Vulnerabilities > NSA
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-06 | CVE-2023-22671 | Command Injection vulnerability in NSA Ghidra Ghidra/RuntimeScripts/Linux/support/launch.sh in NSA Ghidra through 10.2.2 passes user-provided input into eval, leading to command injection when calling analyzeHeadless with untrusted input. | 9.8 |
| 2021-07-02 | CVE-2021-32639 | Server-Side Request Forgery (SSRF) vulnerability in NSA Emissary Emissary is a P2P-based, data-driven workflow engine. | 6.5 |
| 2021-06-01 | CVE-2021-32647 | Unsafe Reflection vulnerability in NSA Emissary 6.4.0 Emissary is a P2P based data-driven workflow engine. | 6.5 |
| 2021-05-21 | CVE-2021-32634 | Deserialization of Untrusted Data vulnerability in NSA Emissary 6.4.0 Emissary is a distributed, peer-to-peer, data-driven workflow framework. | 6.5 |
| 2021-05-07 | CVE-2021-32092 | Cross-site Scripting vulnerability in NSA Emissary 5.9.0 A Cross-site scripting (XSS) vulnerability in the DocumentAction component of U.S. | 4.3 |
| 2021-05-07 | CVE-2021-32093 | Missing Authorization vulnerability in NSA Emissary 5.9.0 The ConfigFileAction component of U.S. | 4.0 |
| 2021-05-07 | CVE-2021-32094 | Unrestricted Upload of File with Dangerous Type vulnerability in NSA Emissary 5.9.0 U.S. | 6.5 |
| 2021-05-07 | CVE-2021-32095 | Missing Authorization vulnerability in NSA Emissary 5.9.0 U.S. | 5.5 |
| 2021-05-07 | CVE-2021-32096 | Cross-Site Request Forgery (CSRF) vulnerability in NSA Emissary 5.9.0 The ConsoleAction component of U.S. | 6.8 |
| 2019-10-16 | CVE-2019-17665 | Untrusted Search Path vulnerability in NSA Ghidra 9.0/9.0.1/9.0.2 NSA Ghidra before 9.0.2 is vulnerable to DLL hijacking because it loads jansi.dll from the current working directory. | 4.4 |