CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-7485
https://notcve.org/view.php?id=CVE-2020-7485
**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy support account in the TriStation software version v4.9.0 and earlier could cause improper access to the TriStation host machine. This was addressed in TriStation version v4.9.1 and v4.10.1 released on May 30, 2013.1 **VERSIÓN NO COMPATIBLE CUANDO SE ASIGNÓ** Una cuenta de soporte heredada en la versión v4.9.0 y anteriores del software TriStation podría causar un acceso inapropiado a la máquina host de TriStation. Esto fue abordado en TriStation versiones v4.9.1 y v4.10.1 publicadas en May 30, 2013.1 • https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01 https://www.se.com/ww/en/download/document/SESB-2020-105-01 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-7484
https://notcve.org/view.php?id=CVE-2020-7484
**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability with the former 'password' feature could allow a denial of service attack if the user is not following documented guidelines pertaining to dedicated TriStation connection and key-switch protection. This vulnerability was discovered and remediated in versions v4.9.1 and v4.10.1 on May 30, 2013. This feature is not present in version v4.9.1 and v4.10.1 through current. Therefore, the vulnerability is not present in these versions. **VERSIÓN NO COMPATIBLE CUANDO SE ASIGNÓ** Una vulnerabilidad con la antigua funcionalidad "password" podría permitir un ataque de denegación de servicio si el usuario no sigue las directrices documentadas relativas a la conexión de TriStation dedicada y a la protección key-switch. • https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01 https://www.se.com/ww/en/download/document/SESB-2020-105-01 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-7483
https://notcve.org/view.php?id=CVE-2020-7483
**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause certain data to be visible on the network when the 'password' feature is enabled. This vulnerability was discovered in and remediated in versions v4.9.1 and v4.10.1 on May 30, 2013. The 'password' feature is an additional optional check performed by TS1131 that it is connected to a specific controller. This data is sent as clear text and is visible on the network. This feature is not present in TriStation 1131 versions v4.9.1 and v4.10.1 through current. • https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01 https://www.se.com/ww/en/download/document/SESB-2020-105-01 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 5CVE-2011-5279
https://notcve.org/view.php?id=CVE-2011-5279
CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services (IIS) 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n (newline) character in an HTTP header. Vulnerabilidad de inyección CRLF en la implementación CGI en Microsoft Internet Information Services (IIS) 4.x y 5.x en Windows NT y Windows 2000 permite a atacantes remotos modificar variables de entorno en mayúsculas a través de una caracter \n (newline) en una cabecera HTTP. • http://hi.baidu.com/yuange1975/item/b2cc7141c22108e91e19bc2e http://seclists.org/fulldisclosure/2012/Apr/0 http://seclists.org/fulldisclosure/2012/Apr/13 http://seclists.org/fulldisclosure/2014/Apr/108 http://seclists.org/fulldisclosure/2014/Apr/128 http://seclists.org/fulldisclosure/2014/Apr/247 •
CVSS: 9.3EPSS: 15%CPEs: 2EXPL: 3CVE-2008-5232 – Microsoft Windows Media Services 'nskey.dll' 4.1 - ActiveX Control Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-5232
Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Media Services ActiveX control in nskey.dll 4.1.00.3917 in Windows Media Services on Microsoft Windows NT and 2000, and Avaya Media and Message Application servers, allows remote attackers to execute arbitrary code via a long argument. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Desbordamiento de búfer en el método CallHTMLHelp en el control ActiveX Microsoft Windows Media Services en nskey.dll 4.1.00.3917 en Windows Media Services en Microsoft Windows NT y 2000, y Avaya Media y Message Application servers, permite a atacantes remotos ejecutar código de su elección mediante un argumento largo. NOTA: el origen de esta información es desconocido; los detalles se han obtenido únicamente de información de terceros. • https://www.exploit-db.com/exploits/32294 http://packetstormsecurity.org/0808-exploits/wms-overflow.txt http://securitytracker.com/id?1020733 http://www.securityfocus.com/bid/30814 http://www.securityfocus.com/data/vulnerabilities/exploits/30814.html.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/44629 • CWE-787: Out-of-bounds Write •