Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ni system configuration vulnerabilities and exploits

(subscribe to this query)
NA
CVE-2024-1156
Incorrect directory permissions for the shared NI RabbitMQ service may allow a local authenticated user to read RabbitMQ configuration information and potentially enable escalation of privileges.
NA
CVE-2023-4601
A stack-based buffer overflow vulnerability exists in NI System Configuration that could result in information disclosure and/or arbitrary code execution. Successful exploitation requires that an attacker can provide a specially crafted response. This affects NI System Configurat...
Ni System ConfigurationNi System Configuration 2023
NA
CVE-2022-4304
A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of ...
Openssl OpensslStormshield Stormshield Network SecurityStormshield Endpoint SecurityStormshield Sslvpn
NA
CVE-2022-35415
An improper input validation in NI System Configuration Manager prior to 22.5 may allow a privileged user to potentially enable escalation of privilege via local access.
Ni Configuration Manager
5
CVSSv2
CVE-2022-2097
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of...
Openssl OpensslFedoraproject Fedora 35Fedoraproject Fedora 36Netapp Clustered Data Ontap Antivirus Connector -Netapp Active Iq Unified Manager -Netapp H300s Firmware -Netapp H500s Firmware -Netapp H700s Firmware -Netapp H410s Firmware -Netapp H410c Firmware -Siemens Sinec Ins 1.0Siemens Sinec InsDebian Debian Linux 10.0Debian Debian Linux 11.0
10
CVSSv2
CVE-2022-1292
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the ...
Openssl OpensslDebian Debian Linux 9.0Debian Debian Linux 10.0Debian Debian Linux 11.0Netapp Santricity Smi-s Provider -Netapp Snapcenter -Netapp Oncommand Workflow Automation -Netapp Oncommand Insight -Netapp Clustered Data Ontap -Netapp Smi-s Provider -Netapp Clustered Data Ontap Antivirus Connector -Netapp Solidfire \\& Hci Management Node -Netapp Active Iq Unified Manager -Netapp Solidfire\\, Enterprise Sds \\& Hci Storage Node -Netapp Snapmanager -Netapp A700s Firmware -Netapp H300s Firmware -Netapp H500s Firmware -Netapp H700s Firmware -Netapp H300e Firmware -Netapp H500e Firmware -Netapp H700e Firmware -
5
CVSSv2
CVE-2022-0778
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curv...
Openssl OpensslDebian Debian Linux 9.0Debian Debian Linux 10.0Debian Debian Linux 11.0Netapp Santricity Smi-s Provider -Netapp Storagegrid -Netapp Clustered Data Ontap -Netapp Clustered Data Ontap Antivirus Connector -Netapp Cloud Volumes Ontap Mediator -Netapp A250 Firmware -Netapp 500f Firmware -Fedoraproject Fedora 34Fedoraproject Fedora 36Tenable NessusMariadb MariadbNodejs Node.js
5.8
CVSSv2
CVE-2021-3712
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated...
Openssl OpensslDebian Debian Linux 9.0Debian Debian Linux 10.0Debian Debian Linux 11.0Netapp Santricity Smi-s Provider -Netapp Clustered Data Ontap -Netapp Clustered Data Ontap Antivirus Connector -Netapp Solidfire -Netapp Hci Management Node -Netapp Manageability Software Development Kit -Netapp Storage Encryption -Netapp E-series Santricity Os ControllerMcafee Epolicy Orchestrator 5.10.0Mcafee Epolicy OrchestratorTenable Tenable.scTenable Nessus Network MonitorOracle Peoplesoft Enterprise Peopletools 8.57Oracle Peoplesoft Enterprise Peopletools 8.58Oracle Zfs Storage Appliance Kit 8.8Oracle Peoplesoft Enterprise Peopletools 8.59Oracle Mysql ServerOracle Mysql Workbench
4.3
CVSSv2
CVE-2021-3449
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_ce...
Openssl OpensslDebian Debian Linux 9.0Debian Debian Linux 10.0Freebsd Freebsd 12.2Netapp Santricity Smi-s Provider -Netapp Snapcenter -Netapp Oncommand Workflow Automation -Netapp Storagegrid -Netapp Oncommand Insight -Netapp Ontap Select Deploy Administration Utility -Netapp Active Iq Unified Manager -Netapp Cloud Volumes Ontap Mediator -Netapp E-series Performance Analyzer -Tenable Tenable.scTenable NessusTenable Nessus Network Monitor 5.11.1Tenable Nessus Network Monitor 5.12.0Tenable Nessus Network Monitor 5.12.1Tenable Nessus Network Monitor 5.13.0Tenable Nessus Network Monitor 5.11.0Tenable Log Correlation EngineFedoraproject Fedora 34
5
CVSSv2
CVE-2021-23840
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be...
Openssl OpensslDebian Debian Linux 10.0Tenable Nessus Network Monitor 5.11.1Tenable Nessus Network Monitor 5.12.0Tenable Nessus Network Monitor 5.12.1Tenable Nessus Network Monitor 5.13.0Tenable Nessus Network Monitor 5.11.0Tenable Log Correlation EngineOracle Business Intelligence 12.2.1.3.0Oracle Jd Edwards World Security A9.4Oracle Business Intelligence 12.2.1.4.0Oracle Business Intelligence 5.5.0.0.0Oracle Enterprise Manager For Storage Management 13.4.0.0Oracle Enterprise Manager Ops Center 12.4.0.0Oracle Graalvm 20.3.1.2Oracle Graalvm 21.0.0.2Oracle Graalvm 19.3.5Oracle Mysql ServerOracle Nosql DatabaseOracle Jd Edwards Enterpriseone ToolsOracle Business Intelligence 5.9.0.0.0Oracle Communications Cloud Native Core Policy 1.15.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereferenceCVE-2023-52689CVE-2024-23803client sideCVE-2023-52696information disclosureCVE-2024-35843CVE-2024-27130CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook