CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-6122 – Incorrect Default Directory Permissions for NI SystemLink Redis Service
https://notcve.org/view.php?id=CVE-2024-6122
22 Jul 2024 — An incorrect permission in the installation directory for the shared NI SystemLink Server KeyValueDatabase service may result in information disclosure via local access. This affects NI SystemLink Server 2024 Q1 and prior versions. It also affects NI FlexLogger 2023 Q2 and prior versions which installed this shared service. Un permiso incorrecto en el directorio de instalación para el servicio compartido NI SystemLink Server KeyValueDatabase puede resultar en la divulgación de información a través del acces... • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-default-directory-permissions-for-ni-systemlink-redis-service.html • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-4044 – Deserialization of Untrusted Data Vulnerability in FlexLogger and InstrumentStudio
https://notcve.org/view.php?id=CVE-2024-4044
10 May 2024 — A deserialization of untrusted data vulnerability exists in common code used by FlexLogger and InstrumentStudio that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects NI FlexLogger 2024 Q1 and prior versions as well as NI InstrumentStudio 2024 Q1 and prior versions. Existe una vulnerabilidad de deserialización de datos no confiables en el código común utilizado por FlexLogger e InstrumentStudio... • https://ni.com/r/CVE-2024-4044 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23612 – Improper Error Handling Issue in LabVIEW
https://notcve.org/view.php?id=CVE-2024-23612
11 Mar 2024 — An improper error handling vulnerability in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions. Una vulnerabilidad de manejo incorrecto de errores en LabVIEW puede resultar en la ejecución remota de código. La explotación exitosa requiere que un atacante proporcione al usuario un VI especialmente manipulado. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/improper-error-handling-issues-in-labview.html • CWE-755: Improper Handling of Exceptional Conditions CWE-1285: Improper Validation of Specified Index, Position, or Offset in Input •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23609 – Improper Error Handling Issue in LabVIEW
https://notcve.org/view.php?id=CVE-2024-23609
11 Mar 2024 — An improper error handling vulnerability in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions. Una vulnerabilidad de manejo incorrecto de errores en LabVIEW puede resultar en la ejecución remota de código. La explotación exitosa requiere que un atacante proporcione al usuario un VI especialmente manipulado. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/improper-error-handling-issues-in-labview.html • CWE-755: Improper Handling of Exceptional Conditions CWE-1285: Improper Validation of Specified Index, Position, or Offset in Input •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23611 – Out of Bounds Write Due to Missing Bounds Check in LabVIEW
https://notcve.org/view.php?id=CVE-2024-23611
11 Mar 2024 — An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions. Una escritura fuera de los límites debido a una verificación de los límites faltantes en LabVIEW puede resultar en la ejecución remota de código. La explotación exitosa requiere que un atacante proporcione al usuario un VI especialmente manipulado. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-write-due-to-missing-bounds-check-in-labview.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23610 – Out of Bounds Write Due to Missing Bounds Check in LabVIEW
https://notcve.org/view.php?id=CVE-2024-23610
11 Mar 2024 — An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions. Una escritura fuera de los límites debido a una verificación de los límites faltantes en LabVIEW puede resultar en la ejecución remota de código. La explotación exitosa requiere que un atacante proporcione al usuario un VI especialmente manipulado. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-write-due-to-missing-bounds-check-in-labview.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23608 – Out of Bounds Write Due to Missing Bounds Check in LabVIEW
https://notcve.org/view.php?id=CVE-2024-23608
11 Mar 2024 — An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions. Una escritura fuera de los límites debido a una verificación de los límites faltantes en LabVIEW puede resultar en la ejecución remota de código. La explotación exitosa requiere que un atacante proporcione al usuario un VI especialmente manipulado. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-write-due-to-missing-bounds-check-in-labview.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-1156 – NI FlexLogger RabbitMQ Incorrect Permission Assignment Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-1156
20 Feb 2024 — Incorrect directory permissions for the shared NI RabbitMQ service may allow a local authenticated user to read RabbitMQ configuration information and potentially enable escalation of privileges. Los permisos de directorio incorrectos para el servicio NI RabbitMQ compartido pueden permitir que un usuario autenticado local lea la información de configuración de RabbitMQ y potencialmente habilitar la escalada de privilegios. This vulnerability allows local attackers to escalate privileges on affected installa... • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html • CWE-276: Incorrect Default Permissions •
CVSS: 5.5EPSS: 0%CPEs: 64EXPL: 0CVE-2023-5136 – Incorrect Permission Assignment in the TopoGrafix DataPlugin for GPX
https://notcve.org/view.php?id=CVE-2023-5136
08 Nov 2023 — An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. An attacker could exploit this vulnerability by getting a user to open a specially crafted data file. Una asignación de permiso incorrecta en TopoGrafix DataPlugin para GPX podría resultar en la divulgación de información. Un atacante podría aprovechar esta vulnerabilidad haciendo que un usuario abra un archivo de datos especialmente manipulado. This vulnerability allows remote attackers to disclo... • https://www.ni.com/en/support/documentation/supplemental/23/incorrect-permission-assignment-in-the-topografix-dataplug-for-gpx.html • CWE-611: Improper Restriction of XML External Entity Reference CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32299 – WordPress Ni WooCommerce Sales Report plugin <= 3.7.3 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-32299
25 Oct 2023 — Missing Authorization vulnerability in anzia Ni WooCommerce Sales Report allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ni WooCommerce Sales Report: from n/a through 3.7.3. The Ni WooCommerce Sales Report plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajax_sales_order' function in versions up to, and including, 3.7.3. This makes it possible for authenticated attackers, with subscriber-level access and ab... • https://patchstack.com/database/wordpress/plugin/ni-woocommerce-sales-report/vulnerability/wordpress-ni-woocommerce-sales-report-plugin-3-7-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •