183 matches found
Linux Distros Unpatched Vulnerability : CVE-2023-50257
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - eProsima Fast DDS formerly Fast RTPS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Even with the application...
DEBIAN-CVE-2025-24807
eprosima Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group. Prior to versions 2.6.10, 2.10.7, 2.14.5, 3.0.2, 3.1.2, and 3.2.0, per design, PermissionsCA is not full chain validated, nor is the expiration date validated. Access contro...
eProsima Fast DDS 数据伪造问题漏洞
eProsima Fast DDS is the C++ implementation of eProsima's OMG Object Management Group DDS Data Distribution Service standard. A data forgery issue vulnerability exists in eProsima Fast DDS versions prior to 3.2.0, which stems from PermissionsCAs that are not validated for full chain validation an...
CVE-2024-30258
FastDDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group. Prior to versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8, when a publisher serves a malformed RTPS packet, the subscriber crashes when creating pthread. This can remotely crash any Fast-DD...
UBUNTU-CVE-2023-24010
An attacker can arbitrarily craft malicious DDS Participants or ROS 2 Nodes with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS7 certificate’s validation. This is caused by a...
CVE-2023-24012 Data Distribution Service (DDS) Chain of Trust (CoT) violation vulnerability in Open DDS
An attacker can arbitrarily craft malicious DDS Participants or ROS 2 Nodes with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS7 certificate’s validation. This is caused by a...
CVE-2023-24012
CVE-2023-24012 describes a vulnerability in the Data Distribution Service (DDS) chain of trust where an attacker can craft malicious DDS Participants or ROS 2 Nodes with valid certificates to take full control of a secure DDS databus. The root cause is a non-compliant implementation of permission...
CVE-2023-24011 Data Distribution Service (DDS) Chain of Trust (CoT) violation vulnerability in Cyclone DDS
An attacker can arbitrarily craft malicious DDS Participants or ROS 2 Nodes with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS7 certificate’s validation. This is caused by a...
CVE-2023-24011 Data Distribution Service (DDS) Chain of Trust (CoT) violation vulnerability in Cyclone DDS
An attacker can arbitrarily craft malicious DDS Participants or ROS 2 Nodes with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS7 certificate’s validation. This is caused by a...
CVE-2023-24011
CVE-2023-24011 is a DDS ecosystem vulnerability arising from non-compliant permission document verification and improper use of OpenSSL PKCS7_verify to validate S/MIME signatures. Attackers could craft malicious DDS Participants or ROS 2 Nodes with valid certificates to gain full control of a sec...
CVE-2023-24010 Data Distribution Service (DDS) Chain of Trust (CoT) violation in Fast DDS
An attacker can arbitrarily craft malicious DDS Participants or ROS 2 Nodes with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS7 certificate’s validation. This is caused by a...
CVE-2023-24010
CVE-2023-24010 describes an Achilles’ heel in some DDS vendor configurations: an attacker can craft malicious DDS Participants or ROS 2 Nodes with valid certificates to take control of a secure DDS databus. The root cause is a non-compliant verification of permission documents, specifically an im...
CVE-2023-24010 Data Distribution Service (DDS) Chain of Trust (CoT) violation in Fast DDS
An attacker can arbitrarily craft malicious DDS Participants or ROS 2 Nodes with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS7 certificate’s validation. This is caused by a...
PT-2025-1382 · Openssl · Openssl
Name of the Vulnerable Software and Affected Versions: Data Distribution Service DDS affected versions not specified Description: The issue allows an attacker to compromise and gain full control of a secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS7...
SROS 2 安全漏洞
SROS 2 is a ROS 2 open source tool for generating and distributing SROS keys. A security vulnerability exists in SROS 2 that stems from the presence of a non-compliant implementation of privilege document validation, which could lead to an attacker being able to construct a malicious DDS...
PT-2025-1381 · Openssl +1 · Openssl +1
Name of the Vulnerable Software and Affected Versions: Data Distribution Service DDS affected versions not specified Description: The issue allows an attacker to compromise and gain full control of a secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS7...
SROS 2 安全漏洞
SROS 2 is a ROS 2 open source tool for generating and distributing SROS keys. A security vulnerability exists in SROS 2 that stems from the presence of a non-compliant implementation of privilege document validation, which could lead to an attacker being able to construct a malicious DDS...
SROS 2 安全漏洞
SROS 2 is a ROS 2 open source tool for generating and distributing SROS keys. A security vulnerability exists in SROS 2 that stems from the presence of a non-compliant implementation of privilege document validation, which could lead to an attacker being able to construct a malicious DDS...
Geoserver Unauthenticated Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Geoserver unauthenticated Remote Code Execution', 'Description' = %q GeoServer is an open-source software server written in Java that provides th...
UBUNTU-CVE-2024-30259
FastDDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group. Prior to versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8, when a publisher serves malformed RTPS packet, heap buffer overflow occurs on the subscriber. This can remotely crash any Fast-DDS...