Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nsa vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2019-13623
In NSA Ghidra prior to 9.1, path traversal can occur in RestoreTask.java (from the package ghidra.app.plugin.core.archive) via an archive with an executable file that has an initial ../ in its filename. This allows malicious users to overwrite arbitrary files in scenarios where a...
Nsa Ghidra
1 EDB exploit
9.4
CVSSv2
CVE-2019-13625
NSA Ghidra prior to 9.0.1 allows XXE when a project is opened or restored, or a tool is imported, as demonstrated by a project.prp file.
Nsa Ghidra
4.4
CVSSv2
CVE-2019-17665
NSA Ghidra prior to 9.0.2 is vulnerable to DLL hijacking because it loads jansi.dll from the current working directory.
Nsa Ghidra
6.5
CVSSv2
CVE-2021-32639
Emissary is a P2P-based, data-driven workflow engine. Emissary version 6.4.0 is vulnerable to Server-Side Request Forgery (SSRF). In particular, the `RegisterPeerAction` endpoint and the `AddChildDirectoryAction` endpoint are vulnerable to SSRF. This vulnerability may lead to cre...
Nsa Emissary
NA
CVE-2023-22671
Ghidra/RuntimeScripts/Linux/support/launch.sh in NSA Ghidra up to and including 10.2.2 passes user-provided input into eval, leading to command injection when calling analyzeHeadless with untrusted input.
Nsa Ghidra
4.4
CVSSv2
CVE-2019-17664
NSA Ghidra up to and including 9.0.4 uses a potentially untrusted search path. When executing Ghidra from a given path, the Java process working directory is set to this path. Then, when launching the Python interpreter via the "Ghidra Codebrowser > Window > Python&quo...
Nsa Ghidra
6.8
CVSSv2
CVE-2019-16941
NSA Ghidra up to and including 9.0.4, when experimental mode is enabled, allows arbitrary code execution if the Read XML Files feature of Bit Patterns Explorer is used with a modified XML document. This occurs in Features/BytePatterns/src/main/java/ghidra/bitpatterns/info/FileBit...
Nsa Ghidra
1 Github repository
1 Article
6.5
CVSSv2
CVE-2021-32634
Emissary is a distributed, peer-to-peer, data-driven workflow framework. Emissary 6.4.0 is vulnerable to Unsafe Deserialization of post-authenticated requests to the [`WorkSpaceClientEnqueue.action`](https://github.com/NationalSecurityAgency/emissary/blob/30c54ef16c6eb6ed09604a92...
Nsa Emissary 6.4.0
4.3
CVSSv2
CVE-2014-2589
Cross-site scripting (XSS) vulnerability in the Dashboard Backend service (stats/dashboard.jsp) in SonicWall Network Security Appliance (NSA) 2400 allows remote malicious users to inject arbitrary web script or HTML via the sn parameter.
Sonicwall Nsa 2400 -
6.5
CVSSv2
CVE-2021-32647
Emissary is a P2P based data-driven workflow engine. Affected versions of Emissary are vulnerable to post-authentication Remote Code Execution (RCE). The [`CreatePlace`](https://github.com/NationalSecurityAgency/emissary/blob/30c54ef16c6eb6ed09604a929939fb9f66868382/src/main/java...
Nsa Emissary 6.4.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcoded
arbitrary code
CVE-2024-2404
CVE-2024-21111
CVE-2024-28627
CVE-2024-4073
information disclosure
CVE-2024-32780
CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »