398 matches found
Double free
gnuplot 5.5 is affected by double free when executing printsetoutput. This may result in context-dependent arbitrary code execution...
CVE-2020-25559
gnuplot 5.5 is affected by double free when executing printsetoutput. This may result in context-dependent arbitrary code execution...
CVE-2020-25559
gnuplot 5.5 is affected by double free when executing printsetoutput. This may result in context-dependent arbitrary code execution...
CVE-2020-25559
CVE-2020-25559 affects gnuplot, where a double free during print_set_output can lead to context-dependent arbitrary code execution. Connected advisories confirm the issue in gnuplot 5.5 and note memory-management problems related to print_set_output, with some sources indicating the vulnerability...
CVE-2020-25559
gnuplot 5.5 is affected by double free when executing printsetoutput. This may result in context-dependent arbitrary code execution...
PT-2020-16110 · Gnu +5 · Gnuplot +5
Name of the Vulnerable Software and Affected Versions: gnuplot version 5.5 Description: The issue is related to a double free error when executing the function to set output. This error may lead to arbitrary code execution, depending on the context in which it is exploited. Recommendations: For...
PT-2020-16080 · Gnu +4 · Gnuplot +4
Name of the Vulnerable Software and Affected Versions: gnuplot version 5.4 Description: The issue is related to the com line function in command.c which leads to an out-of-bounds write from strncpy, potentially resulting in arbitrary code execution. Recommendations: For gnuplot version 5.4,...
Command Injection in gnuplot
All versions of gnuplot are vulnerable to Command Injection. The package fails to sanitize plot titles, which may allow attackers to execute arbitrary code in the system if the title value is supplied by a user. The following proof-of-concept creates a testing file in the current directory: var...
luggage (=0.0.3), unicorn-tears (>=0.0.1 <=0.0.2) +1 more potentially affected by unknown CVE via gnuplot (>=0.2.0 <=0.3.1)
gnuplot NPM version =0.2.0, =0.0.1, =1.0.0, =1.0.2 Source cves: unknown CVE Source advisory: OSV:GHSA-CFWC-XJFP-44JG...
GHSA-CFWC-XJFP-44JG Command Injection in gnuplot
All versions of gnuplot are vulnerable to Command Injection. The package fails to sanitize plot titles, which may allow attackers to execute arbitrary code in the system if the title value is supplied by a user. The following proof-of-concept creates a testing file in the current directory: var...
Huawei EulerOS: Security Advisory for gnuplot (EulerOS-SA-2020-1851)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP8 : gnuplot (EulerOS-SA-2020-1851)
According to the versions of the gnuplot packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary...
SUSE SLES12 Security Update : gnuplot (SUSE-SU-2020:1660-1)
This update for gnuplot fixes the following issues : Following security issues were fixed : CVE-2018-19492: Fixed a buffer overflow in cairotrmoptions function bsc1117463 CVE-2018-19491: Fixed a buffer overlow in the PSoptions function bsc1117464 CVE-2018-19490: Fixed a heap-based buffer overflow...
SUSE-SU-2020:1660-1 Security update for gnuplot
This update for gnuplot fixes the following issues: Following security issues were fixed: - CVE-2018-19492: Fixed a buffer overflow in cairotrmoptions function bsc1117463 - CVE-2018-19491: Fixed a buffer overlow in the PSoptions function bsc1117464 - CVE-2018-19490: Fixed a heap-based buffer...
Command Injection
Overview All versions of gnuplot are vulnerable to Command Injection. The package fails to sanitize plot titles, which may allow attackers to execute arbitrary code in the system if the title value is supplied by a user. The following proof-of-concept creates a testing file in the current...
CVE-2019-2820
Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite subcomponent: Gnuplot. The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise...
CVE-2019-2820
Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite subcomponent: Gnuplot. The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise...
Design/Logic Flaw
Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite subcomponent: Gnuplot. The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise...
CVE-2019-2820
Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite subcomponent: Gnuplot. The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise...
CVE-2019-2820
Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite subcomponent: Gnuplot. The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise...