Filtered by vendor Nasa
Subscribe
Total
42 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-25372 | 1 Nasa | 1 Cfs | 2025-04-03 | N/A | N/A |
| NASA cFS (Core Flight System) Aquila is vulnerable to segmentation fault via sending a malicious telecommand to the Memory Management Module. | |||||
| CVE-2025-25371 | 1 Nasa | 1 Cfs | 2025-04-03 | N/A | N/A |
| NASA cFS (Core Flight System) Aquila is vulnerable to path traversal in the OSAL module, allowing the override of any arbitrary file on the system. | |||||
| CVE-2024-55030 | 1 Nasa | 1 Fprime | 2025-04-03 | N/A | N/A |
| A command injection vulnerability in the Command Dispatcher Service of NASA Fprime v3.4.3 allows attackers to execute arbitrary commands. | |||||
| CVE-2025-25374 | 1 Nasa | 1 Cfs | 2025-04-01 | N/A | N/A |
| In NASA cFS (Core Flight System) Aquila, it is possible to put the onboard software in a state that will prevent the launch of any external application, causing a platform denial of service. | |||||
| CVE-2024-44910 | 1 Nasa | 1 Cryptolib | 2025-03-19 | N/A | 7.5 HIGH |
| NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the AOS subsystem (crypto_aos.c). | |||||
| CVE-2024-44911 | 1 Nasa | 1 Cryptolib | 2025-03-18 | N/A | 7.5 HIGH |
| NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the TC subsystem (crypto_tc.c). | |||||
| CVE-2024-44912 | 1 Nasa | 1 Cryptolib | 2025-03-17 | N/A | 7.5 HIGH |
| NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the TM subsystem (crypto_tm.c). | |||||
| CVE-2023-45282 | 1 Nasa | 1 Openmct | 2024-09-19 | N/A | 7.5 HIGH |
| In NASA Open MCT (aka openmct) before 3.1.0, prototype pollution can occur via an import action. | |||||
| CVE-2023-45884 | 1 Nasa | 1 Openmct | 2023-11-15 | N/A | 6.5 MEDIUM |
| Cross Site Request Forgery (CSRF) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to view sensitive information via the flexibleLayout plugin. | |||||
| CVE-2023-45885 | 1 Nasa | 1 Openmct | 2023-11-15 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to run arbitrary code via the new component feature in the flexibleLayout plugin. | |||||
| CVE-2018-3846 | 2 Fedoraproject, Nasa | 2 Fedora, Cfitsio | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution. | |||||
| CVE-2018-3849 | 2 Fedoraproject, Nasa | 2 Fedora, Cfitsio | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution. | |||||
| CVE-2018-3848 | 2 Fedoraproject, Nasa | 2 Fedora, Cfitsio | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| In the ffghbn function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution. | |||||
| CVE-2018-3847 | 1 Nasa | 1 Cfitsio | 2022-11-28 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple exploitable buffer overflow vulnerabilities exist in image parsing functionality of the CFITSIO library version 3.42. Specially crafted images parsed via the library, can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution. | |||||
| CVE-2022-23054 | 1 Nasa | 1 Openmct | 2022-03-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Summary Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions. | |||||
| CVE-2022-23053 | 1 Nasa | 1 Openmct | 2022-03-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Condition Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions. | |||||
| CVE-2022-22126 | 1 Nasa | 1 Openmct | 2022-03-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Web Page” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions. | |||||
| CVE-2019-1010060 | 1 Nasa | 1 Cfitsio | 2019-07-22 | 7.5 HIGH | 9.8 CRITICAL |
| NASA CFITSIO prior to 3.43 is affected by: Buffer Overflow. The impact is: arbitrary code execution. The component is: over 40 source code files were changed. The attack vector is: remote unauthenticated attacker. The fixed version is: 3.43. NOTE: this CVE refers to the issues not covered by CVE-2018-3846, CVE-2018-3847, CVE-2018-3848, and CVE-2018-3849. One example is ftp_status in drvrnet.c mishandling a long string beginning with a '4' character. | |||||
| CVE-2018-1000045 | 1 Nasa | 1 Singledop | 2018-03-01 | 6.8 MEDIUM | 7.8 HIGH |
| NASA Singledop version v1.0 contains a CWE-502 vulnerability in NASA Singledop library (Weather data) that can result in remote code execution. This attack appear to be exploitable via Victim opening a specially crafted radar data file. This vulnerability appears to have been fixed in v1.1. | |||||
| CVE-2018-1000046 | 1 Nasa | 1 Pyblock | 2018-03-01 | 6.8 MEDIUM | 7.8 HIGH |
| NASA Pyblock version v1.0 - v1.3 contains a CWE-502 vulnerability in Radar data parsing library that can result in remote code execution. This attack appear to be exploitable via Victim opening a specially crafted radar data file. This vulnerability appears to have been fixed in v1.4. | |||||