The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of ArcGIS for Desktop

Android: privilege escalation via Serialization
A local attacker, or a malicious application, can thus use the Serialization on Android OS, in order to escalate his privileges...
CVE-2015-2000, CVE-2015-2001, CVE-2015-2002, CVE-2015-2003, CVE-2015-2004, CVE-2015-2020, CVE-2015-3825-REJECT, CVE-2015-3837, VIGILANCE-VUL-17645
ArcGIS for Desktop, Server: multiple Cross Site Scripting
An attacker can trigger some Cross Site Scripting of ArcGIS for Desktop, Server, in order to execute JavaScript code in the context of the web site...
VIGILANCE-VUL-17236
OpenSSL: information disclosure via Heartbeat
An attacker can use the Heartbeat protocol on an application compiled with OpenSSL, in order to obtain sensitive information, such as keys stored in memory...
1669839, 190438, 2076225, 2962393, c04236102, c04267775, c04286049, CA20140413-01, CERTFR-2014-ALE-003, CERTFR-2014-AVI-156, CERTFR-2014-AVI-161, CERTFR-2014-AVI-162, CERTFR-2014-AVI-167, CERTFR-2014-AVI-169, CERTFR-2014-AVI-177, CERTFR-2014-AVI-178, CERTFR-2014-AVI-179, CERTFR-2014-AVI-180, CERTFR-2014-AVI-181, CERTFR-2014-AVI-198, CERTFR-2014-AVI-199, CERTFR-2014-AVI-213, cisco-sa-20140409-heartbleed, CTX140605, CVE-2014-0160, CVE-2014-0346-REJECT, DSA-2896-1, DSA-2896-2, emr_na-c04236102-7, ESA-2014-034, ESA-2014-036, ESA-2014-075, FEDORA-2014-4879, FEDORA-2014-4910, FEDORA-2014-4982, FEDORA-2014-4999, FG-IR-14-011, FreeBSD-SA-14:06.openssl, Heartbleed, HPSBMU02995, HPSBMU03025, HPSBMU03040, ICSA-14-105-03, JSA10623, MDVSA-2014:123, MDVSA-2015:062, NetBSD-SA2014-004, openSUSE-SU-2014:0492-1, openSUSE-SU-2014:0560-1, openSUSE-SU-2014:0719-1, pfSense-SA-14_04.openssl, RHSA-2014:0376-01, RHSA-2014:0377-01, RHSA-2014:0378-01, RHSA-2014:0396-01, RHSA-2014:0416-01, SA40005, SA79, SB10071, SOL15159, SPL-82696, SSA:2014-098-01, SSA-635659, SSRT101565, USN-2165-1, VIGILANCE-VUL-14534, VMSA-2014-0004, VMSA-2014-0004.1, VMSA-2014-0004.2, VMSA-2014-0004.3, VMSA-2014-0004.6, VMSA-2014-0004.7, VU#720951
ArcGIS for Server: multiple vulnerabilities
An attacker can use several vulnerabilities of ArcGIS for Server...
41468, 41497, 41498, BID-62691, BID-62889, CVE-2013-5221, CVE-2013-5222, CVE-2013-7231, CVE-2013-7232, NIM092795, NIM092820, NIM093227, NIM094447, VIGILANCE-VUL-13359
ESRI ArcGIS for Desktop: SQL injection
An attacker can use a SQL injection in ESRI ArcGIS for Desktop, in order to read or alter data...
VIGILANCE-VUL-13053
ArcGIS Server: SQL injection
An attacker can use a SQL injection in ArcGIS Server, in order to read or alter data...
NIM084249, VIGILANCE-VUL-12830
ArcGIS: information leak about database tables
An attacker who causes a server side error, can get information about the database schema...
NIM085361, VIGILANCE-VUL-12168
ArcGIS Web Server: SQL injection
An attacker can use the REST interface of the ArcGIS web server, to inject SQL commands, in order to read or alter data...
BID-56474, CVE-2012-4949, NIM084249, VIGILANCE-VUL-12128, VU#795644
ESRI ArcGIS: macro execution via MXD
An attacker can invite the victim to open a malicious MXD file with ArcGIS, in order to execute a Visual Basic macro on his computer...
40384, BID-53988, CVE-2012-1661, VIGILANCE-VUL-11708
ArcGIS: code execution via TeeChart Professional
An attacker can create a web page calling the TeeChart Professional ActiveX, which is installed by ArcGIS products, in order to execute code on computers of victims loading this page with Internet Explorer...
BID-49125, NIM074916, SS-2011-007, VIGILANCE-VUL-11517
Our database contains other pages. You can request a free trial to read them.

Display information about ArcGIS for Desktop: