VYPR
Vendor

ROS

Products
12
CVEs
8
Across products
11
Status
Private

Products

12

Recent CVEs

8
  • CVE-2019-13465HigDec 30, 2019
    risk 0.56cvss 8.6epss 0.01

    An issue was discovered in the ROS communications-related packages (aka ros_comm or ros-melodic-ros-comm) through 1.14.3. ROS_ASSERT_MSG only works when ROS_ASSERT_ENABLED is defined. This leads to a problem in the remove() function in clients/roscpp/src/libros/spinner.cpp. When…

  • CVE-2023-24010HigJan 9, 2025
    risk 0.53cvss 8.2epss 0.00

    An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 Nodes) with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS#7 certificate’s validation. This…

  • CVE-2024-41921HigJul 17, 2025
    risk 0.51cvss 7.8epss 0.00

    A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'echo' verb, which allows a user to introspect a ROS topic and accepts a…

  • CVE-2024-39835HigJul 17, 2025
    risk 0.51cvss 7.8epss 0.00

    A code injection vulnerability has been identified in the Robot Operating System (ROS) 'roslaunch' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the use of the eval() method to process user-supplied, unsanitized…

  • CVE-2024-39289HigJul 17, 2025
    risk 0.51cvss 7.8epss 0.00

    A code execution vulnerability has been discovered in the Robot Operating System (ROS) 'rosparam' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability stems from the use of the eval() function to process unsanitized, user-supplied parameter values via…

  • CVE-2024-39780HigApr 2, 2025
    risk 0.44cvss 7.8epss 0.00

    A YAML deserialization vulnerability was found in the Robot Operating System (ROS) 'dynparam', a command-line tool for getting, setting, and deleting parameters of a dynamically configurable node, affecting ROS distributions Noetic and earlier. The issue is caused by the use of…

  • CVE-2019-19627MedDec 6, 2019
    risk 0.35cvss 5.3epss 0.02

    SROS 2 0.8.1 (after CVE-2019-19625 is mitigated) leaks ROS 2 node-related information regardless of the rtps_protection_kind configuration. (SROS2 provides the tools to generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from…

  • CVE-2020-10289HigAug 20, 2020
    risk 0.00cvss 8.8epss 0.02

    Use of unsafe yaml load. Allows instantiation of arbitrary objects. The flaw itself is caused by an unsafe parsing of YAML values which happens whenever an action message is processed to be sent, and allows for the creation of Python objects. Through this flaw in the ROS core…