Vulnerabilities > NI
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-21 | CVE-2022-27237 | Cross-site Scripting vulnerability in NI products There is a cross-site scripting (XSS) vulnerability in an NI Web Server component installed with several NI products. | 6.1 |
| 2021-11-12 | CVE-2021-42563 | Unquoted Search Path or Element vulnerability in NI Service Locator There is an Unquoted Service Path in NI Service Locator (nisvcloc.exe) in versions prior to 18.0 on Windows. | 7.8 |
| 2021-09-17 | CVE-2021-38304 | Improper Input Validation vulnerability in NI Ni-Pal 20.0.0 Improper input validation in the National Instruments NI-PAL driver in versions 20.0.0 and prior may allow a privileged user to potentially enable escalation of privilege via local access. | 7.8 |
| 2020-12-11 | CVE-2020-25191 | Incorrect Permission Assignment for Critical Resource vulnerability in NI Compactrio Firmware Incorrect permissions are set by default for an API entry-point of a specific service, allowing a non-authenticated user to trigger a function that could reboot the CompactRIO (Driver versions prior to 20.5) remotely. | 7.5 |
| 2017-09-05 | CVE-2017-2779 | Out-of-bounds Write vulnerability in NI Labview An exploitable memory corruption vulnerability exists in the RSRC segment parsing functionality of LabVIEW 2017, LabVIEW 2016, LabVIEW 2015, and LabVIEW 2014. | 7.8 |
| 2017-03-31 | CVE-2017-2775 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in NI Labview 16.0.0.49152 An exploitable memory corruption vulnerability exists in the LvVariantUnflatten functionality in 64-bit versions of LabVIEW before 2015 SP1 f7 Patch and 2016 before f2 Patch. | 7.8 |