Filtered by vendor Esri
Subscriptions
Total
109 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-38201 | 1 Esri | 1 Arcgis Quickcapture | 2024-11-21 | 6.1 Medium |
| An unvalidated redirect vulnerability exists in Esri Portal for ArcGIS Quick Capture Web Designer versions 10.8.1 to 10.9.1. A remote, unauthenticated attacker can potentially induce an unsuspecting authenticated user to access an an attacker controlled domain. | ||||
| CVE-2022-38200 | 1 Esri | 1 Arcgis Server | 2024-11-21 | 6.1 Medium |
| A cross site scripting vulnerability exists in some map service configurations of ArcGIS Server versions 10.8.1 and 10.7.1. Specifically crafted web requests can execute arbitrary JavaScript in the context of the victim's browser. | ||||
| CVE-2022-38199 | 1 Esri | 1 Arcgis Server | 2024-11-21 | 6.1 Medium |
| A remote file download issue can occur in some capabilities of Esri ArcGIS Server web services that may in some edge cases allow a remote, unauthenticated attacker to induce an unsuspecting victim to launch a process in the victim's PATH environment. Current browsers provide users with warnings against running unsigned executables downloaded from the internet. | ||||
| CVE-2022-38198 | 1 Esri | 1 Arcgis Server | 2024-11-21 | 6.1 Medium |
| There is a reflected cross site scripting issue in the Esri ArcGIS Server services directory versions 10.9.1 and below that may allow a remote, unauthenticated attacker to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser. | ||||
| CVE-2022-38197 | 1 Esri | 1 Arcgis Server | 2024-11-21 | 6.1 Medium |
| Esri ArcGIS Server versions 10.9.1 and below have an unvalidated redirect issue that may allow a remote, unauthenticated attacker to phish a user into accessing an attacker controlled website via a crafted query parameter. | ||||
| CVE-2022-38196 | 1 Esri | 1 Arcgis Server | 2024-11-21 | 6.5 Medium |
| Esri ArcGIS Server versions 10.9.1 and prior have a path traversal vulnerability that may result in a denial of service by allowing a remote, authenticated attacker to overwrite internal ArcGIS Server directory. | ||||
| CVE-2022-38195 | 1 Esri | 1 Arcgis Server | 2024-11-21 | 6.1 Medium |
| There is as reflected cross site scripting issue in Esri ArcGIS Server versions 10.9.1 and below which may allow a remote unauthorized attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser. | ||||
| CVE-2022-38194 | 1 Esri | 1 Portal For Arcgis | 2024-11-21 | 6.7 Medium |
| In Esri Portal for ArcGIS versions 10.8.1, a system property is not properly encrypted. This may lead to a local user reading sensitive information from a properties file. | ||||
| CVE-2022-38193 | 1 Esri | 1 Portal For Arcgis | 2024-11-21 | 6.1 Medium |
| There is a code injection vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below that may allow a remote, unauthenticated attacker to pass strings which could potentially cause arbitrary code execution. | ||||
| CVE-2022-38192 | 1 Esri | 1 Portal For Arcgis | 2024-11-21 | 6.1 Medium |
| A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser. | ||||
| CVE-2022-38191 | 1 Esri | 1 Portal For Arcgis | 2024-11-21 | 6.1 Medium |
| There is an HTML injection issue in Esri Portal for ArcGIS versions 10.9.0 and below which may allow a remote, authenticated attacker to inject HTML into some locations in the home application. | ||||
| CVE-2022-38190 | 1 Esri | 1 Portal For Arcgis | 2024-11-21 | 6.1 Medium |
| A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS configurable apps may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser | ||||
| CVE-2022-38189 | 1 Esri | 1 Portal For Arcgis | 2024-11-21 | 5.4 Medium |
| A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser. | ||||
| CVE-2022-38188 | 1 Esri | 1 Portal For Arcgis | 2024-11-21 | 6.1 Medium |
| There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser. | ||||
| CVE-2022-38187 | 1 Esri | 1 Portal For Arcgis | 2024-11-21 | 7.5 High |
| Prior to version 10.9.0, the sharing/rest/content/features/analyze endpoint is always accessible to anonymous users, which could allow an unauthenticated attacker to induce Esri Portal for ArcGIS to read arbitrary URLs. | ||||
| CVE-2022-38186 | 1 Esri | 1 Portal For Arcgis | 2024-11-21 | 6.1 Medium |
| There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser. | ||||
| CVE-2022-38184 | 1 Esri | 1 Portal For Arcgis | 2024-11-21 | 7.5 High |
| There is an improper access control vulnerability in Portal for ArcGIS versions 10.8.1 and below which could allow a remote, unauthenticated attacker to access an API that may induce Esri Portal for ArcGIS to read arbitrary URLs. | ||||
| CVE-2021-3012 | 1 Esri | 1 Arcgis Enterprise | 2024-11-21 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in the Document Link of documents in ESRI Enterprise before 10.9 allows remote authenticated users to inject arbitrary JavaScript code via a malicious HTML attribute such as onerror (in the URL field of the Parameters tab). | ||||
| CVE-2021-29118 | 1 Esri | 1 Arcreader | 2024-11-21 | 5.5 Medium |
| An out-of-bounds read vulnerability exists when parsing a specially crafted file in Esri ArcReader 10.8.1 (and earlier) which allow an unauthenticated attacker to induce an information disclosure issue in the context of the current user. | ||||
| CVE-2021-29117 | 1 Esri | 1 Arcreader | 2024-11-21 | 7.8 High |
| A use-after-free vulnerability when parsing a specially crafted file in Esri ArcReader 10.8.1 (and earlier) allows an unauthenticated attacker to achieve arbitrary code execution in the context of the current user. | ||||