7799 matches found
EUVD-2026-30209
In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL...
CVE-2026-44919
In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL...
PT-2026-40843
Name of the Vulnerable Software and Affected Versions OpenStack Ironic versions prior to a3f6d73 Description An infinite loop can occur during image handling when checksum calculations are performed using the 'file:///dev/zero' URL. Recommendations Update to version a3f6d73 or later...
CVE-2026-44919
In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL...
CVE-2026-44919
In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL...
OpenStack Ironic 安全漏洞
OpenStack Ironic is an integrated OpenStack application developed under the OpenStack open source framework. It is used to configure bare machines rather than virtual machines. OpenStack Ironic versions 35.x and earlier contained a security vulnerability caused by an infinite loop in the...
CVE-2026-44919
OpenStack Ironic (through 35.x before a3f6d73) is affected. During image handling, an infinite loop can occur in checksum calculations when processing file:///dev/zero, potentially impacting availability (CVSS 3.1 base score 4.3). The root cause is in the image handling/checksum path; no exploita...
Linux Distros Unpatched Vulnerability : CVE-2026-44919
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL...
CVE-2026-44919
In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL...
CVE-2026-43003
A flaw was found in OpenStack ironic-python-agent IPA. The Ironic Python Agent sometimes executes the grub-install command from within a chroot environment of a deployed partition image. This allows an attacker, by providing a malicious image, to achieve arbitrary code execution within the system...
EUVD-2026-28531
In OpenStack Ironic through 35.x, instanceinfo'kstemplate' is rendered without sandboxing...
CVE-2026-44916
In OpenStack Ironic before 35.0.2 in a certain non-default configuration, instanceinfo'kstemplate' is rendered without sandboxing...
CVE-2026-44916
In OpenStack Ironic before 35.0.2 in a certain non-default configuration, instanceinfo'kstemplate' is rendered without sandboxing...
UBUNTU-CVE-2026-44916
In OpenStack Ironic before 35.0.2 in a certain non-default configuration, instanceinfo'kstemplate' is rendered without sandboxing...
CVE-2026-44916
In OpenStack Ironic before 35.0.2 in a certain non-default configuration, instanceinfo'kstemplate' is rendered without sandboxing...
CVE-2026-44916
In OpenStack Ironic before 35.0.2 in a certain non-default configuration, instanceinfo'kstemplate' is rendered without sandboxing...
CVE-2026-44916
In OpenStack Ironic before 35.0.2 in a certain non-default configuration, instanceinfo'kstemplate' is rendered without sandboxing...
CVE-2026-44916
CVE-2026-44916 affects OpenStack Ironic up to version 35.x, where rendering of instance_info['ks_template'] occurs without sandboxing. The root cause is the lack of sandboxing during template rendering, which can expose sensitive information or enable unintended behavior within the template execu...
CVE-2026-44916
In OpenStack Ironic before 35.0.2 in a certain non-default configuration, instanceinfo'kstemplate' is rendered without sandboxing...
EUVD-2026-28456
In OpenStack Cyborg before 16.0.1, the Accelerator Request ARQ API does not enforce project ownership at any layer. The projectid column in the database is never populated NULL for every ARQ, database queries have no project filtering, and policy checks are self-referential the authorizewsgi...