Vulnerabilities > NI > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-22 | CVE-2024-6122 | Incorrect Default Permissions vulnerability in NI Flexlogger and Systemlink An incorrect permission in the installation directory for the shared NI SystemLink Server KeyValueDatabase service may result in information disclosure via local access. | 5.5 |
| 2023-11-08 | CVE-2023-5136 | Incorrect Permission Assignment for Critical Resource vulnerability in NI products An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. | 5.5 |
| 2022-04-21 | CVE-2022-27237 | Cross-site Scripting vulnerability in NI products There is a cross-site scripting (XSS) vulnerability in an NI Web Server component installed with several NI products. | 4.3 |
| 2021-11-12 | CVE-2021-42563 | Unquoted Search Path or Element vulnerability in NI Service Locator There is an Unquoted Service Path in NI Service Locator (nisvcloc.exe) in versions prior to 18.0 on Windows. | 4.6 |
| 2021-09-17 | CVE-2021-38304 | Improper Input Validation vulnerability in NI Ni-Pal 20.0.0 Improper input validation in the National Instruments NI-PAL driver in versions 20.0.0 and prior may allow a privileged user to potentially enable escalation of privilege via local access. | 4.6 |
| 2017-09-05 | CVE-2017-2779 | Out-of-bounds Write vulnerability in NI Labview An exploitable memory corruption vulnerability exists in the RSRC segment parsing functionality of LabVIEW 2017, LabVIEW 2016, LabVIEW 2015, and LabVIEW 2014. | 6.8 |
| 2017-03-31 | CVE-2017-2775 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in NI Labview 16.0.0.49152 An exploitable memory corruption vulnerability exists in the LvVariantUnflatten functionality in 64-bit versions of LabVIEW before 2015 SP1 f7 Patch and 2016 before f2 Patch. | 6.8 |
| 2013-08-06 | CVE-2013-5025 | Security vulnerability in National Instruments LabWindows/CVI An ActiveX control in exlauncher.dll in the Help subsystem in National Instruments LabWindows/CVI before 2013 allows remote attackers to cause a denial of service by triggering the display of local example files. network ni | 4.3 |
| 2013-08-06 | CVE-2013-5024 | Unspecified vulnerability in NI Measurementstudio 2013 An ActiveX control in NationalInstruments.Help2.dll in National Instruments NI .NET Class Library Help, as used in Measurement Studio 2013 and earlier and other products, allows remote attackers to obtain sensitive information about the existence of registry keys via crafted (1) key-open or (2) key-close method calls. network ni | 4.3 |
| 2013-08-06 | CVE-2013-5023 | Unspecified vulnerability in NI products The ActiveX controls in the HelpAsst component in NI Help Links in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allow remote attackers to cause a denial of service by triggering the display of local .chm files. network ni | 4.3 |