CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35060
https://notcve.org/view.php?id=CVE-2024-35060
21 May 2024 — An issue in the YAML Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands via supplying a crafted YAML file. Un problema en la librería YAML Python de NASA AIT-Core v2.5.2 permite a los atacantes ejecutar comandos arbitrarios proporcionando un archivo YAML manipulado. • https://www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-ujkze • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35059
https://notcve.org/view.php?id=CVE-2024-35059
21 May 2024 — An issue in the Pickle Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands. Un problema en la librería Pickle Python de NASA AIT-Core v2.5.2 permite a los atacantes ejecutar comandos arbitrarios. • https://www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-ujkze • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45885
https://notcve.org/view.php?id=CVE-2023-45885
09 Nov 2023 — Cross Site Scripting (XSS) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to run arbitrary code via the new component feature in the flexibleLayout plugin. La vulnerabilidad de Cross Site Scripting (XSS) en NASA Open MCT (también conocido como openmct) hasta 3.1.0 permite a los atacantes ejecutar código arbitrario a través de la nueva función de componente en el complemento flexibleLayout. • https://www.linkedin.com/pulse/xss-nasas-open-mct-v302-visionspace-technologies-ubg4f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45884
https://notcve.org/view.php?id=CVE-2023-45884
09 Nov 2023 — Cross Site Request Forgery (CSRF) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to view sensitive information via the flexibleLayout plugin. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en NASA Open MCT (también conocido como openmct) hasta 3.1.0 permite a los atacantes ver información confidencial a través del complemento flexibleLayout. • https://www.linkedin.com/pulse/xss-nasas-open-mct-v302-visionspace-technologies-ubg4f • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45282
https://notcve.org/view.php?id=CVE-2023-45282
06 Oct 2023 — In NASA Open MCT (aka openmct) before 3.1.0, prototype pollution can occur via an import action. En NASA Open MCT (también conocido como openmct) anterior a 3.1.0, la contaminación del prototipo puede ocurrir mediante una acción de importación. • https://github.com/nasa/openmct/compare/v3.0.2...v3.1.0 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23054 – Openmct XSS via the “Summary Widget”
https://notcve.org/view.php?id=CVE-2022-23054
20 Feb 2022 — Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Summary Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions. Openmct versiones 1.3.0 hasta 1.7.7, son vulnerables a un ataque de tipo XSS almacenado por medio del elemento "Summary Widget", que permite la inyección de JavaScript malicioso en el campo "URL". Este problema afecta a: nasa openmct versi... • https://github.com/nasa/openmct/commit/abc93d0ec4b104dac1ea5f8a615d06e3ab78934a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23053 – Openmct XSS via the “Condition Widget”
https://notcve.org/view.php?id=CVE-2022-23053
20 Feb 2022 — Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Condition Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions. Openmct versiones 1.3.0 hasta 1.7.7, son vulnerables a un ataque de tipo XSS almacenado por medio del elemento "Condition Widget", que permite una inyección de JavaScript malicioso en el campo "URL". Este problema afecta a: nasa openmct ... • https://github.com/nasa/openmct/commit/abc93d0ec4b104dac1ea5f8a615d06e3ab78934a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22126 – Openmct XSS via the “Web Page” element
https://notcve.org/view.php?id=CVE-2022-22126
20 Feb 2022 — Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Web Page” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions. Openmct versiones 1.3.0 hasta 1.7.7, son vulnerables a un ataque de tipo XSS almacenado por medio del elemento "Web Page", que permite una inyección de JavaScript malicioso en el campo "URL". Este problema afecta a: nasa openmct versiones 1.7.7 ... • https://github.com/nasa/openmct/commit/abc93d0ec4b104dac1ea5f8a615d06e3ab78934a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 31%CPEs: 1EXPL: 0CVE-2019-1010060
https://notcve.org/view.php?id=CVE-2019-1010060
16 Jul 2019 — NASA CFITSIO prior to 3.43 is affected by: Buffer Overflow. The impact is: arbitrary code execution. The component is: over 40 source code files were changed. The attack vector is: remote unauthenticated attacker. The fixed version is: 3.43. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892458 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-3847 – Gentoo Linux Security Advisory 202101-24
https://notcve.org/view.php?id=CVE-2018-3847
01 Aug 2018 — Multiple exploitable buffer overflow vulnerabilities exist in image parsing functionality of the CFITSIO library version 3.42. Specially crafted images parsed via the library, can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution. Múltiples vulnerabilidades explotables de desbordamiento de búfer en la funcionalidad de análisis de imágenes de la biblioteca CFITSIO en su versión 3.42. Las imáge... • https://security.gentoo.org/glsa/202101-24 • CWE-787: Out-of-bounds Write •