Filtered by vendor Esri
Subscribe
Search
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-29114 | 1 Esri | 1 Arcgis Server | 2022-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability in feature services provided by Esri ArcGIS Server 10.9 and below allows a remote, unauthenticated attacker to impact the confidentiality, integrity and availability of targeted services via specifically crafted queries. | |||||
| CVE-2021-29102 | 1 Esri | 1 Arcgis Server | 2022-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| A Server-Side Request Forgery (SSRF) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote, unauthenticated attacker to forge GET requests to arbitrary URLs from the system, potentially leading to network enumeration or facilitating other attacks. | |||||
| CVE-2020-35712 | 3 Esri, Linux, Microsoft | 3 Arcgis Server, Linux Kernel, Windows | 2020-12-30 | 9.3 HIGH | 9.8 CRITICAL |
| Esri ArcGIS Server before 10.8 is vulnerable to SSRF in some configurations. | |||||
| CVE-2015-2002 | 1 Esri | 1 Arcgisruntime Sdk | 2018-04-23 | 7.5 HIGH | 9.8 CRITICAL |
| The ESRI ArcGis Runtime SDK before 10.2.6-2 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function. | |||||