2 results (0.002 seconds)

CVSS: 5.5EPSS: 0%CPEs: 64EXPL: 0

CVE-2023-5136 – Incorrect Permission Assignment in the TopoGrafix DataPlugin for GPX

https://notcve.org/view.php?id=CVE-2023-5136

08 Nov 2023 — An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. An attacker could exploit this vulnerability by getting a user to open a specially crafted data file. Una asignación de permiso incorrecta en TopoGrafix DataPlugin para GPX podría resultar en la divulgación de información. Un atacante podría aprovechar esta vulnerabilidad haciendo que un usuario abra un archivo de datos especialmente manipulado. This vulnerability allows remote attackers to disclo... • https://www.ni.com/en/support/documentation/supplemental/23/incorrect-permission-assignment-in-the-topografix-dataplug-for-gpx.html • CWE-611: Improper Restriction of XML External Entity Reference CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0

CVE-2022-27237

https://notcve.org/view.php?id=CVE-2022-27237

21 Apr 2022 — There is a cross-site scripting (XSS) vulnerability in an NI Web Server component installed with several NI products. Depending on the product(s) in use, remediation guidance includes: install SystemLink version 2021 R3 or later, install FlexLogger 2022 Q2 or later, install LabVIEW 2021 SP1, install G Web Development 2022 R1 or later, or install Static Test Software Suite version 1.2 or later. Se presenta una vulnerabilidad de tipo cross-site scripting (XSS) en un componente de NI Web Server instalado con v... • https://www.ni.com/en-us/support/documentation/supplemental/22/cross-site-scripting-vulnerability--in-ni-web-server-component.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •