28 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-35588
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Cassandra export module glances/exports/glancescassandra/init.py...
EUVD-2026-23992
Glances has CQL Injection in its Cassandra Export Module via Unsanitized Config Values...
Glances has CQL Injection in its Cassandra Export Module via Unsanitized Config Values
Summary The Cassandra export module glances/exports/glancescassandra/init.py interpolates keyspace, table, and replicationfactor configuration values directly into CQL statements without validation. A user with write access to glances.conf can redirect all monitoring data to an attacker-controlle...
GHSA-GRP3-H8M8-45P7 Glances has CQL Injection in its Cassandra Export Module via Unsanitized Config Values
Summary The Cassandra export module glances/exports/glancescassandra/init.py interpolates keyspace, table, and replicationfactor configuration values directly into CQL statements without validation. A user with write access to glances.conf can redirect all monitoring data to an attacker-controlle...
CVE-2026-35588
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Cassandra export module glances/exports/glancescassandra/init.py interpolates keyspace, table, and replicationfactor configuration values directly into CQL statements without validation. A user with write...
DEBIAN-CVE-2026-35588
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Cassandra export module glances/exports/glancescassandra/init.py interpolates keyspace, table, and replicationfactor configuration values directly into CQL statements without validation. A user with write...
CVE-2026-35588
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Cassandra export module glances/exports/glancescassandra/init.py interpolates keyspace, table, and replicationfactor configuration values directly into CQL statements without validation. A user with write...
CVE-2026-35588 Glances has CQL Injection in its Cassandra Export Module via Unsanitized Config Values
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Cassandra export module glances/exports/glancescassandra/init.py interpolates keyspace, table, and replicationfactor configuration values directly into CQL statements without validation. A user with write...
EUVD-2001-0988
Malware in sbrugna...
EUVD-2023-1221
Malicious code in bioql PyPI...
CVE-2025-48372
Schule is open-source school management system software. The generateOTP function generates a 4-digit numeric One-Time Password OTP. Prior to version 1.0.1, even if a secure random number generator is used, the short length and limited range 1000–9999 results in only 9000 possible combinations...
CVE-2025-48372 Schule Has Insecure OTP Length, is Susceptible to Brute-Force Attacks
Schule is open-source school management system software. The generateOTP function generates a 4-digit numeric One-Time Password OTP. Prior to version 1.0.1, even if a secure random number generator is used, the short length and limited range 1000–9999 results in only 9000 possible combinations...
CVE-2025-48372 Schule Has Insecure OTP Length, is Susceptible to Brute-Force Attacks
Schule is open-source school management system software. The generateOTP function generates a 4-digit numeric One-Time Password OTP. Prior to version 1.0.1, even if a secure random number generator is used, the short length and limited range 1000–9999 results in only 9000 possible combinations...
BIT-SCYLLADB-2023-33972 Privilege escalation from having CREATE access on a keyspace in Scylladb
Scylladb is a NoSQL data store using the seastar framework, compatible with Apache Cassandra. Authenticated users who are authorized to create tables in a keyspace can escalate their privileges to access a table in the same keyspace, even if they don't have permissions for that table. This issue...
CVE-2023-33972
Scylladb is a NoSQL data store using the seastar framework, compatible with Apache Cassandra. Authenticated users who are authorized to create tables in a keyspace can escalate their privileges to access a table in the same keyspace, even if they don't have permissions for that table. This issue...
CVE-2023-33972 Privilege escalation from having CREATE access on a keyspace in Scylladb
Scylladb is a NoSQL data store using the seastar framework, compatible with Apache Cassandra. Authenticated users who are authorized to create tables in a keyspace can escalate their privileges to access a table in the same keyspace, even if they don't have permissions for that table. This issue...
CVE-2023-33972 Privilege escalation from having CREATE access on a keyspace in Scylladb
Scylladb is a NoSQL data store using the seastar framework, compatible with Apache Cassandra. Authenticated users who are authorized to create tables in a keyspace can escalate their privileges to access a table in the same keyspace, even if they don't have permissions for that table. This issue...
PT-2023-5666 · Scylladb · Scylladb
Name of the Vulnerable Software and Affected Versions: Scylladb affected versions not specified Description: The issue is related to errors in privilege management in the NoSQL database management system Scylladb. Exploitation of this issue may allow a remote attacker to escalate their privileges...
CVE-2023-29194
Vitess is a database clustering system for horizontal scaling of MySQL. Users can either intentionally or inadvertently create a keyspace containing / characters such that from that point on, anyone who tries to view keyspaces from VTAdmin will receive an error. Trying to list all the keyspaces...
AZL-26295 CVE-2023-29194 affecting package vitess for versions less than 16.0.2-1
Vitess is a database clustering system for horizontal scaling of MySQL. Users can either intentionally or inadvertently create a keyspace containing / characters such that from that point on, anyone who tries to view keyspaces from VTAdmin will receive an error. Trying to list all the keyspaces...