RVD

RVD copied to clipboard

RVD#39: Remote Firmware Upgrade in Alpha 1S As

3

```yaml { "id": 39, "title": "RVD#39: Remote Firmware Upgrade in Alpha 1S As", "type": "vulnerability", "description": "It is possible to remotely upgrade the Alpha 1S firmware by sending an undocumented...

aliasbot

The workflow push.yml is referencing action actions/checkout using references v1. However this reference is missing the commit [a6747255bd19d7a757dbdda8c654a9f84db19839](https://github.com/actions/checkout/commits/a6747255bd19d7a757dbdda8c654a9f84db19839) which may contain fix to the some vulnerability. The vulnerability fix that...

Freakston

The workflow issues_management.yml is referencing action actions/checkout using references v1. However this reference is missing the commit [a6747255bd19d7a757dbdda8c654a9f84db19839](https://github.com/actions/checkout/commits/a6747255bd19d7a757dbdda8c654a9f84db19839) which may contain fix to the some vulnerability. The vulnerability fix that...

fockboi-lgtm

RVD#3316: No authentication in MAVLink protocol

22

```yaml id: 3316 title: 'RVD#3316: No authentication in MAVLink protocol' type: vulnerability description: The Micro Air Vehicle Link (MAVLink) protocol presents no authentication mechanism on its version 1.0 (nor authorization)...

vmayoral

RVD#449: Lack of Forward Secrecy (FS) support in handshake algorithms

3

```yaml id: 449 title: 'RVD#449: Lack of Forward Secrecy (FS) support in handshake algorithms' type: weakness description: "In the DDS protocol, only two types of algorithms, \u201CDH+MODP-2048-256\u201D\ \ and \u201CECDH+prime256v1-CEUM\u201D,...

vmayoral

RVD#451: DDS cryptographic plugin, AES_GCM subject to forgery, key recovery and timing attacks, and nonce replay attacks

3

```yaml id: 451 title: 'RVD#451: DDS cryptographic plugin, AES_GCM subject to forgery, key recovery and timing attacks, and nonce replay attacks' type: vulnerability description: For the cryptographic plugin, AES_GCM and...

vmayoral

RVD#450: DDS authentication plugin weakness in prime256v1 curves might lead to data to side channel attacks

3

```yaml id: 450 title: 'RVD#450: DDS authentication plugin weakness in prime256v1 curves might lead to data to side channel attacks' type: weakness description: For the authentication plug-in, a participant is...

vmayoral

RVD#453: Prediction number attacks on sequence number during RTPS initialization (affects authentication and access DDS security plugins)

3

```yaml id: 453 title: 'RVD#453: Prediction number attacks on sequence number during RTPS initialization (affects authentication and access DDS security plugins)' type: weakness description: "The DDS Security standard states that,...

vmayoral

RVD#10: Relative Path Traversal vulnerability in SREA-01 and SREA-50

3

```yaml { "id": 10, "title": "RVD#10: Relative Path Traversal vulnerability in SREA-01 and SREA-50", "type": "vulnerability", "description": " Relative Path Traversal vulnerability in SREA-01 and SREA-50 legacy remote monitoring tools...

aliasbot

RVD#12: Authentication bypass vulnerability in SoftBank's Pepper and NAO robots's web console

3

```yaml { "id": 12, "title": "RVD#12: Authentication bypass vulnerability in SoftBank's Pepper and NAO robots's web console", "type": "vulnerability", "description": " An authentication bypass vulnerability in SoftBank's Pepper and NAO...

aliasbot