Vulnerabilities > Dronecode

DATE CVE VULNERABILITY TITLE RISK
2024-02-06 CVE-2024-24255 Race Condition vulnerability in Dronecode PX4 Drone Autopilot
A Race Condition discovered in geofence.cpp and mission_feasibility_checker.cpp in PX4 Autopilot 1.14 and earlier allows attackers to send drones on unintended missions.
network
high complexity
dronecode CWE-362
4.2
2024-02-06 CVE-2024-24254 Race Condition vulnerability in Dronecode PX4 Drone Autopilot
PX4 Autopilot 1.14 and earlier, due to the lack of synchronization mechanism for loading geofence data, has a Race Condition vulnerability in the geofence.cpp and mission_feasibility_checker.cpp.
network
high complexity
dronecode CWE-362
4.2
2023-11-13 CVE-2023-47625 Classic Buffer Overflow vulnerability in Dronecode PX4 Drone Autopilot 1.14.0
PX4 autopilot is a flight control solution for drones.
network
low complexity
dronecode CWE-120
4.3
2023-10-31 CVE-2023-46256 Out-of-bounds Write vulnerability in Dronecode PX4 Drone Autopilot
PX4-Autopilot provides PX4 flight control solution for drones.
network
low complexity
dronecode CWE-787
critical
9.8
2023-07-06 CVE-2021-46896 Classic Buffer Overflow vulnerability in Dronecode PX4 Drone Autopilot
Buffer Overflow vulnerability in PX4-Autopilot allows attackers to cause a denial of service via handler function handling msgid 332.
network
low complexity
dronecode CWE-120
7.5
2023-03-09 CVE-2021-34125 An issue discovered in Yuneec Mantis Q and PX4-Autopilot v 1.11.3 and below allow attacker to gain access to sensitive information via various nuttx commands.
network
low complexity
dronecode yuneec
7.5
2020-08-20 CVE-2020-10283 Unspecified vulnerability in Dronecode Micro AIR Vehicle Link 1.0.0
The Micro Air Vehicle Link (MAVLink) protocol presents authentication mechanisms on its version 2.0 however according to its documentation, in order to maintain backwards compatibility, GCS and autopilot negotiate the version via the AUTOPILOT_VERSION message.
network
low complexity
dronecode
critical
9.8
2020-07-03 CVE-2020-10282 Missing Authentication for Critical Function vulnerability in Dronecode Micro AIR Vehicle Link 1.0.0
The Micro Air Vehicle Link (MAVLink) protocol presents no authentication mechanism on its version 1.0 (nor authorization) whichs leads to a variety of attacks including identity spoofing, unauthorized access, PITM attacks and more.
network
low complexity
dronecode CWE-306
7.5
2020-07-03 CVE-2020-10281 Cleartext Transmission of Sensitive Information vulnerability in Dronecode Micro AIR Vehicle Link
This vulnerability applies to the Micro Air Vehicle Link (MAVLink) protocol and allows a remote attacker to gain access to sensitive information provided it has access to the communication medium.
network
low complexity
dronecode CWE-319
5.0