Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:esri:arcgis:10.1:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2021-29098 |
Multiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier) allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user. Published: March 25, 2021; 5:15:13 PM -0400 |
V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2021-29097 |
Multiple buffer overflow vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier) allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user. Published: March 25, 2021; 5:15:13 PM -0400 |
V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2013-7232 |
SQL injection vulnerability in ESRI ArcGIS for Server through 10.2 allows remote attackers to execute arbitrary SQL commands via unspecified input to the map or feature service. Published: December 29, 2013; 11:53:07 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2013-7231 |
Cross-site scripting (XSS) vulnerability in the Mobile Content Server in ESRI ArcGIS for Server 10.1 and 10.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-5222. Published: December 29, 2013; 11:53:07 PM -0500 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2013-5222 |
Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Server 10.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Published: December 29, 2013; 11:53:07 PM -0500 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2013-5221 |
The mobile-upload feature in Esri ArcGIS for Server 10.1 through 10.2 allows remote authenticated users to upload .exe files by leveraging (1) publisher or (2) administrator privileges. Published: September 24, 2013; 6:35:52 AM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2012-4949 |
SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote authenticated users to execute arbitrary SQL commands via the where parameter to a query URI for a REST service. Published: November 14, 2012; 7:30:59 AM -0500 |
V3.x:(not available) V2.0: 6.5 MEDIUM |
CVE-2007-4278 |
Stack-based buffer overflow in the giomgr process in ESRI ArcSDE service 9.2, as used with ArcGIS, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number that requires more than 8 bytes to represent in ASCII, which triggers the overflow in an sprintf function call. Published: August 15, 2007; 6:17:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |