Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / esri

esri

168 tracked vulnerabilities.

CVE-2021-29118 MEDIUM

Esri ArcReader < 10.8.1 - Unauthenticated Out-of-bounds Read via Crafted File

CVE-2021-29117 HIGH

Esri ArcReader < 10.8.1 - Use-After-Free via Crafted File Parsing

CVE-2021-29112 MEDIUM

Esri ArcReader < 10.8.1 - Unauthenticated Out-of-bounds Read via Crafted File

CVE-2021-29116 MEDIUM

Esri ArcGIS Server 10.8.1 and 10.9 - Unauthenticated Stored Cross-Site Scripting via Feature Service Queries

CVE-2021-29115 MEDIUM

Esri ArcGIS Enterprise < 10.9 - Information Disclosure via ArcGIS Service Directory

CVE-2021-29114 CRITICAL

Esri ArcGIS Server < 10.9.0 - Unauthenticated SQL Injection via Feature Service Queries

CVE-2021-29113 MEDIUM

ArcGIS Server < 10.9.0 - Unauthenticated Remote File Inclusion in Help Documentation

CVE-2021-29110 MEDIUM

Esri Portal for ArcGIS < 10.9 - Unauthenticated Stored Cross-Site Scripting in Home Application

CVE-2021-29109 MEDIUM

Esri Portal for ArcGIS < 10.9 - Reflected Cross-Site Scripting

CVE-2021-29108 HIGH

Esri Portal for ArcGIS < 10.9 - Authenticated Privilege Escalation via SAML Assertion XML Signature Wrapping

CVE-2021-29105 MEDIUM

Esri ArcGIS Server < 10.9.0 - Authenticated Stored Cross-Site Scripting

CVE-2021-29104 MEDIUM

ArcGIS Server < 10.9.0 - Unauthenticated Stored Cross-Site Scripting

CVE-2021-29103 MEDIUM

ArcGIS Server < 10.9.0 - Reflected Cross-Site Scripting

CVE-2021-29102 CRITICAL

ArcGIS Server < 10.9.0 - Unauthenticated Server-Side Request Forgery

CVE-2021-29107 MEDIUM

ArcGIS Server Manager <= 10.8.1 - Unauthenticated Stored Cross-Site Scripting

CVE-2021-29106 MEDIUM

Esri ArcGIS Server < 10.9.0 - Reflected Cross-Site Scripting

CVE-2021-29099 MEDIUM

ArcGIS Server < 10.8.1 - SQL Injection

CVE-2021-29101 HIGH

ArcGIS GeoEvent Server <= 10.8.1 - Unauthenticated Path Traversal

CVE-2021-29100 HIGH

Esri ArcGIS Earth < 1.11.0 - Path Traversal and Arbitrary File Write via Crafted File Upload

CVE-2021-3012 MEDIUM

ESRI ArcGIS Enterprise < 10.9 - Authenticated Stored Cross-Site Scripting via Document Link URL Parameter

CVE-2021-29098 HIGH

Esri ArcGIS Engine/Pro/Map/Reader < 10.8.1/2.7 - RCE via Crafted File

CVE-2021-29097 HIGH

Esri ArcGIS Engine/Pro/Map/Reader < 10.8.1/2.7 - Unauthenticated Buffer Overflow via Crafted File

CVE-2021-29095 MEDIUM

Esri ArcGIS Server < 10.8.1 - Authenticated Arbitrary Code Execution via Crafted File Parsing

CVE-2021-29094 MEDIUM

Esri ArcGIS Server < 10.8.1 - Authenticated Remote Code Execution via Crafted File Parsing

CVE-2021-29093 MEDIUM

Esri ArcGIS Server < 10.8.1 - Authenticated Use-After-Free via Crafted File Parsing

Previous Page 6 of 7 Next

Products

portal_for_arcgis 73 arcgis_server 67 arcgis_pro 6 arcreader 6 arcgis_enterprise 5 arcmap 4 arcgis_engine 3 ArcGIS Server 2 Portal for ArcGIS 2 arcgis_allsource 2 arcgis_insights 2 arcinfo_workstation 2 arcsde 2 ArcGIS Enterprise Builder 1 ArcGIS Monitor 1 ArcGIS Web AppBuilder {Developer Edition) 1 arcgis_earth 1 arcgis_for_desktop 1 arcgis_for_engine 1 arcgis_geoevent_server 1 arcgis_quickcapture 1 arcgisruntime_sdk 1 arcpad 1

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy