Ait Core Security Vulnerabilities and Issues — Ait Core CVE List

Lucene search

NasaAit Core

6 matches found

CVE•added 2024/05/21 6:15 p.m.•81 views

CVE-2024-35058

An issue in the API wait function of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via supplying a crafted string.

7.5CVSS7.7AI score0.00074EPSS

CVE•added 2024/05/21 7:15 p.m.•54 views

CVE-2024-35061

NASA AIT-Core v2.5.2 was discovered to use unencrypted channels to exchange data over the network, allowing attackers to execute a man-in-the-middle attack. When chained with CVE-2024-35059, the CVE in subject leads to an unauthenticated, fully remote code execution.

7.3CVSS7.8AI score0.01027EPSS

CVE•added 2024/05/21 7:15 p.m.•51 views

CVE-2024-35059

An issue in the Pickle Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands.

7.5CVSS7.3AI score0.00052EPSS

CVE•added 2024/05/21 7:15 p.m.•45 views

CVE-2024-35060

An issue in the YAML Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands via supplying a crafted YAML file.

7.5CVSS7.6AI score0.00057EPSS

CVE•added 2024/05/21 6:15 p.m.•43 views

CVE-2024-35056

NASA AIT-Core v2.5.2 was discovered to contain multiple SQL injection vulnerabilities via the query_packets and insert functions.

9.8CVSS8.3AI score0.00145EPSS

CVE•added 2024/05/21 6:15 p.m.•43 views

CVE-2024-35057

An issue in NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via a crafted packet.

7.5CVSS7.7AI score0.00035EPSS