15 matches found
EUVD-2021-15739
Malware in sbrugna...
EUVD-2021-15738
Malware in sbrugna...
Vulnerabilities fixed in Esri ArcReader
Esri has fixed multiple vulnerabilities in ArcReader, ArcGIS Desktop, ArcGIS Engine and ArcGIS Pro. A malicious party could vulnerabilities potentially exploit them to execute arbitrary code execute arbitrary code under application privileges. To do so, the malicious party needs to induce an...
CVE-2021-29098
Multiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 and earlier and ArcGIS Pro 2.7 and earlier allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user...
CVE-2021-29097
Multiple buffer overflow vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 and earlier and ArcGIS Pro 2.7 and earlier allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user...
CVE-2021-29097
Multiple buffer overflow vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 and earlier and ArcGIS Pro 2.7 and earlier allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user...
CVE-2021-29098
Multiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 and earlier and ArcGIS Pro 2.7 and earlier allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user...
CVE-2021-29098 ArcGIS general raster security update: uninitialized pointer
Multiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 and earlier and ArcGIS Pro 2.7 and earlier allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user...
CVE-2021-29097
CVE-2021-29097 corresponds to Esri ArcReader/ArcGIS PMF file parsing vulnerabilities that allow remote code execution via buffer overflow in the PMF parsing logic. The connected ZDI advisories describe heap- and stack-based buffer overflow variants (PMF parsing) that enable code execution in the ...
CVE-2021-29097 ArcGIS general raster security update: buffer overflow
Multiple buffer overflow vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 and earlier and ArcGIS Pro 2.7 and earlier allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user...
CVE-2021-29096
The CVE-2021-29096 issue affects Esri ArcReader, ArcGIS Desktop/Engine (10.8.1 and earlier) and ArcGIS Pro (2.7 and earlier). It is a use-after-free in PMF file parsing that allows an unauthenticated attacker to achieve arbitrary code execution in the context of the current user. In the described...
PT-2021-18084 · Esri · Arcgis Desktop +3
Name of the Vulnerable Software and Affected Versions: Esri ArcReader versions 10.8.1 and earlier ArcGIS Desktop versions 10.8.1 and earlier ArcGIS Engine versions 10.8.1 and earlier ArcGIS Pro versions 2.7 and earlier Description: A use-after-free vulnerability occurs when parsing a specially...
PT-2021-18086 · Esri · Arcgis Desktop +3
Name of the Vulnerable Software and Affected Versions: Esri ArcReader versions 10.8.1 and earlier ArcGIS Desktop versions 10.8.1 and earlier ArcGIS Engine versions 10.8.1 and earlier ArcGIS Pro versions 2.7 and earlier Description: The issue arises from multiple uninitialized pointer...
PT-2021-18085 · Esri · Arcgis Desktop +3
Name of the Vulnerable Software and Affected Versions: Esri ArcReader versions 10.8.1 and earlier ArcGIS Desktop versions 10.8.1 and earlier ArcGIS Engine versions 10.8.1 and earlier ArcGIS Pro versions 2.7 and earlier Description: Multiple buffer overflow vulnerabilities exist when parsing a...
PT-2015-4375 · Esri · Esri Arcgis For Server +2
Name of the Vulnerable Software and Affected Versions: ESRI ArcGIS for Desktop versions 10.2.2 and earlier ESRI ArcGIS for Engine versions 10.2.2 and earlier ESRI ArcGIS for Server versions 10.2.2 and earlier Description: The issue allows remote attackers to inject arbitrary web script or HTML vi...