Filtered by vendor Esri
Subscribe
Total
95 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-7231 | 1 Esri | 1 Arcgis Server | 2024-07-11 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Mobile Content Server in ESRI ArcGIS for Server 10.1 and 10.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-5222. | |||||
| CVE-2013-5222 | 1 Esri | 1 Arcgis Server | 2024-07-11 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Server 10.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-5221 | 1 Esri | 1 Arcgis Server | 2024-07-11 | 3.5 LOW | N/A |
| The mobile-upload feature in Esri ArcGIS for Server 10.1 through 10.2 allows remote authenticated users to upload .exe files by leveraging (1) publisher or (2) administrator privileges. | |||||
| CVE-2012-4949 | 1 Esri | 1 Arcgis Server | 2024-07-11 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote authenticated users to execute arbitrary SQL commands via the where parameter to a query URI for a REST service. | |||||
| CVE-2007-4278 | 1 Esri | 1 Arcsde | 2024-07-11 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the giomgr process in ESRI ArcSDE service 9.2, as used with ArcGIS, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number that requires more than 8 bytes to represent in ASCII, which triggers the overflow in an sprintf function call. | |||||
| CVE-2007-1770 | 1 Esri | 1 Arcsde | 2024-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the ArcSDE service (giomgr) in Environmental Systems Research Institute (ESRI) ArcGIS before 9.2 Service Pack 2, when using three tiered ArcSDE configurations, allows remote attackers to cause a denial of service (giomgr crash) and execute arbitrary code via long parameters in crafted requests. | |||||
| CVE-2005-1394 | 1 Esri | 1 Arcinfo Workstation | 2024-07-11 | 7.2 HIGH | N/A |
| Format string vulnerability in ArcGIS for ESRI ArcInfo Workstation 9.0 allows local users to gain privileges via format string specifiers in the ARCHOME environment variable to (1) wservice or (2) lockmgr. | |||||
| CVE-2021-29101 | 1 Esri | 1 Arcgis Geoevent Server | 2024-05-21 | 5.0 MEDIUM | 7.5 HIGH |
| ArcGIS GeoEvent Server versions 10.8.1 and below has a read-only directory path traversal vulnerability that could allow an unauthenticated, remote attacker to perform directory traversal attacks and read arbitrary files on the system. | |||||
| CVE-2021-29096 | 1 Esri | 4 Arcgis Engine, Arcgis Pro, Arcmap and 1 more | 2024-05-21 | 6.8 MEDIUM | 7.8 HIGH |
| A use-after-free vulnerability when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier) allows an unauthenticated attacker to achieve arbitrary code execution in the context of the current user. | |||||
| CVE-2023-25838 | 1 Esri | 1 Arcgis Insights | 2024-05-21 | N/A | 7.5 HIGH |
| There is SQL injection vulnerability in Esri ArcGIS Insights 2022.1 for ArcGIS Enterprise and that may allow a remote, authorized attacker to execute arbitrary SQL commands against the back-end database. The effort required to generate the crafted input required to exploit this issue is complex and requires significant effort before a successful attack can be expected. | |||||
| CVE-2014-5121 | 1 Esri | 1 Arcgis Server | 2024-05-21 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Server 10.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||||
| CVE-2014-9741 | 1 Esri | 3 Arcgis For Desktop, Arcgis For Engine, Arcgis Server | 2024-05-21 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Desktop, ArcGIS for Engine, and ArcGIS for Server 10.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-5122 | 1 Esri | 1 Arcgis Server | 2024-05-21 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in ESRI ArcGIS for Server 10.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, related to login. | |||||
| CVE-2023-25839 | 3 Apple, Esri, Microsoft | 3 Macos, Arcgis Insights, Windows | 2024-02-28 | N/A | 7.0 HIGH |
| There is SQL injection vulnerability in Esri ArcGIS Insights Desktop for Mac and Windows version 2022.1 that may allow a local, authorized attacker to execute arbitrary SQL commands against the back-end database. The effort required to generate the crafted input required to exploit this issue is complex and requires significant effort before a successful attack can be expected. | |||||
| CVE-2023-25830 | 1 Esri | 1 Portal For Arcgis | 2024-02-28 | N/A | 6.1 MEDIUM |
| There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. | |||||
| CVE-2023-25829 | 1 Esri | 1 Portal For Arcgis | 2024-02-28 | N/A | 6.1 MEDIUM |
| There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and 10.9.1 that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks. | |||||
| CVE-2023-25832 | 1 Esri | 1 Portal For Arcgis | 2024-02-28 | N/A | 8.8 HIGH |
| There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.0 and below that may allow an attacker to trick an authorized user into executing unwanted actions. | |||||
| CVE-2023-25831 | 1 Esri | 1 Portal For Arcgis | 2024-02-28 | N/A | 6.1 MEDIUM |
| There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. | |||||
| CVE-2023-25834 | 1 Esri | 1 Portal For Arcgis | 2024-02-28 | N/A | 5.4 MEDIUM |
| Changes to user permissions in Portal for ArcGIS 10.9.1 and below are incompletely applied in specific use cases. This issue may allow users to access content that they are no longer privileged to access. | |||||
| CVE-2023-25833 | 1 Esri | 1 Portal For Arcgis | 2024-02-28 | N/A | 5.4 MEDIUM |
| There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser (no stateful change made or customer data rendered). | |||||