7 matches found
CVE-2026-30930
CVE-2026-30930 affects Glances prior to version 4.5.1. The TimescaleDB export module builds SQL queries by concatenating unsanitized system-monitoring data. The normalize() function wraps values in single quotes but does not escape embedded quotes, allowing SQL injection via attacker-controlled d...
EUVD-2026-10542
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize method wraps string values in single quotes but does not escape embedded single...
SUSE CVE-2010-1759
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors related to the Node.normalize method...
apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus "limited" path traversal,...
apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus "limited" path traversal,...
apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus "limited" path traversal,...
apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus "limited" path traversal,...