Lucene search
K

283 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 9:3 a.m.4 views

CVE-2024-38920

Open Robotics Robotic Operating System 2 ROS2 and Nav2 humble versions were discovered to contain a use-after-free via the nav2amcl process. This vulnerability is triggerd via remotely sending a request for change the value of dynamic-parameter/amcl maxbeams...

9.1CVSS5.9AI score0.00508EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:2 a.m.4 views

CVE-2024-38926

Open Robotics Robotic Operating System 2 ROS2 and Nav2 humble versions were discovered to contain a use-after-free via the nav2amcl process. This vulnerability is triggered via remotely sending a request for change the value of dynamic-parameter /amcl zshort...

9.8CVSS5.9AI score0.00571EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:49 a.m.5 views

CVE-2024-41650

Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2costmap2d...

9.8CVSS6.2AI score0.00473EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:47 a.m.6 views

CVE-2022-48217

The tfremappernode component 1.1.1 for Robot Operating System ROS allows attackers, who control the source code of a different node in the same ROS application, to change a robot's behavior. This occurs because a topic name depends on the attacker-controlled oldtftopicname and/or newtftopicname...

8.1CVSS7AI score0.00742EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:28 a.m.7 views

CVE-2022-48198

The ntpddriver component before 1.3.0 and 2.x before 2.2.0 for Robot Operating System ROS allows attackers, who control the source code of a different node in the same ROS application, to change a robot's behavior. This occurs because a topic name depends on the attacker-controlled timereftopic...

9.8CVSS7AI score0.01085EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 8:54 p.m.4 views

CVE-2021-37146

An infinite loop in Open Robotics roscomm XMLRPC server in ROS Melodic through 1.4.11 and ROS Noetic through1.15.11 allows remote attackers to cause a Denial of Service in roscomm via a crafted XMLRPC call...

7.5CVSS7.1AI score0.01946EPSS
Exploits0References1
NVD
NVD
added 2025/04/02 8:15 a.m.14 views

CVE-2024-39780

A YAML deserialization vulnerability was found in the Robot Operating System ROS 'dynparam', a command-line tool for getting, setting, and deleting parameters of a dynamically configurable node, affecting ROS distributions Noetic and earlier. The issue is caused by the use of the yaml.load functi...

9.8CVSS0.00373EPSS
Exploits0References1
OSV
OSV
added 2025/04/02 8:15 a.m.6 views

CVE-2024-39780

A YAML deserialization vulnerability was found in the Robot Operating System ROS 'dynparam', a command-line tool for getting, setting, and deleting parameters of a dynamically configurable node, affecting ROS distributions Noetic and earlier. The issue is caused by the use of the yaml.load functi...

9.8CVSS7.8AI score
Exploits0References1
OSV
OSV
added 2025/04/02 8:15 a.m.2 views

UBUNTU-CVE-2024-39780

A YAML deserialization vulnerability was found in the Robot Operating System ROS 'dynparam', a command-line tool for getting, setting, and deleting parameters of a dynamically configurable node, affecting ROS distributions Noetic and earlier. The issue is caused by the use of the yaml.load functi...

9.8CVSS6AI score0.00373EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/04/02 7:31 a.m.19 views

CVE-2024-39780 Use of unsafe yaml load in dynparam

A YAML deserialization vulnerability was found in the Robot Operating System ROS 'dynparam', a command-line tool for getting, setting, and deleting parameters of a dynamically configurable node, affecting ROS distributions Noetic and earlier. The issue is caused by the use of the yaml.load functi...

7.8CVSS0.00373EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/02 7:31 a.m.10 views

CVE-2024-39780 Use of unsafe yaml load in dynparam

A YAML deserialization vulnerability was found in the Robot Operating System ROS 'dynparam', a command-line tool for getting, setting, and deleting parameters of a dynamically configurable node, affecting ROS distributions Noetic and earlier. The issue is caused by the use of the yaml.load functi...

7.8CVSS8AI score0.00373EPSS
Exploits0References1
CVE
CVE
added 2025/04/02 7:31 a.m.63 views

CVE-2024-39780

Summary (CVE-2024-39780) : A YAML deserialization vulnerability affects the Robot Operating System (ROS) dynparam tool used to manage parameters for ROS nodes, impacting Noetic and earlier. The root cause is the use of yaml.load() in the set and get verbs, which can instantiate arbitrary Python o...

9.8CVSS8AI score0.00373EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2025/04/02 7:31 a.m.7 views

CVE-2024-39780

A YAML deserialization vulnerability was found in the Robot Operating System ROS 'dynparam', a command-line tool for getting, setting, and deleting parameters of a dynamically configurable node, affecting ROS distributions Noetic and earlier. The issue is caused by the use of the yaml.load functi...

9.8CVSS6AI score0.00373EPSS
Exploits0
CNNVD
CNNVD
added 2025/04/02 12:0 a.m.5 views

Robot Operating System 安全漏洞

Robot Operating System is a meta-operating system for robots. A security vulnerability exists in Robot Operating System, which originates from YAML deserialization and could lead to the execution of arbitrary Python code by a local or remote user...

9.8CVSS6.8AI score0.00373EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/04/02 12:0 a.m.7 views

PT-2025-14467 · Ros +1 · Ros +1

Name of the Vulnerable Software and Affected Versions: Robot Operating System ROS versions Noetic and earlier Description: A YAML deserialization vulnerability was found in the ROS 'dynparam' command-line tool, affecting the ability to get, set, and delete parameters of a dynamically configurable...

9.8CVSS6.7AI score0.00373EPSS
Exploits0References19
RedhatCVE
RedhatCVE
added 2025/02/05 5:11 p.m.18 views

CVE-2019-19627

SROS 2 0.8.1 after CVE-2019-19625 is mitigated leaks ROS 2 node-related information regardless of the rtpsprotectionkind configuration. SROS2 provides the tools to generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2...

7.5CVSS6.2AI score0.02146EPSS
Exploits2References1
OSV
OSV
added 2024/12/06 10:15 p.m.4 views

CVE-2024-44856

Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component nav2smacplanner...

7.5CVSS5.7AI score
Exploits0References3
OSV
OSV
added 2024/12/06 10:15 p.m.5 views

CVE-2024-41649

Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the executorthread...

9.8CVSS6.2AI score0.00677EPSS
Exploits1References3
OSV
OSV
added 2024/12/06 10:15 p.m.2 views

CVE-2024-44854

Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component smoothPlan...

7.5CVSS5.7AI score
Exploits0References3
OSV
OSV
added 2024/12/06 10:15 p.m.3 views

CVE-2024-44855

Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component nav2navfnplanner...

7.5CVSS5.7AI score
Exploits0References3
Rows per page
Query Builder