CVE-2024-6793 – Deserialization of Untrusted Data in NI VeriStand DataLogging Server
https://notcve.org/view.php?id=CVE-2024-6793
A deserialization of untrusted data vulnerability exists in NI VeriStand DataLogging Server that may result in remote code execution. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI VeriStand. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/deserialization-of-untrusted-data-vulnerabilities-in-ni-veristand.html • CWE-502: Deserialization of Untrusted Data •
CVE-2024-6791 – Directory Path Traversal Vulnerability in NI VeriStand with vsmodel Files
https://notcve.org/view.php?id=CVE-2024-6791
A directory path traversal vulnerability exists when loading a vsmodel file in NI VeriStand that may result in remote code execution. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI VeriStand. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/directory-path-traversal-vulnerability-in-ni-veristand-with-vsmodel-files.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2024-6675 – Deserialization of Untrusted Data Vulnerability in NI VeriStand Project File
https://notcve.org/view.php?id=CVE-2024-6675
A deserialization of untrusted data vulnerability exists in NI VeriStand that may result in remote code execution. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI VeriStand. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/deserialization-of-untrusted-data-vulnerability-in-ni-veristand-project-file.html • CWE-502: Deserialization of Untrusted Data •
CVE-2024-6121 – NI SystemLink Server Ships Out of Date Redis Version
https://notcve.org/view.php?id=CVE-2024-6121
An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/ni-systemlink-server-ships-out-of-date-redis-version.html • CWE-1395: Dependency on Vulnerable Third-Party Component •
CVE-2024-6885 – MaxiBlocks: 2200+ Patterns, 190 Pages, 14.2K Icons & 100 Styles <= 1.9.2 - Authenticated (Subscriber+) Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2024-6885
This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://plugins.trac.wordpress.org/browser/maxi-blocks/tags/1.9.2/core/class-maxi-image-crop.php#L100 https://plugins.trac.wordpress.org/browser/maxi-blocks/tags/1.9.2/core/class-maxi-image-crop.php#L42 https://plugins.trac.wordpress.org/browser/maxi-blocks/tags/1.9.2/plugin.php#L221 https://www.wordfence.com/threat-intel/vulnerabilities/id/249b08c5-7429-4690-9f08-fc3f049aa62c?source=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •