26 matches found
CVE-2024-35061
NASA AIT-Core v2.5.2 was discovered to use unencrypted channels to exchange data over the network, allowing attackers to execute a man-in-the-middle attack. When chained with CVE-2024-35059, the CVE in subject leads to an unauthenticated, fully remote code execution...
CVE-2024-35056
NASA AIT-Core v2.5.2 was discovered to contain multiple SQL injection vulnerabilities via the querypackets and insert functions...
CVE-2024-35060
An issue in the YAML Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands via supplying a crafted YAML file...
GHSA-JQFF-8G2V-642H NASA AIT-Core vulnerable to remote code execution
An issue in the Pickle Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands...
GHSA-QV6X-53JJ-VW59 NASA AIT-Core uses unencrypted channels to exchange data over the network
NASA AIT-Core v2.5.2 was discovered to use unencrypted channels to exchange data over the network, allowing attackers to execute a man-in-the-middle attack...
CVE-2024-35061
NASA AIT-Core v2.5.2 was discovered to use unencrypted channels to exchange data over the network, allowing attackers to execute a man-in-the-middle attack. When chained with CVE-2024-35059, the CVE in subject leads to an unauthenticated, fully remote code execution...
CVE-2024-35060
An issue in the YAML Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands via supplying a crafted YAML file...
CVE-2024-35059
An issue in the Pickle Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands...
CVE-2024-35061
NASA AIT-Core v2.5.2 was discovered to use unencrypted channels to exchange data over the network, allowing attackers to execute a man-in-the-middle attack. When chained with CVE-2024-35059, the CVE in subject leads to an unauthenticated, fully remote code execution...
CVE-2024-35060
An issue in the YAML Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands via supplying a crafted YAML file...
GHSA-GPGJ-XRGW-8MX2 NASA AIT-Core vulnerable to SQL Injection
NASA AIT-Core v2.5.2 was discovered to contain multiple SQL injection vulnerabilities via the querypackets and insert functions...
CVE-2024-35056
NASA AIT-Core v2.5.2 was discovered to contain multiple SQL injection vulnerabilities via the querypackets and insert functions...
CVE-2024-35056
NASA AIT-Core v2.5.2 was discovered to contain multiple SQL injection vulnerabilities via the querypackets and insert functions...
CVE-2024-35058
An issue in the API wait function of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via supplying a crafted string...
CVE-2024-35059
CVE-2024-35059 affects NASA AIT-Core v2.5.2 and its Pickle-based processing. Red Hat entries describe an unencrypted network channel enabling a man-in-the-middle, which when chained with CVE-2024-35059 results in unauthenticated, fully remote code execution. The core issue is the use of Pickle wi...
CVE-2024-35057
An issue in NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via a crafted packet...
CVE-2024-35058
An issue in the API wait function of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via supplying a crafted string...
CVE-2024-35056
CVE-2024-35056 affects NASA AIT-Core v2.5.2 with multiple SQL injection vulnerabilities in the query_packets and insert functions. The issue is documented across multiple sources (Red Hat, GHSA, OSV, NVD/CVE, and PT-Security) with a high-severity CVSS v3.1 base score of 9.8 (Critical) and network...
CVE-2024-35057
NASA AIT-Core v2.5.2 is affected by CVE-2024-35057, with the issue allowing arbitrary code execution via a crafted packet. The advisory sources from NVD/Red Hat/GHSA/osv indicate the vulnerability resides in the NASA AIT-Core component and implies a high-impact scenario (base CVSS v3.1: 7.5, high...
CVE-2024-35059
An issue in the Pickle Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands...