CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 1CVE-2018-3846 – Gentoo Linux Security Advisory 202101-24
https://notcve.org/view.php?id=CVE-2018-3846
16 Apr 2018 — In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution. En las funciones ffgphd y ffgtkn en NASA CFITSIO 3.42, las imágenes especialmente manipuladas analizadas mediante la biblioteca pueden provocar un desbordamiento de búfer basado en pila que sobrescriba datos arbitrarios. Un atacante pu... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K46I2MFPCEOGC5LLDXZSWPB3EBPON3KA • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 1CVE-2018-3848 – Gentoo Linux Security Advisory 202101-24
https://notcve.org/view.php?id=CVE-2018-3848
16 Apr 2018 — In the ffghbn function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution. En la función ffghbn en NASA CFITSIO 3.42, las imágenes especialmente manipuladas analizadas mediante la biblioteca pueden provocar un desbordamiento de búfer basado en pila que sobrescriba datos arbitrarios. Un atacante puede enviar una imagen FI... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K46I2MFPCEOGC5LLDXZSWPB3EBPON3KA • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 1CVE-2018-3849 – Gentoo Linux Security Advisory 202101-24
https://notcve.org/view.php?id=CVE-2018-3849
16 Apr 2018 — In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution. En la función ffghtb en NASA CFITSIO 3.42, las imágenes especialmente manipuladas analizadas mediante la biblioteca pueden provocar un desbordamiento de búfer basado en pila que sobrescriba datos arbitrarios. Un atacante puede enviar una imagen FI... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K46I2MFPCEOGC5LLDXZSWPB3EBPON3KA • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000046
https://notcve.org/view.php?id=CVE-2018-1000046
09 Feb 2018 — NASA Pyblock version v1.0 - v1.3 contains a CWE-502 vulnerability in Radar data parsing library that can result in remote code execution. This attack appear to be exploitable via Victim opening a specially crafted radar data file. This vulnerability appears to have been fixed in v1.4. NASA Pyblock v1.0 - v1.3 contiene una vulnerabilidad CWE-502 en la biblioteca de análisis de datos Radar que puede resultar en la ejecución remota de código. Este ataque parece ser explotable mediante una víctima que abra un a... • https://github.com/nasa/PyBlock/pull/5 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000045
https://notcve.org/view.php?id=CVE-2018-1000045
09 Feb 2018 — NASA Singledop version v1.0 contains a CWE-502 vulnerability in NASA Singledop library (Weather data) that can result in remote code execution. This attack appear to be exploitable via Victim opening a specially crafted radar data file. This vulnerability appears to have been fixed in v1.1. NASA Singledop v1.0 contiene una vulnerabilidad CWE-502 en la biblioteca NASA Singledop (datos del tiempo) que puede resultar en la ejecución remota de código. Este ataque parece ser explotable mediante una víctima que a... • https://github.com/nasa/SingleDop/pull/19 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2018-1000048
https://notcve.org/view.php?id=CVE-2018-1000048
09 Feb 2018 — NASA RtRetrievalFramework version v1.0 contains a CWE-502 vulnerability in Data retrieval functionality of RtRetrieval framework that can result in remote code execution. This attack appear to be exploitable via Victim tries to retrieve and process a weather data file. NASA RtRetrievalFramework v1.0 contiene una vulnerabilidad CWE-502 en la funcionalidad de recuperación de datos del framework RtRetrieval que puede resultar en la ejecución remota de código. Este ataque parece ser explotable mediante una víct... • https://github.com/nasa/RtRetrievalFramework/issues/1 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2018-1000047
https://notcve.org/view.php?id=CVE-2018-1000047
09 Feb 2018 — NASA Kodiak version v1.0 contains a CWE-502 vulnerability in Kodiak library's data processing function that can result in remote code execution. This attack appear to be exploitable via Victim opens an untrusted file for optimization using Kodiak library. NASA Kodiak v1.0 contiene una vulnerabilidad CWE-502 en la función de procesado de la biblioteca de análisis de datos Kodiak que puede resultar en la ejecución remota de código. Este ataque parece ser explotable mediante una víctima que abra un archivo no ... • https://github.com/nasa/Kodiak/issues/5 • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2014-7113
https://notcve.org/view.php?id=CVE-2014-7113
19 Oct 2014 — The NASA Universe Wallpapers Xeus (aka com.xeusNASA) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación para NASA Universe Wallpapers Xeus (también conocida como com.xeusNASA ) 1.0 no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle suplantar servidores y obtener información sensible a través de un... • http://www.kb.cert.org/vuls/id/582497 • CWE-310: Cryptographic Issues •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2009-2850 – Gentoo Linux Security Advisory 200908-6
https://notcve.org/view.php?id=CVE-2009-2850
18 Aug 2009 — Multiple buffer overflows in NASA Common Data Format (CDF) allow context-dependent attackers to execute arbitrary code, as demonstrated using (1) an array index error in the ReadAEDRList64 function, and other errors in the (2) SearchForRecord_r_64, (3) LastRecord64, (4) CDFsel64, and other unspecified functions. Desbordamiento múltiple de buffer en NASA Common Data Format (CDF)permite a atacantes dependientes del contexto ejecutar código a su elección, como es demostrado usando (1) un error en el array de i... • http://cdf.gsfc.nasa.gov/html/CDF_changesnote2.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 10%CPEs: 1EXPL: 2CVE-2008-2542 – NASA Ames Research Center BigView 1.8 - '.PNM' Stack Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2008-2542
05 Jun 2008 — Stack-based buffer overflow in the getline function in Ppm/ppm.C in NASA Ames Research Center BigView 1.8 allows user-assisted remote attackers to execute arbitrary code via a crafted PNM file. Desbordamiento de búfer basado en pila en la función getline en Ppm/ppm.C en NASA Ames Research Center BigView 1.8, permite a atacantes remotos asistidos por el usuario ejecutar código arbitrario a través de un fichero PNM. Core Security Technologies Advisory - The NASA BigView package suffers from a stack buffer ove... • https://packetstorm.news/files/id/67015 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •