CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4081 – Memory Corruption Due to Improper Length Check in NI LabVIEW
https://notcve.org/view.php?id=CVE-2024-4081
A memory corruption issue due to an improper length check in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects NI LabVIEW 2024 Q1 and prior versions. Un problema de corrupción de memoria debido a una verificación de longitud inadecuada en NI LabVIEW puede revelar información o resultar en la ejecución de código arbitrario. La explotación exitosa requiere que un atacante proporcione al usuario un VI especialmente manipulado. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/memory-corruption-issues-due-to-improper-length-checks-in-labview.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4080 – Memory Corruption Due to Improper Length Checks in LabVIEW tdcore.dll
https://notcve.org/view.php?id=CVE-2024-4080
A memory corruption issue due to an improper length check in LabVIEW tdcore.dll may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions. Un problema de corrupción de memoria debido a una verificación de longitud incorrecta en LabVIEW tdcore.dll puede revelar información o resultar en la ejecución de código arbitrario. La explotación exitosa requiere que un atacante proporcione al usuario un VI especialmente manipulado. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/memory-corruption-issues-due-to-improper-length-checks-in-labview.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4079 – Out of Bounds Read Due to Missing Bounds Check in LabVIEW
https://notcve.org/view.php?id=CVE-2024-4079
An out of bounds read due to a missing bounds check in LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions. Una lectura fuera de los límites debido a una verificación de límites faltantes en LabVIEW puede revelar información o resultar en la ejecución de código arbitrario. La explotación exitosa requiere que un atacante proporcione al usuario un VI especialmente manipulado. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-read-due-to-missing-bounds-check-in-labview.html • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5602 – Stack-based Buffer Overflow Vulnerability in NI I/O Trace Tool
https://notcve.org/view.php?id=CVE-2024-5602
A stack-based buffer overflow vulnerability due to a missing bounds check in the NI I/O Trace Tool may result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted nitrace file. The NI I/O Trace tool is installed as part of the NI System Configuration utilities included with many NI software products.? Refer to the NI Security Advisory for identifying the version of NI IO Trace.exe installed. The NI I/O Trace tool was also previously released as NI Spy. Una vulnerabilidad de desbordamiento de búfer en la región stack de la memoria debido a una verificación de límites faltantes en NI I/O Trace Tool puede resultar en la ejecución de código arbitrario. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/stack-based-buffer-overflow-vulnerability-in-ni-io-trace-tool.html • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6806 – Missing Authorization Checks In NI VeriStand Gateway For Project Resources
https://notcve.org/view.php?id=CVE-2024-6806
The NI VeriStand Gateway is missing authorization checks when an actor attempts to access Project resources. These missing checks may result in remote code execution. This affects NI VeriStand 2024 Q2 and prior versions. A NI VeriStand Gateway le faltan verificaciones de autorización cuando un actor intenta acceder a los recursos del Proyecto. Estas comprobaciones faltantes pueden provocar la ejecución remota de código. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/missing-authorization-checks-in-ni-veristand-gateway.html • CWE-862: Missing Authorization •