Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-grp3-h8m8-45p7
  • PyPI/glances
 Glances has CQL Injection in its Cassandra Export Module via Unsanitized Config Values 21 Apr
  • Fix available
  • Severity - 6.3 (Medium)
GHSA-g5pq-48mj-jvw8
  • PyPI/glances
 Glances has SSRF in IP Plugin via public_api leading to credential leakage 21 Apr
  • Fix available
  • Severity - 7.3 (High)
GHSA-gfc2-9qmw-w7vh
  • PyPI/glances
 Glances: Cross-Origin Information Disclosure via Unauthenticated REST API (/api/4) due to Permissive CORS 21 Apr
  • Fix available
  • Severity - 7.1 (High)
GHSA-qhj7-v7h7-q4c7
  • PyPI/glances
 Glances Vulnerable to Command Injection via Dynamic Configuration Values 30 Mar
  • Fix available
  • Severity - 7.8 (High)
GHSA-7p93-6934-f4q7
  • PyPI/glances
 Glances Vulnerable to Cross-Origin System Information Disclosure via XML-RPC Server CORS Wildcard 30 Mar
  • Fix available
  • Severity - 7.1 (High)
GHSA-vx5f-957p-qpvm
  • PyPI/glances
 Glances Central Browser Autodiscovery Leaks Reusable Credentials to Zeroconf-Spoofed Servers 16 Mar
  • Fix available
  • Severity - 8.1 (High)
GHSA-r297-p3v4-wp8m
  • PyPI/glances
 Glances's Browser API Exposes Reusable Downstream Credentials via `/api/4/serverslist` 16 Mar
  • Fix available
  • Severity - 9.1 (Critical)
GHSA-hhcg-r27j-fhv9
  • PyPI/glances
 Glances's REST/WebUI Lacks Host Validation and Remains Exposed to DNS Rebinding 16 Mar
  • Fix available
  • Severity - 5.9 (Medium)
GHSA-49g7-2ww7-3vf5
  • PyPI/glances
 Glances has a SQL Injection in DuckDB Export via Unparameterized DDL Statements 16 Mar
  • Fix available
  • Severity - 7.0 (High)
GHSA-9jfm-9rc6-2hfq
  • PyPI/glances
 Glances's Default CORS Configuration Allows Cross-Origin Credential Theft 16 Mar
  • Fix available
  • Severity - 8.1 (High)
GHSA-cvwp-r2g2-j824
  • PyPI/glances
 Glances has Incomplete Secrets Redaction: /api/v4/args Endpoint Leaks Password Hash and SNMP Credentials 16 Mar
  • Fix available
  • Severity - 7.5 (High)
GHSA-vcv2-q258-wrg7
  • PyPI/glances
 Glances has a Command Injection via Process Names in Action Command Templates 16 Mar
  • Fix available
  • Severity - 7.0 (High)
GHSA-wvxv-4j8q-4wjq
  • PyPI/glances
 Glances exposes the REST API without authentication 16 Mar
  • Fix available
  • Severity - 8.7 (High)
GHSA-x46r-mf5g-xpr6
  • PyPI/glances
 Glances has SQL Injection via Process Names in TimescaleDB Export 09 Mar
  • Fix available
  • Severity - 7.3 (High)
GHSA-gh4x-f7cq-wwx6
  • PyPI/glances
 Glances Exposes Unauthenticated Configuration Secrets 09 Mar
  • Fix available
  • Severity - 8.7 (High)
GHSA-r2mj-8wgq-73m6
  • PyPI/glances
 XML External Entity Reference in Glances 09 Aug 2021
  • Fix available
  • Severity - 5.3 (Medium)
Load more...(1 page left)