66 matches found
CVE-2026-41889 vulnerabilities
Vulnerabilities for packages: chainloop-control-plane, step-fips, rke2-cloud-provider-fips, envoy-gateway, telegraf, dapr, zitadel, kube-bench, steampipe, juicefs, hydra-fips, ory-kratos-fips, flyte, grafana-fips, envoy-gateway-fips, opentelemetry-collector-contrib, goose-fips, step-issuer-fips,...
SUSE CVE-2026-32611
Glances is an open-source system cross-platform monitoring tool. The GHSA-x46r fix commit 39161f0 addressed SQL injection in the TimescaleDB export module by converting all SQL operations to use parameterized queries and psycopg.sql composable objects. However, the DuckDB export module...
CVE-2026-32611
Glances is an open-source system cross-platform monitoring tool. The GHSA-x46r fix commit 39161f0 addressed SQL injection in the TimescaleDB export module by converting all SQL operations to use parameterized queries and psycopg.sql composable objects. However, the DuckDB export module...
SQL Injection
Glances is vulnerable to SQL Injection. The vulnerability is due to constructing SQL queries using string concatenation with unsanitized data in the TimescaleDB export module, where values are wrapped in quotes without proper escaping, allowing attacker-controlled inputs e.g., process names or...
SUSE CVE-2026-30930
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize method wraps string values in single quotes but does not escape embedded single...
Linux Distros Unpatched Vulnerability : CVE-2026-30930
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation...
DEBIAN-CVE-2026-30930
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize method wraps string values in single quotes but does not escape embedded single...
CVE-2026-30930 Glances has SQL Injection via Process Names in TimescaleDB Export
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize method wraps string values in single quotes but does not escape embedded single...
CVE-2026-30930 Glances has SQL Injection via Process Names in TimescaleDB Export
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize method wraps string values in single quotes but does not escape embedded single...
CVE-2026-30930
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize method wraps string values in single quotes but does not escape embedded single...
EUVD-2026-10542
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize method wraps string values in single quotes but does not escape embedded single...
CVE-2026-30930 Glances has SQL Injection via Process Names in TimescaleDB Export
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize method wraps string values in single quotes but does not escape embedded single...
CVE-2026-30930
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize method wraps string values in single quotes but does not escape embedded single...
glances SQL注入漏洞
Glances is a system monitoring tool developed by Nicolas Hennion. Versions of Glances prior to 4.5.1 contained an SQL injection vulnerability. This vulnerability stemmed from the TimescaleDB export module using uncleaned data to construct SQL queries, which could lead to SQL injection attacks...
SQL Injection
Overview Glances is an A cross-platform curses-based monitoring tool Affected versions of this package are vulnerable to SQL Injection via the normalize function in the TimescaleDB export module, which constructs SQL queries using unsanitized system monitoring data such as process names, filesyst...
GHSA-X46R-MF5G-XPR6 Glances has SQL Injection via Process Names in TimescaleDB Export
Summary The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize method wraps string values in single quotes but does not escape embedded single quotes, making SQL injection trivial via attacker-controlled data such as...
Glances has SQL Injection via Process Names in TimescaleDB Export
Summary The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize method wraps string values in single quotes but does not escape embedded single quotes, making SQL injection trivial via attacker-controlled data such as...
PT-2026-24168
Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.1 Description Glances, a cross-platform system monitoring tool, contains a flaw in its TimescaleDB export module. The module builds SQL queries by concatenating strings with unverified system monitoring data. The...
SUSE CVE-2026-29089
TimescaleDB is a time-series database for high-performance real-time analytics packaged as a Postgres extension. From version 2.23.0 to 2.25.1, PostgreSQL uses the searchpath setting to locate unqualified database objects tables, functions, operators. If the searchpath includes user-writable...
CVE-2026-29089
A flaw was found in TimescaleDB, a time-series database extension for PostgreSQL. A malicious user can exploit this vulnerability by creating functions in user-writable schemas that shadow built-in PostgreSQL functions. During an extension upgrade, PostgreSQL's searchpath setting, which determine...