Lucene search

K

Nasa Security Vulnerabilities

cve
cve

CVE-2023-45885

Cross Site Scripting (XSS) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to run arbitrary code via the new component feature in the flexibleLayout...

5.4CVSS

5.3AI Score

0.0004EPSS

2023-11-09 05:15 PM
11
cve
cve

CVE-2023-45884

Cross Site Request Forgery (CSRF) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to view sensitive information via the flexibleLayout...

6.5CVSS

6.3AI Score

0.001EPSS

2023-11-09 05:15 PM
11
cve
cve

CVE-2018-3848

In the ffghbn function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code...

8.8CVSS

8.8AI Score

0.004EPSS

2018-04-16 04:29 PM
37
cve
cve

CVE-2018-3846

In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code...

8.8CVSS

8.8AI Score

0.009EPSS

2018-04-16 04:29 PM
32
cve
cve

CVE-2018-3849

In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code...

8.8CVSS

8.8AI Score

0.004EPSS

2018-04-16 04:29 PM
35
cve
cve

CVE-2023-45282

In NASA Open MCT (aka openmct) before 3.1.0, prototype pollution can occur via an import...

7.5CVSS

7.5AI Score

0.001EPSS

2023-10-06 07:15 PM
29
cve
cve

CVE-2018-3847

Multiple exploitable buffer overflow vulnerabilities exist in image parsing functionality of the CFITSIO library version 3.42. Specially crafted images parsed via the library, can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this...

8.8CVSS

9.1AI Score

0.004EPSS

2018-08-01 07:29 PM
33
cve
cve

CVE-2009-2850

Multiple buffer overflows in NASA Common Data Format (CDF) allow context-dependent attackers to execute arbitrary code, as demonstrated using (1) an array index error in the ReadAEDRList64 function, and other errors in the (2) SearchForRecord_r_64, (3) LastRecord64, (4) CDFsel64, and other...

7.5AI Score

0.002EPSS

2022-10-03 04:24 PM
22
cve
cve

CVE-2022-23053

Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Condition Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later...

6.1CVSS

6AI Score

0.001EPSS

2022-02-20 07:15 PM
72
cve
cve

CVE-2022-23054

Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Summary Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later...

6.1CVSS

6AI Score

0.001EPSS

2022-02-20 07:15 PM
87
cve
cve

CVE-2022-22126

Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Web Page” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later...

6.1CVSS

6AI Score

0.001EPSS

2022-02-20 07:15 PM
97
cve
cve

CVE-2019-1010060

NASA CFITSIO prior to 3.43 is affected by: Buffer Overflow. The impact is: arbitrary code execution. The component is: over 40 source code files were changed. The attack vector is: remote unauthenticated attacker. The fixed version is: 3.43. NOTE: this CVE refers to the issues not covered by...

9.8CVSS

8.9AI Score

0.011EPSS

2019-07-16 01:15 PM
55
cve
cve

CVE-2018-1000045

NASA Singledop version v1.0 contains a CWE-502 vulnerability in NASA Singledop library (Weather data) that can result in remote code execution. This attack appear to be exploitable via Victim opening a specially crafted radar data file. This vulnerability appears to have been fixed in...

7.8CVSS

7.9AI Score

0.003EPSS

2018-02-09 11:29 PM
21
cve
cve

CVE-2018-1000046

NASA Pyblock version v1.0 - v1.3 contains a CWE-502 vulnerability in Radar data parsing library that can result in remote code execution. This attack appear to be exploitable via Victim opening a specially crafted radar data file. This vulnerability appears to have been fixed in...

7.8CVSS

7.9AI Score

0.004EPSS

2018-02-09 11:29 PM
17
cve
cve

CVE-2018-1000048

NASA RtRetrievalFramework version v1.0 contains a CWE-502 vulnerability in Data retrieval functionality of RtRetrieval framework that can result in remote code execution. This attack appear to be exploitable via Victim tries to retrieve and process a weather data...

8.8CVSS

8.8AI Score

0.004EPSS

2018-02-09 11:29 PM
16
cve
cve

CVE-2018-1000047

NASA Kodiak version v1.0 contains a CWE-502 vulnerability in Kodiak library's data processing function that can result in remote code execution. This attack appear to be exploitable via Victim opens an untrusted file for optimization using Kodiak...

8.8CVSS

8.9AI Score

0.004EPSS

2018-02-09 11:29 PM
20
cve
cve

CVE-2014-7113

The NASA Universe Wallpapers Xeus (aka com.xeusNASA) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...

6AI Score

0.0005EPSS

2014-10-19 10:55 AM
13
cve
cve

CVE-2008-2542

Stack-based buffer overflow in the getline function in Ppm/ppm.C in NASA Ames Research Center BigView 1.8 allows user-assisted remote attackers to execute arbitrary code via a crafted PNM...

7.7AI Score

0.14EPSS

2008-06-05 08:32 PM
23
cve
cve

CVE-2008-2080

Stack-based buffer overflow in the Read32s_64 function in src/lib/cdfread64.c in the NASA Goddard Space Flight Center Common Data Format (CDF) library before 3.2.1 allows context-dependent attackers to execute arbitrary code via a .cdf file with crafted length...

7.5AI Score

0.017EPSS

2008-05-06 03:20 PM
29