10.7.1
NA
CVE-2022-38207
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which may allow a remote remote, unauthenticated malicious user to create a crafted link which when clicked which could execute arbitrary JavaScript code in the victim’s browser.
Esri Portal For Arcgis 10.8.1
Esri Portal For Arcgis 10.7.1
NA
CVE-2023-25829
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and 10.9.1 that may allow a remote, unauthenticated malicious user to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.
Esri Portal For Arcgis 10.9.1
Esri Portal For Arcgis 11.0
668
VMScore
CVE-2007-4278
Stack-based buffer overflow in the giomgr process in ESRI ArcSDE service 9.2, as used with ArcGIS, allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via a large number that requires more than 8 bytes to represent in ASCII, whic...
Esri Arcgis
1000
VMScore
CVE-2007-1770
Buffer overflow in the ArcSDE service (giomgr) in Environmental Systems Research Institute (ESRI) ArcGIS prior to 9.2 Service Pack 2, when using three tiered ArcSDE configurations, allows remote malicious users to cause a denial of service (giomgr crash) and execute arbitrary cod...
Esri Arcgis
1 EDB exploit
312
VMScore
CVE-2021-3012
A cross-site scripting (XSS) vulnerability in the Document Link of documents in ESRI Enterprise prior to 10.9 allows remote authenticated users to inject arbitrary JavaScript code via a malicious HTML attribute such as onerror (in the URL field of the Parameters tab).
Esri Arcgis Enterprise
534
VMScore
CVE-2021-29095
Multiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and previous versions) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account.
Esri Arcgis Server
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »