33 matches found
fprime 输入验证错误漏洞
fprime is an open-source flight software and embedded system framework developed by NASA. Versions of fprime prior to 4.2.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from boundary-checking use of U32 addition, which allowed overflow bypasses, and the...
EUVD-2025-8097
Malicious code in bioql PyPI...
EUVD-2025-8099
Malicious code in bioql PyPI...
EUVD-2025-8096
Malicious code in bioql PyPI...
CVE-2024-55029
NASA Fprime v3.4.3 was discovered to contain multiple cross-site scripting XSS vulnerabilities...
CVE-2024-55030
A command injection vulnerability in the Command Dispatcher Service of NASA Fprime v3.4.3 allows attackers to execute arbitrary commands...
CVE-2024-55028
A template injection vulnerability in the Dashboard of NASA Fprime v3.4.3 allows attackers to execute arbitrary code via uploading a crafted Vue file...
PYSEC-2025-116
A command injection vulnerability in the Command Dispatcher Service of NASA Fprime v3.4.3 allows attackers to execute arbitrary commands...
CVE-2024-55029
NASA Fprime v3.4.3 was discovered to contain multiple cross-site scripting XSS vulnerabilities...
CVE-2024-55030
A command injection vulnerability in the Command Dispatcher Service of NASA Fprime v3.4.3 allows attackers to execute arbitrary commands...
CVE-2024-55028
A template injection vulnerability in the Dashboard of NASA Fprime v3.4.3 allows attackers to execute arbitrary code via uploading a crafted Vue file...
PYSEC-2025-116
A command injection vulnerability in the Command Dispatcher Service of NASA Fprime v3.4.3 allows attackers to execute arbitrary commands...
PYSEC-2025-115
NASA Fprime v3.4.3 was discovered to contain multiple cross-site scripting XSS vulnerabilities...
PYSEC-2025-115
NASA Fprime v3.4.3 was discovered to contain multiple cross-site scripting XSS vulnerabilities...
PYSEC-2025-114
A template injection vulnerability in the Dashboard of NASA Fprime v3.4.3 allows attackers to execute arbitrary code via uploading a crafted Vue file...
fprime-ci (=0.0.1a1), fprime-fpy (>=0.0.1a1 <=0.3.2) +1 more potentially affected by CVE-2024-55029 via fprime-gds (>=4.2.1 <=4.2.2a1)
fprime-gds PYPI version =4.2.1, =0.0.1a1, =0.1.0, =0.1.3 Source cves: CVE-2024-55029 Source advisory: SNYK:PYTHON-FPRIMEGDS-9749311...
fprime-ci (=0.0.1a1), fprime-fpy (>=0.0.1a1 <=0.3.2) +1 more potentially affected by CVE-2024-55030 via fprime-gds (>=4.2.1 <=4.2.2a1)
fprime-gds PYPI version =4.2.1, =0.0.1a1, =0.1.0, =0.1.3 Source cves: CVE-2024-55030 Source advisory: SNYK:PYTHON-FPRIMEGDS-9749309...
Insecure Defaults
Overview fprime-gds is a F Prime Flight Software Ground Data System layer Affected versions of this package are vulnerable to Insecure Defaults by repeated invocation of sendcommand, which can overflow the queue and consume excessive memory. Remediation There is no fixed version for fprime-gds...
fprime-ci (=0.0.1a1), fprime-fpy (>=0.0.1a1 <=0.3.2) +1 more potentially affected by CVE-2024-55028 via fprime-gds (>=4.2.1 <=4.2.2a1)
fprime-gds PYPI version =4.2.1, =0.0.1a1, =0.1.0, =0.1.3 Source cves: CVE-2024-55028 Source advisory: SNYK:PYTHON-FPRIMEGDS-9749306...
CVE-2024-55030
A command injection vulnerability in the Command Dispatcher Service of NASA Fprime v3.4.3 allows attackers to execute arbitrary commands...