CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2024-23610 – Out of Bounds Write Due to Missing Bounds Check in LabVIEW
https://notcve.org/view.php?id=CVE-2024-23610
11 Mar 2024 — An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions. Una escritura fuera de los límites debido a una verificación de los límites faltantes en LabVIEW puede resultar en la ejecución remota de código. La explotación exitosa requiere que un atacante proporcione al usuario un VI especialmente manipulado. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-write-due-to-missing-bounds-check-in-labview.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2024-23608 – Out of Bounds Write Due to Missing Bounds Check in LabVIEW
https://notcve.org/view.php?id=CVE-2024-23608
11 Mar 2024 — An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions. Una escritura fuera de los límites debido a una verificación de los límites faltantes en LabVIEW puede resultar en la ejecución remota de código. La explotación exitosa requiere que un atacante proporcione al usuario un VI especialmente manipulado. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-write-due-to-missing-bounds-check-in-labview.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-1156 – NI FlexLogger RabbitMQ Incorrect Permission Assignment Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-1156
20 Feb 2024 — Incorrect directory permissions for the shared NI RabbitMQ service may allow a local authenticated user to read RabbitMQ configuration information and potentially enable escalation of privileges. Los permisos de directorio incorrectos para el servicio NI RabbitMQ compartido pueden permitir que un usuario autenticado local lea la información de configuración de RabbitMQ y potencialmente habilitar la escalada de privilegios. This vulnerability allows local attackers to escalate privileges on affected installa... • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html • CWE-276: Incorrect Default Permissions •
CVSS: 5.5EPSS: 0%CPEs: 64EXPL: 0CVE-2023-5136 – Incorrect Permission Assignment in the TopoGrafix DataPlugin for GPX
https://notcve.org/view.php?id=CVE-2023-5136
08 Nov 2023 — An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. An attacker could exploit this vulnerability by getting a user to open a specially crafted data file. Una asignación de permiso incorrecta en TopoGrafix DataPlugin para GPX podría resultar en la divulgación de información. Un atacante podría aprovechar esta vulnerabilidad haciendo que un usuario abra un archivo de datos especialmente manipulado. This vulnerability allows remote attackers to disclo... • https://www.ni.com/en/support/documentation/supplemental/23/incorrect-permission-assignment-in-the-topografix-dataplug-for-gpx.html • CWE-611: Improper Restriction of XML External Entity Reference CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32299 – WordPress Ni WooCommerce Sales Report plugin <= 3.7.3 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-32299
25 Oct 2023 — Missing Authorization vulnerability in anzia Ni WooCommerce Sales Report allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ni WooCommerce Sales Report: from n/a through 3.7.3. The Ni WooCommerce Sales Report plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajax_sales_order' function in versions up to, and including, 3.7.3. This makes it possible for authenticated attackers, with subscriber-level access and ab... • https://patchstack.com/database/wordpress/plugin/ni-woocommerce-sales-report/vulnerability/wordpress-ni-woocommerce-sales-report-plugin-3-7-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-4601 – Stack-based Buffer Overflow in NI System Configuration Software
https://notcve.org/view.php?id=CVE-2023-4601
18 Oct 2023 — A stack-based buffer overflow vulnerability exists in NI System Configuration that could result in information disclosure and/or arbitrary code execution. Successful exploitation requires that an attacker can provide a specially crafted response. This affects NI System Configuration 2023 Q3 and all previous versions. Existe una vulnerabilidad de desbordamiento del búfer basada en pila en NI System Configuration que podría resultar en la divulgación de información y/o la ejecución de código arbitrario. La ex... • https://www.ni.com/en/support/documentation/supplemental/23/stack-based-buffer-overflow-in-ni-system-configuration.html • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4570 – Improper Restriction in NI MeasurementLink Python Services
https://notcve.org/view.php?id=CVE-2023-4570
05 Oct 2023 — An improper access restriction in NI MeasurementLink Python services could allow an attacker on an adjacent network to reach services exposed on localhost. These services were previously thought to be unreachable outside of the node. This affects measurement plug-ins written in Python using version 1.1.0 of the ni-measurementlink-service Python package and all previous versions. Una restricción de acceso inadecuada en los servicios de NI MeasurementLink Python podría permitir que un atacante en una red adya... • https://www.ni.com/en/support/documentation/supplemental/23/improper-restriction-in-ni-measurementlink-python-services.html • CWE-420: Unprotected Alternate Channel •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42718
https://notcve.org/view.php?id=CVE-2022-42718
01 Dec 2022 — Incorrect default permissions in the installation folder for NI LabVIEW Command Line Interface (CLI) may allow an authenticated user to potentially enable escalation of privilege via local access. Los permisos predeterminados incorrectos en la carpeta de instalación para NI LabVIEW Command Line Interface (CLI) pueden permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a través del acceso local. • https://www.ni.com/en-us/support/documentation/supplemental/22/privilege-escalation-in-ni-labview-cli-.html • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35415
https://notcve.org/view.php?id=CVE-2022-35415
16 Sep 2022 — An improper input validation in NI System Configuration Manager before 22.5 may allow a privileged user to potentially enable escalation of privilege via local access. Una comprobación de entrada inapropiada en NI System Configuration Manager versiones anteriores a 22.5, puede permitir a un usuario privilegiado habilitar potencialmente una escalada de privilegios por medio de acceso local • https://ni.com • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0CVE-2022-27237
https://notcve.org/view.php?id=CVE-2022-27237
21 Apr 2022 — There is a cross-site scripting (XSS) vulnerability in an NI Web Server component installed with several NI products. Depending on the product(s) in use, remediation guidance includes: install SystemLink version 2021 R3 or later, install FlexLogger 2022 Q2 or later, install LabVIEW 2021 SP1, install G Web Development 2022 R1 or later, or install Static Test Software Suite version 1.2 or later. Se presenta una vulnerabilidad de tipo cross-site scripting (XSS) en un componente de NI Web Server instalado con v... • https://www.ni.com/en-us/support/documentation/supplemental/22/cross-site-scripting-vulnerability--in-ni-web-server-component.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •