CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

48 matches found

Debian dsa-6315 : cyborg-agent - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6315 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6315-1 [email protected] https://www.debian.org/securit...

7.4CVSS5.9AI score0.00038EPSS

Exploits0References6

Debian•added 4 days ago•2 views

[SECURITY] [DSA 6315-1] cyborg security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6315-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 31, 2026 https://www.debian.org/security/faq -...

7.4CVSS5.8AI score0.00038EPSS

Exploits0

EUVD•added 2026/05/08 12:31 a.m.•1 views

EUVD-2026-28456

In OpenStack Cyborg before 16.0.1, the Accelerator Request ARQ API does not enforce project ownership at any layer. The projectid column in the database is never populated NULL for every ARQ, database queries have no project filtering, and policy checks are self-referential the authorizewsgi...

6.3CVSS5.8AI score0.00037EPSS

Exploits0References3

OSV•added 2026/05/08 12:31 a.m.•0 views

GHSA-MMPC-XJXR-5HF8 OpenStack Cyborg's Accelerator Request (ARQ) API does not enforce project ownership at any layer

6.3CVSS5.8AI score0.00037EPSS

Exploits0References5

Github Security Blog•added 2026/05/08 12:31 a.m.•4 views

OpenStack Cyborg's Accelerator Request (ARQ) API does not enforce project ownership at any layer

6.3CVSS5.8AI score0.00037EPSS

Exploits0References5Affected Software1

OSV•added 2026/05/08 12:31 a.m.•2 views

GHSA-MM7J-MHHJ-HJ36 OpenStack Cyborg uses rule:allow (check_str='@') as the default policy for multiple API endpoints

OpenStack Cyborg before 16.0.1 uses rule:allow checkstr='@' as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complet...

7.4CVSS5.9AI score0.00038EPSS

Exploits0References5

Github Security Blog•added 2026/05/08 12:31 a.m.•3 views

OpenStack Cyborg uses rule:allow (check_str='@') as the default policy for multiple API endpoints

7.4CVSS5.9AI score0.00038EPSS

Exploits0References5Affected Software1

EUVD•added 2026/05/08 12:31 a.m.•2 views

EUVD-2026-28455

7.4CVSS5.9AI score0.00038EPSS

Exploits0References3

Tenable Nessus•added 2026/05/08 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2026-40214

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OpenStack Cyborg before 16.0.1, the Accelerator Request ARQ API does not enforce project ownership at any layer. The projectid column in the database is neve...

6.3CVSS5.9AI score0.00037EPSS

Exploits0References2

Tenable Nessus•added 2026/05/08 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2026-40213

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenStack Cyborg before 16.0.1 uses rule:allow checkstr='@' as the default policy for multiple API endpoints. This unconditionally authorizes any request carryi...

7.4CVSS6AI score0.00038EPSS

Exploits0References2