Lucene search
+L

84 matches found

NVD
NVD
added 2026/07/09 5:17 p.m.10 views

CVE-2026-58459

gpsd through release-3.27.5, fixed at commit 4c06658, contains a command injection vulnerability in gpsprof that allows attackers who control the GPS device subtype value to execute arbitrary shell commands by embedding backtick payloads in the gnuplot plot title without proper escaping. The...

9.6CVSS0.01775EPSS
Exploits1References5
EUVD
EUVD
added 2026/07/09 4:14 p.m.5 views

EUVD-2026-42622

gpsd through release-3.27.5, fixed at commit 4c06658, contains a command injection vulnerability in gpsprof that allows attackers who control the GPS device subtype value to execute arbitrary shell commands by embedding backtick payloads in the gnuplot plot title without proper escaping. The...

8.4CVSS6.3AI score0.01775EPSS
Exploits1References5
NVD
NVD
added 2026/06/25 7:16 p.m.11 views

CVE-2026-56790

CANBoat through 6.22, fixed in commit a5a22b7, contains an off-by-one global buffer overflow in the searchForPgn function in analyzer/pgn.c that allows remote attackers to crash the application. Attackers can deliver a crafted NMEA-2000 message with an out-of-range PGN value over CAN bus or...

7.3CVSS0.00215EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/25 6:14 p.m.8 views

CVE-2026-56790 CANBoat - Off-by-One Global Buffer Overflow in searchForPgn()

CANBoat through 6.22, fixed in commit a5a22b7, contains an off-by-one global buffer overflow in the searchForPgn function in analyzer/pgn.c that allows remote attackers to crash the application. Attackers can deliver a crafted NMEA-2000 message with an out-of-range PGN value over CAN bus or...

7.3CVSS6.1AI score0.00215EPSS
Exploits0References4
CVE
CVE
added 2026/06/25 6:14 p.m.17 views

CVE-2026-56790

CANBoat (up to version 6.22) contains an off-by-one global buffer overflow in analyzer/pgn.c:searchForPgn() that can crash the application when processing a crafted NMEA-2000 message with an out-of-range PGN sent over CAN bus or N2K-over-IP. The root cause is an out-of-bounds array access. The is...

7.3CVSS6.2AI score0.00215EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.15 views

PT-2026-52553

Name of the Vulnerable Software and Affected Versions CANBoat versions prior to 6.23 Description An off-by-one global buffer overflow exists in the searchForPgn function within the analyzer/pgn.c file. A remote attacker can trigger an out-of-bounds array access and cause a denial of service,...

7.3CVSS6.1AI score0.00215EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.9 views

CVE-2026-29974

An issue was discovered in kosma minmea 0.3.0. The minmeascan functions format specifier copies NMEA field data to a caller-provided buffer without a size parameter. Applications using minmeascan on untrusted input are vulnerable to a stack buffer overflow...

7.5CVSS5.7AI score0.00307EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/08 6:31 p.m.11 views

EUVD-2026-28786

An issue was discovered in kosma minmea 0.3.0. The minmeascan functions format specifier copies NMEA field data to a caller-provided buffer without a size parameter. Applications using minmeascan on untrusted input are vulnerable to a stack buffer overflow...

7.5CVSS6.1AI score0.00307EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/08 6:29 p.m.7 views

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow via the minmeascan function. An attacker can execute arbitrary code or cause a denial of service by supplying specially crafted NMEA input that leads to copying data into a buffer without proper size...

8.7CVSS6.3AI score0.00307EPSS
Exploits0References2
NVD
NVD
added 2026/05/08 4:16 p.m.15 views

CVE-2026-29974

An issue was discovered in kosma minmea 0.3.0. The minmeascan functions format specifier copies NMEA field data to a caller-provided buffer without a size parameter. Applications using minmeascan on untrusted input are vulnerable to a stack buffer overflow...

7.5CVSS0.00307EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/08 12:0 a.m.33 views

CVE-2026-29974

An issue was discovered in kosma minmea 0.3.0. The minmeascan functions format specifier copies NMEA field data to a caller-provided buffer without a size parameter. Applications using minmeascan on untrusted input are vulnerable to a stack buffer overflow...

