Arcgis Pro
Approved changes feed: RSS · Atom
cpe:2.3:a:esri:arcgis_pro:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Esri (7fc7b1c4-e95b-5bc9-bfb4-4695cd2e3e82) |
|---|---|
| Product | Arcgis Pro (f1373a24-3fc4-5dc2-982f-2816afde6c78) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-1446 |
vulnerable | 2026-06-03 15:14:44.407959 |
XSS issue is Esri ArcGIS Pro versions 3.6.0 and earlier
MEDIUM (5)
There is a Cross‑Site Scripting (XSS) issue in Esri ArcGIS Pro versions 3.6.0 and earlier. ArcGIS Pro is a desktop application, and exploitation is limited to local users interacting with the application; no privileged role or elevated permissions are required beyond standard local user access. A local attacker can supply malicious strings that may be rendered and executed when a specific dialog within ArcGIS Pro is opened. This issue is fixed in ArcGIS Pro version 3.6.1.
Published: 2026-01-26T17:24:12.411Z
Updated: 2026-02-06T06:04:15.645Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-1067 |
vulnerable | 2026-06-03 14:58:57.669056 |
There is a code injection vulnerability in ArcGIS Pro
HIGH (7.3)
There is an untrusted search path vulnerability in Esri ArcGIS Pro 3.3 and 3.4 that may allow a low privileged attacker with write privileges to the local file system to introduce a malicious executable to the filesystem. When the victim performs a specific action using ArcGIS ArcGIS Pro, the file could execute and run malicious commands under the context of the victim. This issue is addressed in ArcGIS Pro 3.3.3 and 3.4.1.
Published: 2025-02-25T16:26:03.580Z
Updated: 2025-02-26T00:03:50.613Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-29098 |
vulnerable | 2026-06-03 14:44:19.642130 |
ArcGIS general raster security update: uninitialized pointer
HIGH (7.8)
Multiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier) allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user.
Published: 2021-03-25T20:37:05.516Z
Updated: 2025-04-10T15:22:04.460Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-29097 |
vulnerable | 2026-06-03 14:44:19.641356 |
ArcGIS general raster security update: buffer overflow
HIGH (7.8)
Multiple buffer overflow vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier) allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user.
Published: 2021-03-25T20:36:03.915Z
Updated: 2024-09-17T03:17:27.744Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-29096 |
vulnerable | 2026-06-03 14:44:19.639845 |
ArcGIS general raster security update: use-after-free
HIGH (7.8)
A use-after-free vulnerability when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier) allows an unauthenticated attacker to achieve arbitrary code execution in the context of the current user.
Published: 2021-03-25T18:37:37.051Z
Updated: 2024-09-17T03:42:41.962Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.