410 matches found
CVE-2026-58459
A flaw was found in gpsd, a service application that monitors one or more GPSes or AIS receivers. The gpsprof utility is vulnerable to a command injection. An attacker who can control the GPS device subtype value can embed malicious commands within the gnuplot plot title. When a user processes a...
Linux Distros Unpatched Vulnerability : CVE-2026-58459
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gpsd through release-3.27.5, fixed at commit 4c06658, contains a command injection vulnerability in gpsprof that allows attackers who control the GPS device...
DEBIAN-CVE-2026-58459
gpsd through release-3.27.5, fixed at commit 4c06658, contains a command injection vulnerability in gpsprof that allows attackers who control the GPS device subtype value to execute arbitrary shell commands by embedding backtick payloads in the gnuplot plot title without proper escaping. The...
CVE-2026-58459
gpsd through release-3.27.5, fixed at commit 4c06658, contains a command injection vulnerability in gpsprof that allows attackers who control the GPS device subtype value to execute arbitrary shell commands by embedding backtick payloads in the gnuplot plot title without proper escaping. The...
CVE-2026-58459
gpsd through release-3.27.5, fixed at commit 4c06658, contains a command injection vulnerability in gpsprof that allows attackers who control the GPS device subtype value to execute arbitrary shell commands by embedding backtick payloads in the gnuplot plot title without proper escaping. The...
CVE-2026-58459 gpsd gpsprof Command Injection via gnuplot plot title subtype field
gpsd through release-3.27.5, fixed at commit 4c06658, contains a command injection vulnerability in gpsprof that allows attackers who control the GPS device subtype value to execute arbitrary shell commands by embedding backtick payloads in the gnuplot plot title without proper escaping. The...
CVE-2026-58459 gpsd gpsprof Command Injection via gnuplot plot title subtype field
gpsd through release-3.27.5, fixed at commit 4c06658, contains a command injection vulnerability in gpsprof that allows attackers who control the GPS device subtype value to execute arbitrary shell commands by embedding backtick payloads in the gnuplot plot title without proper escaping. The...
EUVD-2026-42622
gpsd through release-3.27.5, fixed at commit 4c06658, contains a command injection vulnerability in gpsprof that allows attackers who control the GPS device subtype value to execute arbitrary shell commands by embedding backtick payloads in the gnuplot plot title without proper escaping. The...
CVE-2026-58459
CVE-2026-58459 affects gpsd (through release-3.27.5) with a command injection in the gpsprof workflow. The subtype value of the GPS device (sourced from a DEVICES JSON log entry or NMEA PGRMT sentence) is written into a generated gnuplot program via a set title statement that escapes only double ...
CVE-2026-58459
gpsd through release-3.27.5, fixed at commit 4c06658, contains a command injection vulnerability in gpsprof that allows attackers who control the GPS device subtype value to execute arbitrary shell commands by embedding backtick payloads in the gnuplot plot title without proper escaping. The...
JLSEC-2026-355
A flaw was found in gnuplot. The plot3dpoints function may lead to a segmentation fault and cause a system crash...
JLSEC-2026-359
A flaw was found in gnuplot. The X11graphics function may lead to a segmentation fault and cause a system crash...
JLSEC-2026-357
A flaw was found in gnuplot. The xstrftime function may lead to a segmentation fault, causing a system crash...
JLSEC-2026-358
A flaw was found in gnuplot. The CANVAStext function may lead to a segmentation fault and cause a system crash...
JLSEC-2026-356
A flaw was found in gnuplot. The GetAnnotateString function may lead to a segmentation fault and cause a system crash...
CVE-1999-0409
Buffer overflow in gnuplot in Linux version 3.5 allows local users to obtain root access...
ROS-20251216-7306
Vulnerability in gnuplot related to insufficient checking for unusual or exceptional states. Exploitation of the vulnerability could allow a remote attacker to cause a denial of service...
ROS-20251216-7304
Vulnerability in gnuplot related to null pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
ROS-20251216-7305
Vulnerability in gnuplot related to null pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
ROS-20251216-7312
Vulnerability in gnuplot related to null pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denial of service...