Filtered by vendor Esri
Subscriptions
Total
85 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-38189 | 1 Esri | 1 Portal For Arcgis | 2022-10-28 | 5.4 Medium |
| A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser. | ||||
| CVE-2022-38195 | 1 Esri | 1 Arcgis Server | 2022-10-27 | 6.1 Medium |
| There is as reflected cross site scripting issue in Esri ArcGIS Server versions 10.9.1 and below which may allow a remote unauthorized attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser. | ||||
| CVE-2022-38198 | 1 Esri | 1 Arcgis Server | 2022-10-26 | 6.1 Medium |
| There is a reflected cross site scripting issue in the Esri ArcGIS Server services directory versions 10.9.1 and below that may allow a remote, unauthenticated attacker to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser. | ||||
| CVE-2012-1661 | 1 Esri | 2 Arcgis, Arcmap | 2022-10-03 | N/A |
| ESRI ArcMap 9 and ArcGIS 10.0.2.3200 and earlier does not properly prompt users before executing embedded VBA macros, which allows user-assisted remote attackers to execute arbitrary VBA code via a crafted map (.mxd) file. | ||||
| CVE-2013-7232 | 1 Esri | 1 Arcgis | 2022-10-03 | N/A |
| SQL injection vulnerability in ESRI ArcGIS for Server through 10.2 allows remote attackers to execute arbitrary SQL commands via unspecified input to the map or feature service. | ||||
| CVE-2013-7231 | 1 Esri | 1 Arcgis | 2022-10-03 | N/A |
| Cross-site scripting (XSS) vulnerability in the Mobile Content Server in ESRI ArcGIS for Server 10.1 and 10.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-5222. | ||||
| CVE-2022-38194 | 1 Esri | 1 Portal For Arcgis | 2022-08-17 | 5.5 Medium |
| In Esri Portal for ArcGIS versions 10.8.1, a system property is not properly encrypted. This may lead to a local user reading sensitive information from a properties file. | ||||
| CVE-2022-38192 | 1 Esri | 1 Portal For Arcgis | 2022-08-17 | 5.4 Medium |
| A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser. | ||||
| CVE-2022-38187 | 1 Esri | 1 Portal For Arcgis | 2022-08-16 | 7.5 High |
| Prior to version 10.9.0, the sharing/rest/content/features/analyze endpoint is always accessible to anonymous users, which could allow an unauthenticated attacker to induce Esri Portal for ArcGIS to read arbitrary URLs. | ||||
| CVE-2022-38188 | 1 Esri | 1 Portal For Arcgis | 2022-08-16 | 6.1 Medium |
| There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser. | ||||
| CVE-2022-38190 | 1 Esri | 1 Portal For Arcgis | 2022-08-16 | 6.1 Medium |
| A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS configurable apps may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser | ||||
| CVE-2021-29112 | 1 Esri | 1 Arcreader | 2022-08-15 | 5.5 Medium |
| An out-of-bounds read vulnerability exists when parsing a specially crafted file in Esri ArcReader 10.8.1 (and earlier) which allow an unauthenticated attacker to induce an information disclosure issue in the context of the current user. | ||||
| CVE-2021-29118 | 1 Esri | 1 Arcreader | 2022-08-15 | 5.5 Medium |
| An out-of-bounds read vulnerability exists when parsing a specially crafted file in Esri ArcReader 10.8.1 (and earlier) which allow an unauthenticated attacker to induce an information disclosure issue in the context of the current user. | ||||
| CVE-2021-3012 | 1 Esri | 1 Arcgis Enterprise | 2021-05-26 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in the Document Link of documents in ESRI Enterprise before 10.9 allows remote authenticated users to inject arbitrary JavaScript code via a malicious HTML attribute such as onerror (in the URL field of the Parameters tab). | ||||
| CVE-2020-35712 | 3 Esri, Linux, Microsoft | 3 Arcgis Server, Linux Kernel, Windows | 2020-12-30 | 9.8 Critical |
| Esri ArcGIS Server before 10.8 is vulnerable to SSRF in some configurations. | ||||
| CVE-2019-16193 | 1 Esri | 1 Arcgis Enterprise | 2019-09-12 | 5.4 Medium |
| In ArcGIS Enterprise 10.6.1, a crafted IFRAME element can be used to trigger a Cross Frame Scripting (XFS) attack through the EDIT MY PROFILE feature. | ||||
| CVE-2015-2002 | 1 Esri | 1 Arcgisruntime Sdk | 2018-04-23 | N/A |
| The ESRI ArcGis Runtime SDK before 10.2.6-2 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function. | ||||
| CVE-2012-4949 | 1 Esri | 1 Arcgis | 2017-08-29 | N/A |
| SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote authenticated users to execute arbitrary SQL commands via the where parameter to a query URI for a REST service. | ||||
| CVE-2007-4278 | 1 Esri | 1 Arcgis | 2017-07-29 | N/A |
| Stack-based buffer overflow in the giomgr process in ESRI ArcSDE service 9.2, as used with ArcGIS, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number that requires more than 8 bytes to represent in ASCII, which triggers the overflow in an sprintf function call. | ||||
| CVE-2007-1770 | 1 Esri | 1 Arcgis | 2017-07-29 | N/A |
| Buffer overflow in the ArcSDE service (giomgr) in Environmental Systems Research Institute (ESRI) ArcGIS before 9.2 Service Pack 2, when using three tiered ArcSDE configurations, allows remote attackers to cause a denial of service (giomgr crash) and execute arbitrary code via long parameters in crafted requests. | ||||