Nasa

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-35060 1Nasa 1Ait Core Jun 3, 2025 May 21, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue in the YAML Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands via supplying a crafted YAML file.
CVE-2024-35059 1Nasa 1Ait Core Jun 3, 2025 May 21, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue in the Pickle Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands.
CVE-2024-35058 1Nasa 1Ait Core Jun 3, 2025 May 21, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue in the API wait function of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via supplying a crafted string.
CVE-2024-35057 1Nasa 1Ait Core Jun 3, 2025 May 21, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue in NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via a crafted packet.
CVE-2024-35056 1Nasa 1Ait Core Jun 3, 2025 May 21, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 NASA AIT-Core v2.5.2 was discovered to contain multiple SQL injection vulnerabilities via the query_packets and insert functions.
CVE-2023-45885 1Nasa 1Openmct Nov 21, 2024 Nov 9, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross Site Scripting (XSS) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to run arbitrary code via the new component feature in the flexibleLayout plugin.
CVE-2023-45884 1Nasa 1Openmct Nov 21, 2024 Nov 9, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Cross Site Request Forgery (CSRF) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to view sensitive information via the flexibleLayout plugin.
CVE-2023-45282 1Nasa 1Openmct Nov 21, 2024 Oct 6, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 In NASA Open MCT (aka openmct) before 3.1.0, prototype pollution can occur via an import action.
CVE-2022-23054 1Nasa 1Openmct Nov 21, 2024 Feb 20, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Summary Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version a...Show more Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Summary Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions.Show less
CVE-2022-23053 1Nasa 1Openmct Nov 21, 2024 Feb 20, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Condition Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version...Show more Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Condition Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions.Show less
CVE-2022-22126 1Nasa 1Openmct Nov 21, 2024 Feb 20, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Web Page” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and pri...Show more Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Web Page” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions.Show less
CVE-2019-1010060 1Nasa 1Cfitsio Nov 21, 2024 Jul 16, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 NASA CFITSIO prior to 3.43 is affected by: Buffer Overflow. The impact is: arbitrary code execution. The component is: over 40 source code files were changed. The attack vector is: remote unauthenticated attacker. The fi...Show more NASA CFITSIO prior to 3.43 is affected by: Buffer Overflow. The impact is: arbitrary code execution. The component is: over 40 source code files were changed. The attack vector is: remote unauthenticated attacker. The fixed version is: 3.43. NOTE: this CVE refers to the issues not covered by CVE-2018-3846, CVE-2018-3847, CVE-2018-3848, and CVE-2018-3849. One example is ftp_status in drvrnet.c mishandling a long string beginning with a '4' character.Show less
CVE-2018-3847 1Nasa 1Cfitsio Nov 21, 2024 Aug 1, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Multiple exploitable buffer overflow vulnerabilities exist in image parsing functionality of the CFITSIO library version 3.42. Specially crafted images parsed via the library, can cause a stack-based buffer overflow over...Show more Multiple exploitable buffer overflow vulnerabilities exist in image parsing functionality of the CFITSIO library version 3.42. Specially crafted images parsed via the library, can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.Show less
CVE-2018-3849 2Fedoraproject Nasa 2Cfitsio Fedora Nov 21, 2024 Apr 16, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulner...Show more In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.Show less
CVE-2018-3848 2Fedoraproject Nasa 2Cfitsio Fedora Nov 21, 2024 Apr 16, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In the ffghbn function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulner...Show more In the ffghbn function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.Show less
CVE-2018-3846 2Fedoraproject Nasa 2Cfitsio Fedora Nov 21, 2024 Apr 16, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger...Show more In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.Show less
CVE-2018-1000048 1Nasa 1Rtretrievalframework Nov 21, 2024 Feb 9, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 NASA RtRetrievalFramework version v1.0 contains a CWE-502 vulnerability in Data retrieval functionality of RtRetrieval framework that can result in remote code execution. This attack appear to be exploitable via Victim t...Show more NASA RtRetrievalFramework version v1.0 contains a CWE-502 vulnerability in Data retrieval functionality of RtRetrieval framework that can result in remote code execution. This attack appear to be exploitable via Victim tries to retrieve and process a weather data file.Show less
CVE-2018-1000047 1Nasa 1Kodiak Nov 21, 2024 Feb 9, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 NASA Kodiak version v1.0 contains a CWE-502 vulnerability in Kodiak library's data processing function that can result in remote code execution. This attack appear to be exploitable via Victim opens an untrusted file for...Show more NASA Kodiak version v1.0 contains a CWE-502 vulnerability in Kodiak library's data processing function that can result in remote code execution. This attack appear to be exploitable via Victim opens an untrusted file for optimization using Kodiak library.Show less
CVE-2018-1000046 1Nasa 1Pyblock Nov 21, 2024 Feb 9, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 NASA Pyblock version v1.0 - v1.3 contains a CWE-502 vulnerability in Radar data parsing library that can result in remote code execution. This attack appear to be exploitable via Victim opening a specially crafted radar...Show more NASA Pyblock version v1.0 - v1.3 contains a CWE-502 vulnerability in Radar data parsing library that can result in remote code execution. This attack appear to be exploitable via Victim opening a specially crafted radar data file. This vulnerability appears to have been fixed in v1.4.Show less
CVE-2018-1000045 1Nasa 1Singledop Nov 21, 2024 Feb 9, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 NASA Singledop version v1.0 contains a CWE-502 vulnerability in NASA Singledop library (Weather data) that can result in remote code execution. This attack appear to be exploitable via Victim opening a specially crafted...Show more NASA Singledop version v1.0 contains a CWE-502 vulnerability in NASA Singledop library (Weather data) that can result in remote code execution. This attack appear to be exploitable via Victim opening a specially crafted radar data file. This vulnerability appears to have been fixed in v1.1.Show less

Previous 1 23