CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24846 – Ni WooCommerce Custom Order Status < 1.9.7 - Subscriber+ SQL Injection
https://notcve.org/view.php?id=CVE-2021-24846
22 Nov 2021 — The get_query() function of the Ni WooCommerce Custom Order Status WordPress plugin before 1.9.7, used by the niwoocos_ajax AJAX action, available to all authenticated users, does not properly sanitise the sort parameter before using it in a SQL statement, leading to an SQL injection, exploitable by any authenticated users, such as subscriber La función get_query() del plugin Ni WooCommerce Custom Order Status de WordPress versiones anteriores a 1.9.7, usada por la acción AJAX niwoocos_ajax, disponible para... • https://wpscan.com/vulnerability/a1e7cd2b-8400-4c5d-8b47-a8ccd1e21675 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-42563
https://notcve.org/view.php?id=CVE-2021-42563
12 Nov 2021 — There is an Unquoted Service Path in NI Service Locator (nisvcloc.exe) in versions prior to 18.0 on Windows. This may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges. Se presenta una ruta de servicio no citada en el localizador de servicios de NI (nisvcloc.exe) en versiones anteriores a 18.0 en Windows. Esto puede permitir a un usuario local autorizado insertar código arbitrario en la ruta de servicio no citada y escalar privilegios • https://www.ni.com/en-us/support/documentation/supplemental/21/unquoted-service-path-in-ni-service-locator.html • CWE-428: Unquoted Search Path or Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38304
https://notcve.org/view.php?id=CVE-2021-38304
17 Sep 2021 — Improper input validation in the National Instruments NI-PAL driver in versions 20.0.0 and prior may allow a privileged user to potentially enable escalation of privilege via local access. Una comprobación de entrada inapropiada en National Instruments NI-PAL driver en versiones 20.0.0 y anteriores, puede permitir a un usuario privilegiado permita potencialmente una escalada de privilegios por medio de acceso local • https://www.ni.com/en-us/support/documentation/supplemental/21/improper-input-validation-in-ni-pal.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-25191
https://notcve.org/view.php?id=CVE-2020-25191
11 Dec 2020 — Incorrect permissions are set by default for an API entry-point of a specific service, allowing a non-authenticated user to trigger a function that could reboot the CompactRIO (Driver versions prior to 20.5) remotely. Unos permisos incorrectos son establecidos por defecto para un punto de entrada de la API de un servicio específico, permitiendo a un usuario no autenticado activar una función que podría reiniciar el CompactRIO remotamente (Driver versiones anteriores a 20.5) • https://us-cert.cisa.gov/ics/advisories/icsa-20-338-01 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5570
https://notcve.org/view.php?id=CVE-2020-5570
28 Apr 2020 — Cross-site scripting vulnerability in Sales Force Assistant version 11.2.48 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de tipo Cross-site scripting en Sales Force Assistant versiones anteriores a 11.2.48, permite a atacantes autenticados remotamente inyectar script web o HTML arbitrario por medio de vectores no especificados. • http://jvn.jp/en/jp/JVN47668991/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 2CVE-2017-2779
https://notcve.org/view.php?id=CVE-2017-2779
05 Sep 2017 — An exploitable memory corruption vulnerability exists in the RSRC segment parsing functionality of LabVIEW 2017, LabVIEW 2016, LabVIEW 2015, and LabVIEW 2014. A specially crafted Virtual Instrument (VI) file can cause an attacker controlled looping condition resulting in an arbitrary null write. An attacker controlled VI file can be used to trigger this vulnerability and can potentially result in code execution. Existe una vulnerabilidad de corrupción de memoria explotable en la funcionalidad de análisis de... • http://www.ni.com/product-documentation/54099/en • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-2775
https://notcve.org/view.php?id=CVE-2017-2775
31 Mar 2017 — An exploitable memory corruption vulnerability exists in the LvVariantUnflatten functionality in 64-bit versions of LabVIEW before 2015 SP1 f7 Patch and 2016 before f2 Patch. A specially crafted VI file can cause a user controlled value to be used as a loop terminator resulting in internal heap corruption. An attacker controlled VI file can be used to trigger this vulnerability, exploitation could lead to remote code execution. Existe una vulnerabilidad de corrupción de memoria explotable en la funcionalida... • http://www.ni.com/product-documentation/53778/en • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.2EPSS: 0%CPEs: 6EXPL: 0CVE-2013-5025
https://notcve.org/view.php?id=CVE-2013-5025
06 Aug 2013 — An ActiveX control in exlauncher.dll in the Help subsystem in National Instruments LabWindows/CVI before 2013 allows remote attackers to cause a denial of service by triggering the display of local example files. Vulnerabilidad sin especificar en un control ActiveX en el subsistema Help en National Instruments LabWindows/CVI anterior a v2013 tiene un impacto y vectores de ataque desconocidos. • http://digital.ni.com/public.nsf/allkb/493D011EE5C305FD86257BCF006C8540?OpenDocument •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2013-5023
https://notcve.org/view.php?id=CVE-2013-5023
06 Aug 2013 — The ActiveX controls in the HelpAsst component in NI Help Links in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allow remote attackers to cause a denial of service by triggering the display of local .chm files. Vulnerabilidad sin especificar en un control ActiveX en el componente HelpAsst en NI Help Links in National Instruments LabWindows/CVI, LabVIEW, y otros productos, tiene un impacto desconocido y vectores de ataque remotos. • http://digital.ni.com/public.nsf/allkb/E6BC4F119D49A97A86257BD3004FE019?OpenDocument •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2013-5024
https://notcve.org/view.php?id=CVE-2013-5024
06 Aug 2013 — An ActiveX control in NationalInstruments.Help2.dll in National Instruments NI .NET Class Library Help, as used in Measurement Studio 2013 and earlier and other products, allows remote attackers to obtain sensitive information about the existence of registry keys via crafted (1) key-open or (2) key-close method calls. Vulnerabilidad sin especificar en un control ActiveX en NationalInstruments.Help2.dll en National Instruments NI .NET Class Library Help tiene un impacto y vectores de ataque desconocidos. • http://digital.ni.com/public.nsf/allkb/548965C170D6AA2586257BD3004B146B?OpenDocument •