CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-7485
https://notcve.org/view.php?id=CVE-2020-7485
15 Apr 2020 — **VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy support account in the TriStation software version v4.9.0 and earlier could cause improper access to the TriStation host machine. This was addressed in TriStation version v4.9.1 and v4.10.1 released on May 30, 2013.1 **VERSIÓN NO COMPATIBLE CUANDO SE ASIGNÓ** Una cuenta de soporte heredada en la versión v4.9.0 y anteriores del software TriStation podría causar un acceso inapropiado a la máquina host de TriStation. Esto fue abordado en TriStation versiones v4.... • https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-7484
https://notcve.org/view.php?id=CVE-2020-7484
15 Apr 2020 — **VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability with the former 'password' feature could allow a denial of service attack if the user is not following documented guidelines pertaining to dedicated TriStation connection and key-switch protection. This vulnerability was discovered and remediated in versions v4.9.1 and v4.10.1 on May 30, 2013. This feature is not present in version v4.9.1 and v4.10.1 through current. Therefore, the vulnerability is not present in these versions. **VERSIÓN NO COMPATIBLE... • https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-7483
https://notcve.org/view.php?id=CVE-2020-7483
15 Apr 2020 — **VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause certain data to be visible on the network when the 'password' feature is enabled. This vulnerability was discovered in and remediated in versions v4.9.1 and v4.10.1 on May 30, 2013. The 'password' feature is an additional optional check performed by TS1131 that it is connected to a specific controller. This data is sent as clear text and is visible on the network. This feature is not present in TriStation 1131 versions v4.9.1 and v4.10.1 th... • https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 5CVE-2011-5279
https://notcve.org/view.php?id=CVE-2011-5279
23 Apr 2014 — CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services (IIS) 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n (newline) character in an HTTP header. Vulnerabilidad de inyección CRLF en la implementación CGI en Microsoft Internet Information Services (IIS) 4.x y 5.x en Windows NT y Windows 2000 permite a atacantes remotos modificar variables de entorno en mayúsculas a través de una caract... • http://hi.baidu.com/yuange1975/item/b2cc7141c22108e91e19bc2e •
CVSS: 9.8EPSS: 28%CPEs: 2EXPL: 3CVE-2008-5232 – Microsoft Windows Media Services 'nskey.dll' 4.1 - ActiveX Control Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-5232
26 Nov 2008 — Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Media Services ActiveX control in nskey.dll 4.1.00.3917 in Windows Media Services on Microsoft Windows NT and 2000, and Avaya Media and Message Application servers, allows remote attackers to execute arbitrary code via a long argument. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Desbordamiento de búfer en el método CallHTMLHelp en el control ActiveX Microsoft Windows Med... • https://www.exploit-db.com/exploits/32294 • CWE-787: Out-of-bounds Write •
CVSS: 6.2EPSS: 1%CPEs: 6EXPL: 1CVE-2008-2326 – Apple Bonjour for Windows 1.0.4 - mDNSResponder Null Pointer Dereference Denial of Service
https://notcve.org/view.php?id=CVE-2008-2326
10 Sep 2008 — mDNSResponder in the Bonjour Namespace Provider in Apple Bonjour for Windows before 1.0.5 allows attackers to cause a denial of service (NULL pointer dereference and application crash) by resolving a crafted .local domain name that contains a long label. mDNSResponder de Bonjour Namespace Provider en Apple Bonjour para Windows versiones anteriores a la 1.0.5, permite a atacantes provocar una denegación de servicio (puntero NULO sin referencia y caída de aplicación) resolviendo un nombre de dominio .local ma... • https://www.exploit-db.com/exploits/32350 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 10%CPEs: 23EXPL: 0CVE-2008-3614
https://notcve.org/view.php?id=CVE-2008-3614
10 Sep 2008 — Integer overflow in Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, which triggers heap corruption. Desbordamiento de entero en Apple QuickTime anterior 7.5.5 sobre Windows, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de aplicación) a través de una imagen PICT manipulada que lanza un corrupción de montículo (heap). • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=744 • CWE-189: Numeric Errors •
CVSS: 8.8EPSS: 1%CPEs: 31EXPL: 0CVE-2008-3624
https://notcve.org/view.php?id=CVE-2008-3624
10 Sep 2008 — Heap-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie file with crafted panorama atoms. Desbordamiento de búfer basado en montículo en Apple Quicktime anterior a 7.7.5 permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de aplicación)a través de una película QuickTime Virtual Reality (QTVR)con átomos panorama ... • http://lists.apple.com/archives/security-announce//2008/Sep/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 2%CPEs: 37EXPL: 0CVE-2008-3629
https://notcve.org/view.php?id=CVE-2008-3629
10 Sep 2008 — Apple QuickTime before 7.5.5 allows remote attackers to cause a denial of service (application crash) via a crafted PICT image that triggers an out-of-bounds read. Apple QuickTime anterior a 7.5.5 , permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación), a través de una imagen PICT manipulada que induce una lectura fuera de rango. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 0CVE-2008-3630
https://notcve.org/view.php?id=CVE-2008-3630
10 Sep 2008 — mDNSResponder in Apple Bonjour for Windows before 1.0.5, when an application uses the Bonjour API for unicast DNS, does not choose random values for transaction IDs or source ports in DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. mDNSResponder en Apple Bonjour para Windows anterior a 1.0.5, cuando una aplicación usa la API Bonjour para DNS unicast, no escoge valores aleatorios para las transacciones IDs u origen de puertos en l... • http://lists.apple.com/archives/security-announce//2008/Sep/msg00002.html •