Vulnerabilities > NSA

DATE CVE VULNERABILITY TITLE RISK
2023-01-06 CVE-2023-22671 Command Injection vulnerability in NSA Ghidra
Ghidra/RuntimeScripts/Linux/support/launch.sh in NSA Ghidra through 10.2.2 passes user-provided input into eval, leading to command injection when calling analyzeHeadless with untrusted input.
network
low complexity
nsa CWE-77
critical
9.8
2021-07-02 CVE-2021-32639 Server-Side Request Forgery (SSRF) vulnerability in NSA Emissary
Emissary is a P2P-based, data-driven workflow engine.
network
low complexity
nsa CWE-918
critical
9.9
2021-06-01 CVE-2021-32647 Unsafe Reflection vulnerability in NSA Emissary 6.4.0
Emissary is a P2P based data-driven workflow engine.
network
low complexity
nsa CWE-470
critical
9.1
2021-05-21 CVE-2021-32634 Unspecified vulnerability in NSA Emissary 6.4.0
Emissary is a distributed, peer-to-peer, data-driven workflow framework.
network
low complexity
nsa
7.2
2021-05-07 CVE-2021-32092 Cross-site Scripting vulnerability in NSA Emissary 5.9.0
A Cross-site scripting (XSS) vulnerability in the DocumentAction component of U.S.
network
low complexity
nsa CWE-79
6.1
2021-05-07 CVE-2021-32093 Missing Authorization vulnerability in NSA Emissary 5.9.0
The ConfigFileAction component of U.S.
network
low complexity
nsa CWE-862
6.5
2021-05-07 CVE-2021-32094 Unrestricted Upload of File with Dangerous Type vulnerability in NSA Emissary 5.9.0
U.S.
network
low complexity
nsa CWE-434
8.8
2021-05-07 CVE-2021-32095 Missing Authorization vulnerability in NSA Emissary 5.9.0
U.S.
network
low complexity
nsa CWE-862
8.1
2021-05-07 CVE-2021-32096 Cross-Site Request Forgery (CSRF) vulnerability in NSA Emissary 5.9.0
The ConsoleAction component of U.S.
network
low complexity
nsa CWE-352
8.8
2019-10-16 CVE-2019-17665 Uncontrolled Search Path Element vulnerability in NSA Ghidra 9.0/9.0.1/9.0.2
NSA Ghidra before 9.0.2 is vulnerable to DLL hijacking because it loads jansi.dll from the current working directory.
local
low complexity
nsa CWE-427
7.8