NotCVE - vendor:"Esri" product:"Arcgis Server" version:" <= 10.9.1"

Page 5 of 27 results (0.011 seconds)

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-29095 – ArcGIS Server image service and raster analytics security update: uninitialized pointer

https://notcve.org/view.php?id=CVE-2021-29095

Multiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account. Múltiples vulnerabilidades de puntero no inicializado cuando se analiza un archivo especialmente diseñado en Esri ArcGIS Server versiones 10.8.1 (y anteriores), permiten a un atacante autenticado con permisos especializados lograr una ejecución de código arbitrario en el contexto de la cuenta de servicio • https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/security-advisory-server-image • CWE-824: Access of Uninitialized Pointer •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-29094 – ArcGIS Server image service and raster analytics security update: buffer overflow

https://notcve.org/view.php?id=CVE-2021-29094

Multiple buffer overflow vulnerabilities when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account. Múltiples vulnerabilidades de desbordamiento de búfer cuando se analiza un archivo especialmente diseñado en Esri ArcGIS Server versiones 10.8.1 (y anteriores), permiten a un atacante autenticado con permisos especializados lograr una ejecución de código arbitrario en el contexto de la cuenta de servicio • https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/security-advisory-server-image • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-29093 – ArcGIS Server image service and raster analytics security update: use-after-free

https://notcve.org/view.php?id=CVE-2021-29093

A use-after-free vulnerability when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account. Una vulnerabilidad de uso de la memoria previamente liberada cuando se analiza un archivo especialmente diseñado en Esri ArcGIS Server versiones 10.8.1 (y anteriores), permite a un atacante autenticado con permisos especializados lograr una ejecución de código arbitrario en el contexto de la cuenta de servicio • https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/security-advisory-server-image • CWE-416: Use After Free •

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2020-35712

https://notcve.org/view.php?id=CVE-2020-35712

Esri ArcGIS Server before 10.8 is vulnerable to SSRF in some configurations. Esri ArcGIS Server versiones anteriores a 10.8, es susceptible a una vulnerabilidad de tipo SSRF en algunas configuraciones • https://support.esri.com/en/bugs/nimbus/QlVHLTAwMDEyODA2MA== https://support.esri.com/en/technical-article/000022931 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2014-9741

https://notcve.org/view.php?id=CVE-2014-9741

Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Desktop, ArcGIS for Engine, and ArcGIS for Server 10.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en ESRI ArcGIS Desktop, ArcGIS Engine, y ArcGIS Server 10.2.2 y anteriores permiten a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificados. • http://blogs.esri.com/esri/arcgis/2014/09/04/arcgis-for-server-security-patch-10-1-sp1-qip-10-2-1-10-2-2 http://support.esri.com/en/downloads/patches-servicepacks/view/productid/67/metaid/2223 http://www.securitytracker.com/id/1032733 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1...3 4 5 6