10 matches found
CVE-2024-41921
A code injection vulnerability has been discovered in the Robot Operating System ROS 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'echo' verb, which allows a user to introspect a ROS topic and accepts a user-provided Python...
EUVD-2024-54798
Malicious code in bioql PyPI...
EUVD-2024-54797
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-41148
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A code injection vulnerability has been discovered in the Robot Operating System ROS 'rostopic' command- line tool, affecting ROS distributions Noetic Ninjemys...
CVE-2024-41921
A code injection vulnerability has been discovered in the Robot Operating System ROS 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'echo' verb, which allows a user to introspect a ROS topic and accepts a user-provided Python...
CVE-2024-41148
A code injection vulnerability has been discovered in the Robot Operating System ROS 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'hz' verb, which reports the publishing rate of a topic and accepts a user-provided Python...
CVE-2024-41921
A code injection vulnerability has been discovered in the Robot Operating System ROS 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'echo' verb, which allows a user to introspect a ROS topic and accepts a user-provided Python...
CVE-2024-41921 Unsafe use of eval() method in rostopic echo tool
A code injection vulnerability has been discovered in the Robot Operating System ROS 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'echo' verb, which allows a user to introspect a ROS topic and accepts a user-provided Python...
CVE-2024-41148
CVE-2024-41148 describes a code-injection flaw in the ROS rostopic hz command. The --filter option accepts a user-supplied Python expression which is passed directly to eval() without sanitization, enabling a local user to craft and execute arbitrary code. Affected releases include ROS Noetic Nin...
Robot Operating System 代码注入漏洞
Robot Operating System is a meta-operating system for ROS 2 open source robots. A security vulnerability exists in Robot Operating System that stems from the hz verb of the rostopic tool using the eval function to process uncleaned user input, which could lead to the execution of arbitrary code...