Nicolargo

Glances

15 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.3

CVE-2026-35588

  • EPSS 0.02%
  • Veröffentlicht 20.04.2026 23:20:34
  • Zuletzt bearbeitet 21.04.2026 16:20:24

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Cassandra export module (`glances/exports/glances_cassandra/__init__.py`) interpolates `keyspace`, `table`, and `replication_factor` configuration values dir...

7.3

CVE-2026-35587

  • EPSS 0.04%
  • Veröffentlicht 20.04.2026 23:19:02
  • Zuletzt bearbeitet 21.04.2026 16:20:24

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, a Server-Side Request Forgery (SSRF) vulnerability exists in the Glances IP plugin due to improper validation of the public_api configuration parameter. The valu...

7.7

CVE-2026-34839

  • EPSS 0.06%
  • Veröffentlicht 20.04.2026 23:09:02
  • Zuletzt bearbeitet 21.04.2026 20:16:57

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Glances web server exposes a REST API (`/api/4/*`) that is accessible without authentication and allows cross-origin requests from any origin due to a permis...

7.8

CVE-2026-33641

Exploit
  • EPSS 0.02%
  • Veröffentlicht 02.04.2026 14:57:51
  • Zuletzt bearbeitet 07.04.2026 14:59:46

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavi...

6.5

CVE-2026-33533

Exploit
  • EPSS 0.03%
  • Veröffentlicht 02.04.2026 14:56:38
  • Zuletzt bearbeitet 07.04.2026 15:01:52

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, the Glances XML-RPC server (activated with glances -s or glances --server) sends Access-Control-Allow-Origin: * on every HTTP response. Because the XML-RPC handl...

8.1

CVE-2026-32634

Exploit
  • EPSS 0.01%
  • Veröffentlicht 18.03.2026 17:55:30
  • Zuletzt bearbeitet 19.03.2026 19:03:47

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address for dynamic servers, but later builds connection U...

9.1

CVE-2026-32633

Exploit
  • EPSS 0.07%
  • Veröffentlicht 18.03.2026 17:53:11
  • Zuletzt bearbeitet 19.03.2026 19:04:46

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, the `/api/4/serverslist` endpoint returns raw server objects from `GlancesServersList.get_servers_list()`. Those objects are mutated in-...

5.9

CVE-2026-32632

Exploit
  • EPSS 0.02%
  • Veröffentlicht 18.03.2026 17:47:25
  • Zuletzt bearbeitet 19.03.2026 19:06:36

Glances is an open-source system cross-platform monitoring tool. Glances recently added DNS rebinding protection for the MCP endpoint, but prior to version 4.5.2, the main REST/WebUI FastAPI application still accepts arbitrary `Host` headers and does...

9.1

CVE-2026-32611

Exploit
  • EPSS 0.01%
  • Veröffentlicht 18.03.2026 17:21:18
  • Zuletzt bearbeitet 19.03.2026 19:11:13

Glances is an open-source system cross-platform monitoring tool. The GHSA-x46r fix (commit 39161f0) addressed SQL injection in the TimescaleDB export module by converting all SQL operations to use parameterized queries and `psycopg.sql` composable ob...

8.1

CVE-2026-32610

Exploit
  • EPSS 0.03%
  • Veröffentlicht 18.03.2026 16:31:12
  • Zuletzt bearbeitet 21.03.2026 00:16:56

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, the Glances REST API web server ships with a default CORS configuration that sets `allow_origins=["*"]` combined with `allow_credentials=True`. When both of thes...