Lucene search
K

6 matches found

NVD
NVD
added 2026/06/25 7:16 p.m.9 views

CVE-2026-46607

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, glances/outdated.py uses pickle.load to read a version-check cache file stored at a predictable, world-accessible path /.cache/glances/glances-version.db or $XDGCACHEHOME/glances/glances-version.db. No integrity chec...

7.8CVSS0.00303EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 6:4 p.m.36 views

CVE-2026-46607

CVE-2026-46607 describes an insecure deserialization vulnerability in Glances, where a version-check cache file (~/.cache/glances/glances-version.db) is loaded with pickle without validation. An attacker with write access to the cache path can introduce a malicious pickle and achieve arbitrary co...

7.8CVSS6.5AI score0.00303EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 6:4 p.m.33 views

CVE-2026-46607 Glances: Insecure Pickle Deserialization in Version Cache Leads to Arbitrary Code Execution

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, glances/outdated.py uses pickle.load to read a version-check cache file stored at a predictable, world-accessible path /.cache/glances/glances-version.db or $XDGCACHEHOME/glances/glances-version.db. No integrity chec...

7.8CVSS0.00303EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 6:4 p.m.3 views

CVE-2026-46607 Glances: Insecure Pickle Deserialization in Version Cache Leads to Arbitrary Code Execution

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, glances/outdated.py uses pickle.load to read a version-check cache file stored at a predictable, world-accessible path /.cache/glances/glances-version.db or $XDGCACHEHOME/glances/glances-version.db. No integrity chec...

7.8CVSS6.6AI score0.00303EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/22 9:21 p.m.7 views

Glances has Insecure Pickle Deserialization in its Version Cache that Leads to Arbitrary Code Execution

Summary glances/outdated.py uses pickle.load to read a version-check cache file stored at a predictable, world-accessible path /.cache/glances/glances-version.db or $XDGCACHEHOME/glances/glances-version.db. No integrity check, signature verification, or format validation is performed before...

7.8CVSS6.6AI score0.00303EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/22 9:21 p.m.4 views

GHSA-9837-48HR-Q32J Glances has Insecure Pickle Deserialization in its Version Cache that Leads to Arbitrary Code Execution

Summary glances/outdated.py uses pickle.load to read a version-check cache file stored at a predictable, world-accessible path /.cache/glances/glances-version.db or $XDGCACHEHOME/glances/glances-version.db. No integrity check, signature verification, or format validation is performed before...

7.8CVSS6.6AI score0.00303EPSS
Exploits0References3
Rows per page
Query Builder