CVE-2022-22126 – Openmct XSS via the “Web Page” element
https://notcve.org/view.php?id=CVE-2022-22126
Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Web Page” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions. Openmct versiones 1.3.0 hasta 1.7.7, son vulnerables a un ataque de tipo XSS almacenado por medio del elemento "Web Page", que permite una inyección de JavaScript malicioso en el campo "URL". Este problema afecta a: nasa openmct versiones 1.7.7 y anteriores; versiones 1.3.0 y posteriores • https://github.com/nasa/openmct/commit/abc93d0ec4b104dac1ea5f8a615d06e3ab78934a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-1010060
https://notcve.org/view.php?id=CVE-2019-1010060
NASA CFITSIO prior to 3.43 is affected by: Buffer Overflow. The impact is: arbitrary code execution. The component is: over 40 source code files were changed. The attack vector is: remote unauthenticated attacker. The fixed version is: 3.43. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892458 https://github.com/astropy/astropy/pull/7274 https://heasarc.gsfc.nasa.gov/FTP/software/fitsio/c/cfitsio3420.tar.gz https://heasarc.gsfc.nasa.gov/FTP/software/fitsio/c/cfitsio3430.tar.gz https://heasarc.gsfc.nasa.gov/FTP/software/fitsio/c/docs/changes2.txt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2018-3847
https://notcve.org/view.php?id=CVE-2018-3847
Multiple exploitable buffer overflow vulnerabilities exist in image parsing functionality of the CFITSIO library version 3.42. Specially crafted images parsed via the library, can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution. Múltiples vulnerabilidades explotables de desbordamiento de búfer en la funcionalidad de análisis de imágenes de la biblioteca CFITSIO en su versión 3.42. Las imágenes especialmente manipuladas analizadas mediante la biblioteca pueden provocar un desbordamiento de búfer basado en pila que sobrescriba datos arbitrarios. • https://security.gentoo.org/glsa/202101-24 https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0530 • CWE-787: Out-of-bounds Write •
CVE-2018-3846
https://notcve.org/view.php?id=CVE-2018-3846
In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution. En las funciones ffgphd y ffgtkn en NASA CFITSIO 3.42, las imágenes especialmente manipuladas analizadas mediante la biblioteca pueden provocar un desbordamiento de búfer basado en pila que sobrescriba datos arbitrarios. Un atacante puede enviar una imagen FIT para desencadenar esta vulnerabilidad y una ejecución de código. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K46I2MFPCEOGC5LLDXZSWPB3EBPON3KA https://security.gentoo.org/glsa/202101-24 https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0529 • CWE-787: Out-of-bounds Write •
CVE-2018-3848
https://notcve.org/view.php?id=CVE-2018-3848
In the ffghbn function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution. En la función ffghbn en NASA CFITSIO 3.42, las imágenes especialmente manipuladas analizadas mediante la biblioteca pueden provocar un desbordamiento de búfer basado en pila que sobrescriba datos arbitrarios. Un atacante puede enviar una imagen FIT para desencadenar esta vulnerabilidad y una ejecución de código. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K46I2MFPCEOGC5LLDXZSWPB3EBPON3KA https://security.gentoo.org/glsa/202101-24 https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0531 • CWE-787: Out-of-bounds Write •