Total
13 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-15150 | 1 Dronecode | 1 Px4 Drone Autopilot | 2025-12-31 | 4.3 MEDIUM | 5.3 MEDIUM |
|
A vulnerability was found in PX4 PX4-Autopilot up to 1.16.0. Affected by this issue is the function MavlinkLogHandler::state_listing/MavlinkLogHandler::log_entry_from_id of the file src/modules/mavlink/mavlink_log_handler.cpp. The manipulation results in stack-based buffer overflow. The attack is only possible with local access. The patch is identified as 338595edd1d235efd885fd5e9f45e7f9dcf4013d. It is best practice to apply a patch to resolve this issue.
|
|||||
| CVE-2024-30800 | 1 Dronecode | 1 Px4 Drone Autopilot | 2025-06-30 | N/A | 5.6 MEDIUM |
|
PX4 Autopilot v.1.14 allows an attacker to fly the drone into no-fly zones by breaching the geofence using flaws in the function.
|
|||||
| CVE-2024-38951 | 1 Dronecode | 1 Px4 Drone Autopilot | 2025-06-20 | N/A | 6.5 MEDIUM |
|
A buffer overflow in PX4-Autopilot v1.12.3 allows attackers to cause a Denial of Service (DoS) via a crafted MavLink message.
|
|||||
| CVE-2024-38952 | 1 Dronecode | 1 Px4 Drone Autopilot | 2025-06-20 | N/A | 7.5 HIGH |
|
PX4-Autopilot v1.14.3 was discovered to contain a buffer overflow via the topic_name parameter at /logger/logged_topics.cpp.
|
|||||
| CVE-2024-40427 | 1 Dronecode | 1 Px4 Drone Autopilot | 2025-06-20 | N/A | 7.9 HIGH |
|
Stack Buffer Overflow in PX4-Autopilot v1.14.3, which allows attackers to execute commands to exploit this vulnerability and cause the program to refuse to execute
|
|||||
| CVE-2024-30799 | 1 Dronecode | 1 Px4 Drone Autopilot | 2025-06-12 | N/A | 4.4 MEDIUM |
|
An issue in PX4 Autopilot v1.14 and before allows a remote attacker to execute arbitrary code and cause a denial of service via the Breach Return Point function.
|
|||||
| CVE-2024-29460 | 1 Dronecode | 1 Px4 Drone Autopilot | 2025-06-12 | N/A | 6.6 MEDIUM |
|
An issue in PX4 Autopilot v.1.14.0 allows an attacker to manipulate the flight path allowing for crashes of the drone via the home point location of the mission_block.cpp component.
|
|||||
| CVE-2024-24254 | 1 Dronecode | 1 Px4 Drone Autopilot | 2025-06-05 | N/A | 4.2 MEDIUM |
|
PX4 Autopilot 1.14 and earlier, due to the lack of synchronization mechanism for loading geofence data, has a Race Condition vulnerability in the geofence.cpp and mission_feasibility_checker.cpp. This will result in the drone uploading overlapping geofences and mission routes.
|
|||||
| CVE-2024-24255 | 1 Dronecode | 1 Px4 Drone Autopilot | 2025-05-08 | N/A | 4.2 MEDIUM |
|
A Race Condition discovered in geofence.cpp and mission_feasibility_checker.cpp in PX4 Autopilot 1.14 and earlier allows attackers to send drones on unintended missions.
|
|||||
| CVE-2021-34125 | 2 Dronecode, Yuneec | 3 Px4 Drone Autopilot, Mantis Q, Mantis Q Firmware | 2025-02-28 | N/A | 7.5 HIGH |
|
An issue discovered in Yuneec Mantis Q and PX4-Autopilot v 1.11.3 and below allow attacker to gain access to sensitive information via various nuttx commands.
|
|||||
| CVE-2023-47625 | 1 Dronecode | 1 Px4 Drone Autopilot | 2024-11-21 | N/A | 2.9 LOW |
|
PX4 autopilot is a flight control solution for drones. In affected versions a global buffer overflow vulnerability exists in the CrsfParser_TryParseCrsfPacket function in /src/drivers/rc/crsf_rc/CrsfParser.cpp:298 due to the invalid size check. A malicious user may create an RC packet remotely and that packet goes into the device where the _rcs_buf reads. The global buffer overflow vulnerability will be triggered and the drone can behave unexpectedly. This issue has been addressed in version 1.1 ...
Show More |
|||||
| CVE-2023-46256 | 1 Dronecode | 1 Px4 Drone Autopilot | 2024-11-21 | N/A | 4.4 MEDIUM |
|
PX4-Autopilot provides PX4 flight control solution for drones. In versions 1.14.0-rc1 and prior, PX4-Autopilot has a heap buffer overflow vulnerability in the parser function due to the absence of `parserbuf_index` value checking. A malfunction of the sensor device can cause a heap buffer overflow with leading unexpected drone behavior. Malicious applications can exploit the vulnerability even if device sensor malfunction does not occur. Up to the maximum value of an `unsigned int`, bytes sized ...
Show More |
|||||
| CVE-2021-46896 | 1 Dronecode | 1 Px4 Drone Autopilot | 2024-11-21 | N/A | 7.5 HIGH |
|
Buffer Overflow vulnerability in PX4-Autopilot allows attackers to cause a denial of service via handler function handling msgid 332.
|
|||||