39 matches found
CVE-2026-46608
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server glances -s introduced a configurable CORS origin list in version 4.5.3 as a mitigation for CVE-2026-33533. However, the implementation silently falls back to Access-Control-Allow-Origin:...
GHSA-W856-8P3R-P338 Glances: XML-RPC Server Missing Host Header Validation Enables DNS Rebinding Attack
Summary The Glances XML-RPC server glances -s, implemented in glances/server.py does not validate the HTTP Host header, leaving it vulnerable to DNS rebinding attacks. CVE-2026-32632 patched in 4.5.2 added TrustedHostMiddleware to the REST/WebUI server; the MCP server has had equivalent protectio...
Glances: XML-RPC Server Missing Host Header Validation Enables DNS Rebinding Attack
Summary The Glances XML-RPC server glances -s, implemented in glances/server.py does not validate the HTTP Host header, leaving it vulnerable to DNS rebinding attacks. CVE-2026-32632 patched in 4.5.2 added TrustedHostMiddleware to the REST/WebUI server; the MCP server has had equivalent protectio...
EUVD-2005-1994
Malware in sbrugna...
EUVD-2005-2114
Malware in sbrugna...
USN-6891-1 python3.5, python3.6, python3.7, python3.8, python3.9, python3.10, python3.11, python3.12 vulnerabilities
It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 18.04 LTS. CVE-2015-20107 It was discovered that Python incorrectly used regular expressions vulnerable to...
CVE-2021-37146
An infinite loop in Open Robotics roscomm XMLRPC server in ROS Melodic through 1.4.11 and ROS Noetic through1.15.11 allows remote attackers to cause a Denial of Service in roscomm via a crafted XMLRPC call...
DEBIAN-CVE-2021-37146
An infinite loop in Open Robotics roscomm XMLRPC server in ROS Melodic through 1.4.11 and ROS Noetic through1.15.11 allows remote attackers to cause a Denial of Service in roscomm via a crafted XMLRPC call...
CVE-2021-37146
An infinite loop in Open Robotics roscomm XMLRPC server in ROS Melodic through 1.4.11 and ROS Noetic through1.15.11 allows remote attackers to cause a Denial of Service in roscomm via a crafted XMLRPC call...
CVE-2021-37146
An infinite loop in Open Robotics roscomm XMLRPC server in ROS Melodic through 1.4.11 and ROS Noetic through1.15.11 allows remote attackers to cause a Denial of Service in roscomm via a crafted XMLRPC call...
CVE-2021-37146
An infinite loop in Open Robotics roscomm XMLRPC server in ROS Melodic through 1.4.11 and ROS Noetic through1.15.11 allows remote attackers to cause a Denial of Service in roscomm via a crafted XMLRPC call...
UBUNTU-CVE-2021-37146
An infinite loop in Open Robotics roscomm XMLRPC server in ROS Melodic through 1.4.11 and ROS Noetic through1.15.11 allows remote attackers to cause a Denial of Service in roscomm via a crafted XMLRPC call...
SUSE: Security Advisory (SUSE-SU-2012:0642-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
NewStart CGSL CORE 5.04 / MAIN 5.04 : php Multiple Vulnerabilities (NS-SA-2020-0059)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has php packages installed that are affected by multiple vulnerabilities: - In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HT...
PT-2020-5780 · WordPress · Wordpress
Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.5.2 Description: The issue is related to a lack of privilege management mechanism in the wp-includes/class-wp-xmlrpc-server.php component of the WordPress content management system. This allows attackers to gain...
FreeBSD : python 3.7 -- multiple vulnerabilities (9b7491fb-f253-11e9-a50c-000c29c4dc65)
Python changelog : bpo-38243: Escape the server title of xmlrpc.server.DocXMLRPCServer when rendering the document page as HTML. bpo-38174: Update vendorized expat library version to 2.2.8, which resolves CVE-2019-15903. bpo-37764: Fixes email.headervalueparser.getunstructured going into an...
DEBIAN-CVE-2019-16935
The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the servertitle field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If setservertitle is called with untrusted input, arbitrary...
PT-2019-5583 · Python +10 · Python +10
Name of the Vulnerable Software and Affected Versions: Python versions 2.7.16 and earlier, 3.x through 3.6.9, and 3.7.x through 3.7.4 Description: The issue is related to the documentation XML-RPC server in Python, which is vulnerable to cross-site scripting XSS attacks via the server title field...
python 3.7 -- multiple vulnerabilities
Python changelog: bpo-38243: Escape the server title of xmlrpc.server.DocXMLRPCServer when rendering the document page as HTML. bpo-38174: Update vendorized expat library version to 2.2.8, which resolves CVE-2019-15903. bpo-37764: Fixes email.headervalueparser.getunstructured going into an infini...
EulerOS Virtualization 2.5.3 : php (EulerOS-SA-2019-1264)
According to the versions of the php packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based...