CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-29098 – ArcGIS general raster security update: uninitialized pointer
https://notcve.org/view.php?id=CVE-2021-29098
25 Mar 2021 — Multiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier) allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user. Múltiples vulnerabilidades de puntero no inicializado cuando se analiza un archivo especialmente diseñado en Esri ArcReader, ArcGIS Desktop, ArcGIS Engine versiones 10.8.1 (y anteriores) y ArcGIS Pro versiones 2.7 (y a... • https://www.esri.com/arcgis-blog/products/arcgis/administration/security-advisory-general-raster • CWE-824: Access of Uninitialized Pointer •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-29097 – ArcGIS general raster security update: buffer overflow
https://notcve.org/view.php?id=CVE-2021-29097
25 Mar 2021 — Multiple buffer overflow vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier) allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user. Múltiples vulnerabilidades de desbordamiento de búfer cuando se analiza un archivo especialmente diseñado en Esri ArcReader, ArcGIS Desktop, ArcGIS Engine versiones 10.8.1 (y anteriores) y ArcGIS Pro versiones 2.7 (y anterio... • https://www.esri.com/arcgis-blog/products/arcgis/administration/security-advisory-general-raster • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2013-7232
https://notcve.org/view.php?id=CVE-2013-7232
30 Dec 2013 — SQL injection vulnerability in ESRI ArcGIS for Server through 10.2 allows remote attackers to execute arbitrary SQL commands via unspecified input to the map or feature service. Vulnerabilidad de inyección SQL en ESRI ArcGIS Server a hasta 10.2, permite a atacantes remotos ejecutar comandos SQL a través de la entrada no especificada en el mapa o en servicio características • http://support.esri.com/en/downloads/patches-servicepacks/view/productid/66/metaid/2009 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.3EPSS: 8%CPEs: 3EXPL: 5CVE-2012-1661 – ESRI ArcGIS 10.0.x / ArcMap 9 - Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2012-1661
12 Jul 2012 — ESRI ArcMap 9 and ArcGIS 10.0.2.3200 and earlier does not properly prompt users before executing embedded VBA macros, which allows user-assisted remote attackers to execute arbitrary VBA code via a crafted map (.mxd) file. ESRI ArcMap v9 y ArcGIS v10.0.2.3200 y anteriores no pregunta a los usuarios antes de antes de ejecutar macros VBA incrustados, lo que permite a usuarios remotos con la ayuda de usuarios locales ejecutar código de su elección a través de código VBA a través de fichero de mapas (.MXD) modi... • https://www.exploit-db.com/exploits/19138 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 31%CPEs: 1EXPL: 1CVE-2007-1770 – ESRI ArcSDE 9.0 < 9.2sp1 - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-1770
30 Mar 2007 — Buffer overflow in the ArcSDE service (giomgr) in Environmental Systems Research Institute (ESRI) ArcGIS before 9.2 Service Pack 2, when using three tiered ArcSDE configurations, allows remote attackers to cause a denial of service (giomgr crash) and execute arbitrary code via long parameters in crafted requests. Un desbordamiento de búfer en el servicio ArcSDE (giomgr) en Environmental Systems Research Institute (ESRI) ArcGIS versiones anteriores a 9.2 Service Pack 2, cuando se usan tres configuraciones de... • https://www.exploit-db.com/exploits/4146 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2005-1394 – Solaris 10.x - ESRI Arcgis Format String Privilege Escalation
https://notcve.org/view.php?id=CVE-2005-1394
02 May 2005 — Format string vulnerability in ArcGIS for ESRI ArcInfo Workstation 9.0 allows local users to gain privileges via format string specifiers in the ARCHOME environment variable to (1) wservice or (2) lockmgr. • https://www.exploit-db.com/exploits/972 •