0.00307EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.9 views

minmea 安全漏洞

Minmea is a lightweight GPS data parsing library developed by Kosma Moczek. Version 0.3.0 of Minmea contains a security vulnerability. This vulnerability stems from the format specifier used in the minmeascan function, which copies NMEA field data into the buffer provided by the caller without...

7.5CVSS6AI score0.00307EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/08 12:0 a.m.9 views

CVE-2026-29974

An issue was discovered in kosma minmea 0.3.0. The minmeascan functions format specifier copies NMEA field data to a caller-provided buffer without a size parameter. Applications using minmeascan on untrusted input are vulnerable to a stack buffer overflow...

6.1AI score0.00307EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/08 12:0 a.m.6 views

CVE-2026-29974

An issue was discovered in kosma minmea 0.3.0. The minmeascan functions format specifier copies NMEA field data to a caller-provided buffer without a size parameter. Applications using minmeascan on untrusted input are vulnerable to a stack buffer overflow...

7.5CVSS6.1AI score0.00307EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2026/04/21 5:17 p.m.7 views

current-impact (=1.0.0), nmea-streamer (>=1.0.1 <=2.2.0) potentially affected by CVE-2026-39320 via signalk-server (=1.46.3)

signalk-server NPM version =1.46.3 is affected by a known vulnerability. The following packages have a transitive dependency on signalk-server and may be impacted: - current-impact =1.0.0 - nmea-streamer =1.0.1, =2.2.0 Source cves: CVE-2026-39320 Source advisory: OSV:GHSA-7GCJ-PHFF-2884...

7.5CVSS5.8AI score0.00427EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/04/03 9:42 p.m.7 views

current-impact (=1.0.0), nmea-streamer (>=1.0.1 <=2.2.0) potentially affected by CVE-2026-33951 via signalk-server (=1.46.3)

signalk-server NPM version =1.46.3 is affected by a known vulnerability. The following packages have a transitive dependency on signalk-server and may be impacted: - current-impact =1.0.0 - nmea-streamer =1.0.1, =2.2.0 Source cves: CVE-2026-33951 Source advisory: OSV:GHSA-GFMV-VH34-H2X5...

7.5CVSS5.8AI score0.0031EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/03 9:37 p.m.7 views

current-impact (=1.0.0), nmea-streamer (>=1.0.1 <=2.2.0) potentially affected by CVE-2026-33950 via signalk-server (=1.46.3)

signalk-server NPM version =1.46.3 is affected by a known vulnerability. The following packages have a transitive dependency on signalk-server and may be impacted: - current-impact =1.0.0 - nmea-streamer =1.0.1, =2.2.0 Source cves: CVE-2026-33950 Source advisory: OSV:GHSA-X8HC-FQV3-7GWF...

9.4CVSS5.8AI score0.00418EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/04/03 4:4 a.m.7 views

current-impact (=1.0.0), nmea-streamer (>=1.0.1 <=2.2.0) potentially affected by CVE-2026-35038 via signalk-server (=1.46.3)

signalk-server NPM version =1.46.3 is affected by a known vulnerability. The following packages have a transitive dependency on signalk-server and may be impacted: - current-impact =1.0.0 - nmea-streamer =1.0.1, =2.2.0 Source cves: CVE-2026-35038 Source advisory: OSV:GHSA-QH3J-MRG8-F234...

6.5CVSS5.8AI score0.00308EPSS
Exploits1
OSV
OSV
added 2026/01/30 12:39 a.m.5 views

MGASA-2026-0028 Updated gpsd packages fix security vulnerabilities

gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/drivernmea2000.c file. The hnd129540 function, which handles NMEA2000 PGN 129540 GNSS Satellites in View packets, fails to validate the user-supplied satellite count against the size of the skyview...

9.8CVSS6.1AI score0.00674EPSS
Exploits3References3
Mageia
Mageia
added 2026/01/30 12:39 a.m.12 views

Updated gpsd packages fix security vulnerabilities

gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/drivernmea2000.c file. The hnd129540 function, which handles NMEA2000 PGN 129540 GNSS Satellites in View packets, fails to validate the user-supplied satellite count against the size of the skyview...

9.8CVSS6.1AI score0.00674EPSS
Exploits3References2
Rows per page
Query Builder