Show filters
109 Total Results
Displaying 91-100 of 109
Sort by:
Attacker Value
Unknown

CVE-2021-29096

Disclosure Date: March 16, 2021 (last updated February 22, 2025)
A use-after-free vulnerability when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier) allows an unauthenticated attacker to achieve arbitrary code execution in the context of the current user.
Attack Vector: LocalPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-29098

Disclosure Date: March 16, 2021 (last updated February 22, 2025)
Multiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier) allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user.
Attack Vector: LocalPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-35712

Disclosure Date: December 26, 2020 (last updated February 22, 2025)
Esri ArcGIS Server before 10.8 is vulnerable to SSRF in some configurations.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-16193

Disclosure Date: September 11, 2019 (last updated November 27, 2024)
In ArcGIS Enterprise 10.6.1, a crafted IFRAME element can be used to trigger a Cross Frame Scripting (XFS) attack through the EDIT MY PROFILE feature.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2015-2002

Disclosure Date: March 29, 2018 (last updated November 26, 2024)
The ESRI ArcGis Runtime SDK before 10.2.6-2 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.
0
0
Attacker Value
Unknown

CVE-2014-9741

Disclosure Date: July 08, 2015 (last updated May 22, 2024)
Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Desktop, ArcGIS for Engine, and ArcGIS for Server 10.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
0
0
Attacker Value
Unknown

CVE-2014-5122

Disclosure Date: August 22, 2014 (last updated May 22, 2024)
Open redirect vulnerability in ESRI ArcGIS for Server 10.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, related to login.
0
0
Attacker Value
Unknown

CVE-2014-5121

Disclosure Date: August 22, 2014 (last updated May 22, 2024)
Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Server 10.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.
0
0
Attacker Value
Unknown

CVE-2013-5222

Disclosure Date: December 30, 2013 (last updated July 12, 2024)
Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Server 10.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
0
0
Attacker Value
Unknown

CVE-2013-7232

Disclosure Date: December 30, 2013 (last updated July 12, 2024)
SQL injection vulnerability in ESRI ArcGIS for Server through 10.2 allows remote attackers to execute arbitrary SQL commands via unspecified input to the map or feature service.
0
0
View More Topics  < Previous  Next >