398 matches found
CVE-2023-36812 Remote Code Execution in OpenTSDB
OpenTSDB is a open source, distributed, scalable Time Series Database TSDB. OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. This issue has been patched in commit...
CVE-2023-36812 Remote Code Execution in OpenTSDB
OpenTSDB is a open source, distributed, scalable Time Series Database TSDB. OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. This issue has been patched in commit...
CVE-2023-36812
OpenTSDB (2.4.1 affected; patched in 2.4.2) has a Remote Code Execution vulnerability (CVE-2023-36812) caused by writing user-controlled input to a Gnuplot configuration file and executing Gnuplot. The issue enables unauthenticated remote code execution via crafted requests, and is evidenced by p...
CVE-2023-36812 Remote Code Execution in OpenTSDB
OpenTSDB is a open source, distributed, scalable Time Series Database TSDB. OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. This issue has been patched in commit...
PT-2023-25703 · Opentsdb · Opentsdb
Name of the Vulnerable Software and Affected Versions: OpenTSDB versions prior to 2.4.2 Description: OpenTSDB is vulnerable to Remote Code Execution by writing user-controlled input to the Gnuplot configuration file and running Gnuplot with the generated configuration. The issue has been patched ...
Amazon Linux 2023 : gnuplot-common, gnuplot-latex, gnuplot-minimal (ALAS2023-2023-202)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-202 advisory. A Divide by Zero vulnerability exists in gnuplot 5.4 in the boundary3d function in graph3d.c, which could cause a Arithmetic exception and application crash. CVE-2021-44917 Tenable has extracted the...
Low: gnuplot
Issue Overview: A Divide by Zero vulnerability exists in gnuplot 5.4 in the boundary3d function in graph3d.c, which could cause a Arithmetic exception and application crash. CVE-2021-44917 Affected Packages: gnuplot Issue Correction: Run dnf update gnuplot --releasever 2023.0.20230607 or dnf upda...
Critical Photon OS Security Update - PHSA-2023-3.0-0578
Updates of 'runc', 'gnuplot', 'mysql', 'open-iscsi', 'cloud-init', 'etcd' packages of Photon OS have been released...
Command Injection
@stoqey/gnuplot is vulnerable to Command Injection. The vulnerability exists due to improper user-input sanitization in the plotCallack function of index.ts, which allows an attacker to execute arbitrary commands on the OS...
stoqey/gnuplot is vulnerable to command injection
An issue found in Stoqey gnuplot v.0.0.3 and earlier allows attackers to execute arbitrary code via the src/index.ts, plotCallack, childprocess, and/or filePath parameters...
GHSA-795W-7426-M94J stoqey/gnuplot is vulnerable to command injection
An issue found in Stoqey gnuplot v.0.0.3 and earlier allows attackers to execute arbitrary code via the src/index.ts, plotCallack, childprocess, and/or filePath parameters...
CVE-2021-33360
An issue found in Stoqey gnuplot v.0.0.3 and earlier allows attackers to execute arbitrary code via the src/index.ts, plotCallack, childprocess, and/or filePath parameters...
CVE-2021-33360
An issue found in Stoqey gnuplot v.0.0.3 and earlier allows attackers to execute arbitrary code via the src/index.ts, plotCallack, childprocess, and/or filePath parameters...
Design/Logic Flaw
An issue found in Stoqey gnuplot v.0.0.3 and earlier allows attackers to execute arbitrary code via the src/index.ts, plotCallack, childprocess, and/or filePath parameters...
CVE-2021-33360
An issue found in Stoqey gnuplot v.0.0.3 and earlier allows attackers to execute arbitrary code via the src/index.ts, plotCallack, childprocess, and/or filePath parameters...
CVE-2021-33360
An issue found in Stoqey gnuplot v.0.0.3 and earlier allows attackers to execute arbitrary code via the src/index.ts, plotCallack, childprocess, and/or filePath parameters...
gnuplot 安全漏洞
gnuplot is an interactive command-line tool that allows users to convert data and data functions into easy-to-see flat or three-dimensional graphics by entering commands. A security vulnerability exists in Stoqey gnuplot 0.0.3 and earlier versions, which can be exploited to execute arbitrary code...
CVE-2021-33360
CVE-2021-33360 affects Stoqey gnuplot v0.0.3 and earlier. The issue allows an attacker to execute arbitrary code via the src/index.ts, plotCallack, child_process, and/or filePath parameters, with the NVD metrics indicating a CRITICAL impact (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, base score 9.8). A...
SUSE CVE-2016-5239
The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors...
SUSE CVE-2017-9670
An uninitialized stack variable vulnerability in loadticseries in set.c in gnuplot 5.2.rc1 allows an attacker to cause Denial of Service Segmentation fault and Memory Corruption or possibly have unspecified other impact when a victim opens a specially crafted file...