CVSS: 4.3EPSS: %CPEs: 1EXPL: 0CVE-2023-32299 – Ni WooCommerce Sales Report <= 3.7.3 - Missing Authorization via ajax_sales_order
https://notcve.org/view.php?id=CVE-2023-32299
The Ni WooCommerce Sales Report plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajax_sales_order' function in versions up to, and including, 3.7.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to view sales and order reports. • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-4601 – Stack-based Buffer Overflow in NI System Configuration Software
https://notcve.org/view.php?id=CVE-2023-4601
A stack-based buffer overflow vulnerability exists in NI System Configuration that could result in information disclosure and/or arbitrary code execution. Successful exploitation requires that an attacker can provide a specially crafted response. This affects NI System Configuration 2023 Q3 and all previous versions. Existe una vulnerabilidad de desbordamiento del búfer basada en pila en NI System Configuration que podría resultar en la divulgación de información y/o la ejecución de código arbitrario. La explotación exitosa requiere que un atacante pueda proporcionar una respuesta especialmente manipulada. • https://www.ni.com/en/support/documentation/supplemental/23/stack-based-buffer-overflow-in-ni-system-configuration.html • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4570 – Improper Restriction in NI MeasurementLink Python Services
https://notcve.org/view.php?id=CVE-2023-4570
An improper access restriction in NI MeasurementLink Python services could allow an attacker on an adjacent network to reach services exposed on localhost. These services were previously thought to be unreachable outside of the node. This affects measurement plug-ins written in Python using version 1.1.0 of the ni-measurementlink-service Python package and all previous versions. Una restricción de acceso inadecuada en los servicios de NI MeasurementLink Python podría permitir que un atacante en una red adyacente acceda a servicios expuestos en localhost. Anteriormente se pensaba que estos servicios eran inalcanzables fuera del nodo. • https://www.ni.com/en/support/documentation/supplemental/23/improper-restriction-in-ni-measurementlink-python-services.html • CWE-420: Unprotected Alternate Channel •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42718
https://notcve.org/view.php?id=CVE-2022-42718
Incorrect default permissions in the installation folder for NI LabVIEW Command Line Interface (CLI) may allow an authenticated user to potentially enable escalation of privilege via local access. Los permisos predeterminados incorrectos en la carpeta de instalación para NI LabVIEW Command Line Interface (CLI) pueden permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a través del acceso local. • https://www.ni.com/en-us/support/documentation/supplemental/22/privilege-escalation-in-ni-labview-cli-.html • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35415
https://notcve.org/view.php?id=CVE-2022-35415
An improper input validation in NI System Configuration Manager before 22.5 may allow a privileged user to potentially enable escalation of privilege via local access. Una comprobación de entrada inapropiada en NI System Configuration Manager versiones anteriores a 22.5, puede permitir a un usuario privilegiado habilitar potencialmente una escalada de privilegios por medio de acceso local • https://ni.com https://www.ni.com/en-us/support/documentation/supplemental/22/privilege-escalation-in-ni-configuration-manager-.html • CWE-20: Improper Input Validation •