CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-1067 – There is a code injection vulnerability in ArcGIS Pro
https://notcve.org/view.php?id=CVE-2025-1067
25 Feb 2025 — There is an untrusted search path vulnerability in Esri ArcGIS Pro 3.3 and 3.4 that may allow a low privileged attacker with write privileges to the local file system to introduce a malicious executable to the filesystem. When the victim performs a specific action using ArcGIS ArcGIS Pro, the file could execute and run malicious commands under the context of the victim. This issue is addressed in ArcGIS Pro 3.3.3 and 3.4.1. There is an untrusted search path vulnerability in Esri ArcGIS Pro 3.3 and 3.4 that ... • https://www.esri.com/arcgis-blog/products/administration/administration/arcgis-pro-and-arcgis-allsource-patches-address-high-severity-vulnerabilities • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-29098 – ArcGIS general raster security update: uninitialized pointer
https://notcve.org/view.php?id=CVE-2021-29098
25 Mar 2021 — Multiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier) allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user. Múltiples vulnerabilidades de puntero no inicializado cuando se analiza un archivo especialmente diseñado en Esri ArcReader, ArcGIS Desktop, ArcGIS Engine versiones 10.8.1 (y anteriores) y ArcGIS Pro versiones 2.7 (y a... • https://www.esri.com/arcgis-blog/products/arcgis/administration/security-advisory-general-raster • CWE-824: Access of Uninitialized Pointer •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-29097 – ArcGIS general raster security update: buffer overflow
https://notcve.org/view.php?id=CVE-2021-29097
25 Mar 2021 — Multiple buffer overflow vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier) allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user. Múltiples vulnerabilidades de desbordamiento de búfer cuando se analiza un archivo especialmente diseñado en Esri ArcReader, ArcGIS Desktop, ArcGIS Engine versiones 10.8.1 (y anteriores) y ArcGIS Pro versiones 2.7 (y anterio... • https://www.esri.com/arcgis-blog/products/arcgis/administration/security-advisory-general-raster • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-29096 – ArcGIS general raster security update: use-after-free
https://notcve.org/view.php?id=CVE-2021-29096
25 Mar 2021 — A use-after-free vulnerability when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier) allows an unauthenticated attacker to achieve arbitrary code execution in the context of the current user. Una vulnerabilidad de uso de la memoria previamente liberada cuando se analiza un archivo especialmente diseñado en Esri ArcReader, ArcGIS Desktop, ArcGIS Engine versiones 10.8.1 (y anteriores) y ArcGIS Pro versiones 2.7 (y anteriore... • https://www.esri.com/arcgis-blog/products/arcgis/administration/security-advisory-general-raster • CWE-416: Use After Free •