-
Notifications
You must be signed in to change notification settings - Fork 31
Issues: aliasrobotics/RVD
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
RVD#3347: Data Distribution Service (DDS) Chain of Trust (CoT) violation in Open DDS
package: sros2
robot component: DDS
Data Distribution Service
robot component: ROS2
vulnerability
#3347
opened Feb 25, 2023 by
vmayoral
RVD#3346: Data Distribution Service (DDS) Chain of Trust (CoT) violation in Cyclone DDS
package: sros2
robot component: DDS
Data Distribution Service
robot component: ROS2
vendor: ADLINK
vulnerability
#3346
opened Feb 25, 2023 by
vmayoral
RVD#3345: Data Distribution Service (DDS) Chain of Trust (CoT) violation
components software
Vulnerabilities in purely software robot components (e.g. a the ROS navigation stack)
package: sros2
robot component: DDS
Data Distribution Service
robot component: FastRTPS
eProsima's FastRTPS security flaw
robot component: ROS2
vendor: eProsima
vulnerability
#3345
opened Feb 25, 2023 by
vmayoral
[Security] Workflow push.yml is using vulnerable action actions/checkout
#3343
opened Dec 19, 2021 by
Freakston
[Security] Workflow issues_management.yml is using vulnerable action actions/checkout
#3342
opened Dec 19, 2021 by
fockboi-lgtm
RVD#3330: Use of Hard-coded Credentials in Robotemi Global Ltd Temi Firmware
severity: critical
9.0 - 10.0
vendor: Robotemi Global
vulnerability
#3330
opened Aug 25, 2020 by
glerapic
RVD#3324: ABB IRC5 FTP daemon in VxWorks does not close the TCP connection after a number of failed login attempts
robot: ABB IRB140
robot component: ABB IRC5 OPC Server
robot component: Robotware
robot component: VxWorks
severity: critical
9.0 - 10.0
vendor: ABB
vendor: WindRiver
vulnerability
#3324
opened Jul 15, 2020 by
rvd-bot
RVD#3323: Mismanaged permission implementation leads to privilege escalation, exfiltration of sensitive information, and DoS
components hardware
Vulnerabilities in hardware robot components (e.g. a LIDAR)
robot: xArm5 Lite
robot: xArm6
robot: xArm7
severity: high
7.0 - 8.9
vendor: UFactory
vulnerability
#3323
opened Jul 15, 2020 by
rvd-bot
RVD#3322: Weak authentication implementation make the system vulnerable to a brute-force attack over adjacent networks
components hardware
Vulnerabilities in hardware robot components (e.g. a LIDAR)
robot: xArm5 Lite
robot: xArm6
robot: xArm7
severity: high
7.0 - 8.9
vendor: UFactory
vulnerability
#3322
opened Jul 15, 2020 by
rvd-bot
RVD#3321: No Authentication required to exert manual control of the robot
components hardware
Vulnerabilities in hardware robot components (e.g. a LIDAR)
robot: xArm5 Lite
robot: xArm6
robot: xArm7
severity: critical
9.0 - 10.0
vendor: UFactory
vulnerability
#3321
opened Jul 15, 2020 by
rvd-bot
RVD#3320: XML External Entity (XXE) attacks via unspecified vectors on Mitsubishi products
triage
Needs triage
vendor: Mitsubishi Electric
vulnerability
#3320
opened Jul 4, 2020 by
rvd-bot
RVD#3319: Uncontrolled resource consumption vulnerability in Mitsubishi products allows denial of service (DoS) attacks
triage
Needs triage
vendor: Mitsubishi Electric
vulnerability
#3319
opened Jul 4, 2020 by
rvd-bot
RVD#3318: XSS-like attacks for authenticated users in ABB System 800xA Information Manager
components software
Vulnerabilities in purely software robot components (e.g. a the ROS navigation stack)
severity: high
7.0 - 8.9
vendor: ABB
vulnerability
#3318
opened Jul 4, 2020 by
rvd-bot
RVD#3317: MAVLink version handshaking allows for an attacker to bypass authentication
components software
Vulnerabilities in purely software robot components (e.g. a the ROS navigation stack)
robot component: Ardupilot
robot component: MAVLink
robot component: PX4
severity: high
7.0 - 8.9
version: 1.0
version: 2.0
vulnerability
#3317
opened Jun 30, 2020 by
vmayoral
RVD#3316: No authentication in MAVLink protocol
components software
Vulnerabilities in purely software robot components (e.g. a the ROS navigation stack)
robot component: Ardupilot
robot component: MAVLink
robot component: PX4
severity: critical
9.0 - 10.0
version: 1.0
vulnerability
#3316
opened Jun 30, 2020 by
vmayoral
RVD#3315: Cleartext transmission of sensitive information in MAVLink protocol version 1.0 and 2.0
components software
Vulnerabilities in purely software robot components (e.g. a the ROS navigation stack)
robot component: Ardupilot
robot component: MAVLink
robot component: PX4
severity: high
7.0 - 8.9
version: 1.0
version: 2.0
vulnerability
#3315
opened Jun 30, 2020 by
vmayoral
RVD#2573: The DBPOWER U818A WIFI quadcopter drone provides FTP access over
robot: DBPOWER U818A
severity: medium
4.0 - 6.9
vendor: DBPOWER
vulnerability
#2573
opened Jun 28, 2020 by
rvd-bot
RVD#2572: Web server running on Parrot ANAFI can be crashed due to the SDK
robot: Parrot ANAFI
https://www.parrot.com/es/drones/anafi
severity: medium
4.0 - 6.9
vendor: Parrot
vulnerability
#2572
opened Jun 28, 2020 by
rvd-bot
RVD#2571: Parrot ANAFI is vulnerable to Wi-Fi deauthentication attack
robot: Parrot ANAFI
https://www.parrot.com/es/drones/anafi
severity: high
7.0 - 8.9
vendor: Parrot
vulnerability
#2571
opened Jun 28, 2020 by
rvd-bot
RVD#2569: Insecure operating system defaults in MiR robots
robot component: Ubuntu
robot: ER200
robot: ER-Flex
robot: ER-Lite
robot: ER-One
robot: MiR100
robot: MiR200
robot: MiR250
robot: MiR500
robot: MiR1000
robot: UVD
severity: high
7.0 - 8.9
vendor: Canonical
vendor: Easy Robotics
vendor: Enabled Robotics
vendor: Mobile Industrial Robots
vendor: Robotplus
https://robotplus.es/
vendor: UVD Robots
vulnerability
#2569
opened Jun 24, 2020 by
rvd-bot
RVD#2568: Apache server is vulnerable to a DoS
robot: ER200
robot: ER-Flex
robot: ER-Lite
robot: ER-One
robot: MiR100
robot: MiR200
robot: MiR250
robot: MiR500
robot: MiR1000
robot: UVD
vendor: Easy Robotics
vendor: Enabled Robotics
vendor: Mobile Industrial Robots
vendor: Robotplus
https://robotplus.es/
vendor: UVD Robots
vulnerability
#2568
opened Jun 24, 2020 by
rvd-bot
Previous Next
ProTip!
no:milestone will show everything without a milestone.