283 matches found
CVE-2024-38920
Open Robotics Robotic Operating System 2 ROS2 and Nav2 humble versions were discovered to contain a use-after-free via the nav2amcl process. This vulnerability is triggerd via remotely sending a request for change the value of dynamic-parameter/amcl maxbeams...
CVE-2024-38926
Open Robotics Robotic Operating System 2 ROS2 and Nav2 humble versions were discovered to contain a use-after-free via the nav2amcl process. This vulnerability is triggered via remotely sending a request for change the value of dynamic-parameter /amcl zshort...
CVE-2024-41650
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2costmap2d...
CVE-2022-48217
The tfremappernode component 1.1.1 for Robot Operating System ROS allows attackers, who control the source code of a different node in the same ROS application, to change a robot's behavior. This occurs because a topic name depends on the attacker-controlled oldtftopicname and/or newtftopicname...
CVE-2022-48198
The ntpddriver component before 1.3.0 and 2.x before 2.2.0 for Robot Operating System ROS allows attackers, who control the source code of a different node in the same ROS application, to change a robot's behavior. This occurs because a topic name depends on the attacker-controlled timereftopic...
CVE-2021-37146
An infinite loop in Open Robotics roscomm XMLRPC server in ROS Melodic through 1.4.11 and ROS Noetic through1.15.11 allows remote attackers to cause a Denial of Service in roscomm via a crafted XMLRPC call...
CVE-2024-39780
A YAML deserialization vulnerability was found in the Robot Operating System ROS 'dynparam', a command-line tool for getting, setting, and deleting parameters of a dynamically configurable node, affecting ROS distributions Noetic and earlier. The issue is caused by the use of the yaml.load functi...
CVE-2024-39780
A YAML deserialization vulnerability was found in the Robot Operating System ROS 'dynparam', a command-line tool for getting, setting, and deleting parameters of a dynamically configurable node, affecting ROS distributions Noetic and earlier. The issue is caused by the use of the yaml.load functi...
UBUNTU-CVE-2024-39780
A YAML deserialization vulnerability was found in the Robot Operating System ROS 'dynparam', a command-line tool for getting, setting, and deleting parameters of a dynamically configurable node, affecting ROS distributions Noetic and earlier. The issue is caused by the use of the yaml.load functi...
CVE-2024-39780 Use of unsafe yaml load in dynparam
A YAML deserialization vulnerability was found in the Robot Operating System ROS 'dynparam', a command-line tool for getting, setting, and deleting parameters of a dynamically configurable node, affecting ROS distributions Noetic and earlier. The issue is caused by the use of the yaml.load functi...
CVE-2024-39780 Use of unsafe yaml load in dynparam
A YAML deserialization vulnerability was found in the Robot Operating System ROS 'dynparam', a command-line tool for getting, setting, and deleting parameters of a dynamically configurable node, affecting ROS distributions Noetic and earlier. The issue is caused by the use of the yaml.load functi...
CVE-2024-39780
Summary (CVE-2024-39780) : A YAML deserialization vulnerability affects the Robot Operating System (ROS) dynparam tool used to manage parameters for ROS nodes, impacting Noetic and earlier. The root cause is the use of yaml.load() in the set and get verbs, which can instantiate arbitrary Python o...
CVE-2024-39780
A YAML deserialization vulnerability was found in the Robot Operating System ROS 'dynparam', a command-line tool for getting, setting, and deleting parameters of a dynamically configurable node, affecting ROS distributions Noetic and earlier. The issue is caused by the use of the yaml.load functi...
Robot Operating System 安全漏洞
Robot Operating System is a meta-operating system for robots. A security vulnerability exists in Robot Operating System, which originates from YAML deserialization and could lead to the execution of arbitrary Python code by a local or remote user...
PT-2025-14467 · Ros +1 · Ros +1
Name of the Vulnerable Software and Affected Versions: Robot Operating System ROS versions Noetic and earlier Description: A YAML deserialization vulnerability was found in the ROS 'dynparam' command-line tool, affecting the ability to get, set, and delete parameters of a dynamically configurable...
CVE-2019-19627
SROS 2 0.8.1 after CVE-2019-19625 is mitigated leaks ROS 2 node-related information regardless of the rtpsprotectionkind configuration. SROS2 provides the tools to generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2...
CVE-2024-44856
Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component nav2smacplanner...
CVE-2024-41649
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the executorthread...
CVE-2024-44854
Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component smoothPlan...
CVE-2024-44855
Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component nav2navfnplanner...