CVE-2024-38926

Open Robotics Robotic Operating System 2 ROS2 and Nav2 humble versions were discovered to contain a use-after-free via the nav2amcl process. This vulnerability is triggered via remotely sending a request for change the value of dynamic-parameter /amcl zshort...

curl: curl file writing susceptible to symlink attacks

Summary: If curl command is used to download a file with predictable file name to a world writable directory such as /tmp, a local attacker is able to mount a symlink attack to either A redirect the target file writing to another file writable by the user or B replace the downloaded file contents...