Export limit exceeded: 363331 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363331 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-4705 | 1 3s-software | 1 Codesys Gateway-server | 2025-04-11 | N/A |
| Directory traversal vulnerability in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors involving a crafted pathname. | ||||
| CVE-2012-4706 | 1 3s-software | 1 Codesys Gateway-server | 2025-04-11 | N/A |
| Integer signedness error in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to cause a denial of service via a crafted packet that triggers a heap-based buffer overflow. | ||||
| CVE-2012-4707 | 1 3s-software | 1 Codesys Gateway-server | 2025-04-11 | N/A |
| 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors that trigger an out-of-bounds memory access. | ||||
| CVE-2012-4708 | 1 3s-software | 1 Codesys Gateway-server | 2025-04-11 | N/A |
| Stack-based buffer overflow in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via a crafted packet. | ||||
| CVE-2012-4709 | 1 Invensys | 1 Wonderware Intouch | 2025-04-11 | N/A |
| Invensys Wonderware InTouch HMI 2012 R2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | ||||
| CVE-2012-4710 | 1 Invensys | 1 Wonderware Win-xml Exporter | 2025-04-11 | N/A |
| Invensys Wonderware Win-XML Exporter 1522.148.0.0 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference. | ||||
| CVE-2012-4711 | 1 Wellintech | 1 Kingview | 2025-04-11 | N/A |
| Buffer overflow in kingMess.exe 65.20.2003.10300 in WellinTech KingView 6.52, kingMess.exe 65.20.2003.10400 in KingView 6.53, and kingMess.exe 65.50.2011.18049 in KingView 6.55 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted packet. | ||||
| CVE-2012-4712 | 1 Moxa | 2 Edr-g903, Edr-g903 Firmware | 2025-04-11 | N/A |
| Moxa EDR-G903 series routers with firmware before 2.11 have a hardcoded account, which allows remote attackers to obtain unspecified device access via unknown vectors. | ||||
| CVE-2012-4713 | 1 Rockwellautomation | 1 Factorytalk Services Platform | 2025-04-11 | N/A |
| Integer signedness error in RNADiagnostics.dll in Rockwell Automation FactoryTalk Services Platform (FTSP) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 allows remote attackers to cause a denial of service (service outage or RNADiagReceiver.exe daemon crash) via UDP data that specifies a negative integer value. | ||||
| CVE-2012-4714 | 1 Rockwellautomation | 1 Factorytalk Services Platform | 2025-04-11 | N/A |
| Integer overflow in RNADiagnostics.dll in Rockwell Automation FactoryTalk Services Platform (FTSP) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 allows remote attackers to cause a denial of service (service outage or RNADiagReceiver.exe daemon crash) via UDP data that specifies a large integer value. | ||||
| CVE-2012-4715 | 1 Rockwellautomation | 1 Rslinx Enterprise | 2025-04-11 | N/A |
| Buffer overflow in LogReceiver.exe in Rockwell Automation RSLinx Enterprise CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a UDP packet with a certain integer length value that is (1) too large or (2) too small, leading to improper handling by Logger.dll. | ||||
| CVE-2012-4729 | 1 Wftpserver | 1 Wing Ftp Server | 2025-04-11 | N/A |
| Wing FTP Server before 4.1.1 allows remote authenticated users to cause a denial of service (daemon crash) via two zip commands. | ||||
| CVE-2012-4730 | 1 Bestpractical | 1 Rt | 2025-04-11 | N/A |
| Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote authenticated users with ModifySelf or AdminUser privileges to inject arbitrary email headers and conduct phishing attacks or obtain sensitive information via unknown vectors. | ||||
| CVE-2012-4731 | 1 Bestpractical | 1 Rtfm | 2025-04-11 | N/A |
| FAQ manager for Request Tracker (RTFM) before 2.4.5 does not properly check user rights, which allows remote authenticated users to create arbitrary articles in arbitrary classes via unknown vectors. | ||||
| CVE-2012-4732 | 1 Bestpractical | 1 Rt | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 3.8.12 and other versions before 3.8.15, and 4.0.6 and other versions before 4.0.8, allows remote attackers to hijack the authentication of users for requests that toggle ticket bookmarks. | ||||
| CVE-2012-4733 | 1 Bestpractical | 1 Rt | 2025-04-11 | N/A |
| Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors. | ||||
| CVE-2012-4734 | 1 Bestpractical | 1 Rt | 2025-04-11 | N/A |
| Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to conduct a "confused deputy" attack to bypass the CSRF warning protection mechanism and cause victims to "modify arbitrary state" via unknown vectors related to a crafted link. | ||||
| CVE-2012-4864 | 1 Oreans | 1 Winlicense | 2025-04-11 | N/A |
| Oreans WinLicense 2.1.8.0 allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted xml file. | ||||
| CVE-2012-4736 | 1 Sophos | 1 Safeguard Enterprise | 2025-04-11 | N/A |
| The Device Encryption Client component in Sophos SafeGuard Enterprise 6.0, when a volume-based encryption policy is enabled in conjunction with a user-defined key, does not properly block use of exFAT USB flash drives, which makes it easier for local users to bypass intended access restrictions and copy sensitive information to a drive via multiple removal and reattach operations. | ||||
| CVE-2012-4737 | 1 Digium | 2 Asterisk, Certified Asterisk | 2025-04-11 | N/A |
| channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials. | ||||