CVE-2023-22671
- EPSS 4.12%
- Veröffentlicht 06.01.2023 07:15:08
- Zuletzt bearbeitet 07.04.2025 19:15:49
Ghidra/RuntimeScripts/Linux/support/launch.sh in NSA Ghidra through 10.2.2 passes user-provided input into eval, leading to command injection when calling analyzeHeadless with untrusted input.
CVE-2019-17664
- EPSS 0.16%
- Veröffentlicht 16.10.2019 20:15:11
- Zuletzt bearbeitet 21.11.2024 04:32:43
NSA Ghidra through 9.0.4 uses a potentially untrusted search path. When executing Ghidra from a given path, the Java process working directory is set to this path. Then, when launching the Python interpreter via the "Ghidra Codebrowser > Window > Pyt...
CVE-2019-17665
- EPSS 0.14%
- Veröffentlicht 16.10.2019 20:15:11
- Zuletzt bearbeitet 21.11.2024 04:32:44
NSA Ghidra before 9.0.2 is vulnerable to DLL hijacking because it loads jansi.dll from the current working directory.
CVE-2019-16941
- EPSS 22.86%
- Veröffentlicht 28.09.2019 16:15:09
- Zuletzt bearbeitet 21.11.2024 04:31:23
NSA Ghidra through 9.0.4, when experimental mode is enabled, allows arbitrary code execution if the Read XML Files feature of Bit Patterns Explorer is used with a modified XML document. This occurs in Features/BytePatterns/src/main/java/ghidra/bitpat...
CVE-2019-13623
- EPSS 4.1%
- Veröffentlicht 17.07.2019 03:15:10
- Zuletzt bearbeitet 21.11.2024 04:25:23
In NSA Ghidra before 9.1, path traversal can occur in RestoreTask.java (from the package ghidra.app.plugin.core.archive) via an archive with an executable file that has an initial ../ in its filename. This allows attackers to overwrite arbitrary file...
CVE-2019-13625
- EPSS 0.33%
- Veröffentlicht 17.07.2019 03:15:10
- Zuletzt bearbeitet 21.11.2024 04:25:23
NSA Ghidra before 9.0.1 allows XXE when a project is opened or restored, or a tool is imported, as demonstrated by a project.prp file.