56 matches found
CVE-2024-35061
NASA AIT-Core v2.5.2 was discovered to use unencrypted channels to exchange data over the network, allowing attackers to execute a man-in-the-middle attack. When chained with CVE-2024-35059, the CVE in subject leads to an unauthenticated, fully remote code execution...
CVE-2024-35056
NASA AIT-Core v2.5.2 was discovered to contain multiple SQL injection vulnerabilities via the querypackets and insert functions...
CVE-2024-35060
An issue in the YAML Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands via supplying a crafted YAML file...
CVE-2024-35059
An issue in the Pickle Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands...
CVE-2024-35057
An issue in NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via a crafted packet...
Remote Code Execution (RCE)
ait-core is vulnerable to Remote Code Execution RCE. The vulnerability is caused due to loading untrusted pickle files, allowing attackers to execute arbitrary code...
GHSA-JQFF-8G2V-642H NASA AIT-Core vulnerable to remote code execution
An issue in the Pickle Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands...
NASA AIT-Core vulnerable to remote code execution
An issue in the Pickle Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands...
ait-dsn (=2.0.0), ait-gui (>=2.0.0 <=2.4.1) potentially affected by CVE-2024-35061 via ait-core (>=2.3.5 <=2.5.2)
ait-core PYPI version =2.3.5, =2.0.0, =2.4.1 Source cves: CVE-2024-35061 Source advisory: OSV:GHSA-QV6X-53JJ-VW59...
ait-dsn (=2.0.0), ait-gui (>=2.0.0 <=2.4.1) potentially affected by CVE-2024-35059 +1 more via ait-core (>=2.3.5 <=2.5.2)
ait-core PYPI version =2.3.5, =2.0.0, =2.4.1 Source cves: CVE-2024-35059, CVE-2024-35061 Source advisory: OSV:GHSA-JQFF-8G2V-642H...
NASA AIT-Core uses unencrypted channels to exchange data over the network
NASA AIT-Core v2.5.2 was discovered to use unencrypted channels to exchange data over the network, allowing attackers to execute a man-in-the-middle attack...
GHSA-QV6X-53JJ-VW59 NASA AIT-Core uses unencrypted channels to exchange data over the network
NASA AIT-Core v2.5.2 was discovered to use unencrypted channels to exchange data over the network, allowing attackers to execute a man-in-the-middle attack...
CVE-2024-35061
NASA AIT-Core v2.5.2 was discovered to use unencrypted channels to exchange data over the network, allowing attackers to execute a man-in-the-middle attack. When chained with CVE-2024-35059, the CVE in subject leads to an unauthenticated, fully remote code execution...
CVE-2024-35060
An issue in the YAML Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands via supplying a crafted YAML file...
CVE-2024-35061
NASA AIT-Core v2.5.2 was discovered to use unencrypted channels to exchange data over the network, allowing attackers to execute a man-in-the-middle attack. When chained with CVE-2024-35059, the CVE in subject leads to an unauthenticated, fully remote code execution...
CVE-2024-35059
An issue in the Pickle Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands...
CVE-2024-35060
An issue in the YAML Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands via supplying a crafted YAML file...
CVE-2024-35059
An issue in the Pickle Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands...
NASA AIT-Core vulnerable to remote code execution
An issue in the API wait function of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via supplying a crafted string...
NASA AIT-Core vulnerable to remote code execution
An issue in NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via a crafted packet...