Filtered by vendor Nasa
Subscribe
Total
29 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-29911 | 1 Nasa | 1 Cryptolib | 2025-04-30 | N/A | 9.8 CRITICAL |
| CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. A critical heap buffer overflow vulnerability was identified in the `Crypto_AOS_ProcessSecurity` function of CryptoLib versions 1.3.3 and prior. This vulnerability allows an attacker to trigger a Denial of Service (DoS) or potentially execute arbitrary code (RCE) by providing a maliciously crafted AOS frame with an insufficient length. The vulnerability lies in the function `Crypto_AOS_ProcessSecurity`, specifically during the processing of the Frame Error Control Field (FECF). The affected code attempts to read from the `p_ingest` buffer at indices `current_managed_parameters_struct.max_frame_size - 2` and `current_managed_parameters_struct.max_frame_size - 1` without verifying if `len_ingest` is sufficiently large. This leads to a heap buffer overflow when `len_ingest` is smaller than `max_frame_size`. As of time of publication, no known patched versions exist. | |||||
| CVE-2025-29910 | 1 Nasa | 1 Cryptolib | 2025-04-30 | N/A | 7.5 HIGH |
| CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. A memory leak vulnerability was identified in the `crypto_handle_incrementing_nontransmitted_counter` function of CryptoLib versions 1.3.3 and prior. This vulnerability can lead to resource exhaustion and degraded system performance over time, particularly in long-running processes or systems processing large volumes of data. The vulnerability is present in the `crypto_handle_incrementing_nontransmitted_counter` function within `crypto_tc.c`. The function allocates memory using `malloc` without ensuring the allocated memory is always freed. This issue can lead to resource exhaustion, reduced system performance, and potentially a Denial of Service (DoS) in environments where CryptoLib is used in long-running processes or with large volumes of data. Any system using CryptoLib, especially those handling high-throughput or continuous data streams, could be impacted. As of time of publication, no known patched versions are available. | |||||
| CVE-2025-29909 | 1 Nasa | 1 Cryptolib | 2025-04-30 | N/A | 9.8 CRITICAL |
| CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In versions 1.3.3 and prior, a heap buffer overflow vulnerability in CryptoLib's `Crypto_TC_ApplySecurity()` allows an attacker to craft a malicious TC frame that causes out-of-bounds memory writes. This can result in denial of service (DoS) or, under certain conditions, remote code execution (RCE). Any application or system that relies on CryptoLib for Telecommand (TC) processing and does not strictly validate incoming TC frames is at risk. This includes satellite ground stations or mission control software where attackers can inject malformed frames. A patch is available at commit c7e8a8745ff4b5e9bd7e500e91358e86d5abedcc. | |||||
| CVE-2025-30356 | 1 Nasa | 1 Cryptolib | 2025-04-29 | N/A | 9.8 CRITICAL |
| CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In 1.3.3 and earlier, a heap buffer overflow vulnerability persists in the Crypto_TC_ApplySecurity function due to an incomplete validation check on the fl (frame length) field. Although CVE-2025-29912 addressed an underflow issue involving fl, the patch fails to fully prevent unsafe calculations. As a result, an attacker can still craft malicious frames that cause a negative tf_payload_len, which is then interpreted as a large unsigned value, leading to a heap buffer overflow in a memcpy call. | |||||
| CVE-2024-55028 | 1 Nasa | 1 Fprime | 2025-04-03 | N/A | 9.8 CRITICAL |
| A template injection vulnerability in the Dashboard of NASA Fprime v3.4.3 allows attackers to execute arbitrary code via uploading a crafted Vue file. | |||||
| CVE-2024-55029 | 1 Nasa | 1 Fprime | 2025-04-03 | N/A | 6.1 MEDIUM |
| NASA Fprime v3.4.3 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities. | |||||
| CVE-2025-25373 | 1 Nasa | 1 Cfs | 2025-04-03 | N/A | 9.8 CRITICAL |
| The Memory Management Module of NASA cFS (Core Flight System) Aquila has insecure permissions, which can be exploited to gain an RCE on the platform. | |||||
| CVE-2025-25372 | 1 Nasa | 1 Cfs | 2025-04-03 | N/A | 7.5 HIGH |
| NASA cFS (Core Flight System) Aquila is vulnerable to segmentation fault via sending a malicious telecommand to the Memory Management Module. | |||||
| CVE-2025-25371 | 1 Nasa | 1 Cfs | 2025-04-03 | N/A | 7.5 HIGH |
| NASA cFS (Core Flight System) Aquila is vulnerable to path traversal in the OSAL module, allowing the override of any arbitrary file on the system. | |||||
| CVE-2024-55030 | 1 Nasa | 1 Fprime | 2025-04-03 | N/A | 9.8 CRITICAL |
| A command injection vulnerability in the Command Dispatcher Service of NASA Fprime v3.4.3 allows attackers to execute arbitrary commands. | |||||
| CVE-2025-25374 | 1 Nasa | 1 Cfs | 2025-04-01 | N/A | 7.5 HIGH |
| In NASA cFS (Core Flight System) Aquila, it is possible to put the onboard software in a state that will prevent the launch of any external application, causing a platform denial of service. | |||||
| CVE-2024-44910 | 1 Nasa | 1 Cryptolib | 2025-03-19 | N/A | 7.5 HIGH |
| NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the AOS subsystem (crypto_aos.c). | |||||
| CVE-2024-44911 | 1 Nasa | 1 Cryptolib | 2025-03-18 | N/A | 7.5 HIGH |
| NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the TC subsystem (crypto_tc.c). | |||||
| CVE-2024-44912 | 1 Nasa | 1 Cryptolib | 2025-03-17 | N/A | 7.5 HIGH |
| NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the TM subsystem (crypto_tm.c). | |||||
| CVE-2023-45885 | 1 Nasa | 1 Openmct | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to run arbitrary code via the new component feature in the flexibleLayout plugin. | |||||
| CVE-2023-45884 | 1 Nasa | 1 Openmct | 2024-11-21 | N/A | 6.5 MEDIUM |
| Cross Site Request Forgery (CSRF) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to view sensitive information via the flexibleLayout plugin. | |||||
| CVE-2023-45282 | 1 Nasa | 1 Openmct | 2024-11-21 | N/A | 7.5 HIGH |
| In NASA Open MCT (aka openmct) before 3.1.0, prototype pollution can occur via an import action. | |||||
| CVE-2022-23054 | 1 Nasa | 1 Openmct | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Summary Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions. | |||||
| CVE-2022-23053 | 1 Nasa | 1 Openmct | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Condition Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions. | |||||
| CVE-2022-22126 | 1 Nasa | 1 Openmct | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Web Page” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions. | |||||