386 matches found
CVE-2026-40213
OpenStack Cyborg before 16.0.1 uses rule:allow checkstr='@' as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complet...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: gpio: qixis-fpga: Fixed error handling for devmregmapinitmmio. devmregmapinitmmio returns ERRPTR if it fails, instead of returning NULL. The original code checked for NULL, which would never trigger in case of errors, potentially...
EUVD-2026-28455
OpenStack Cyborg before 16.0.1 uses rule:allow checkstr='@' as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complet...
GHSA-MM7J-MHHJ-HJ36 OpenStack Cyborg uses rule:allow (check_str='@') as the default policy for multiple API endpoints
OpenStack Cyborg before 16.0.1 uses rule:allow checkstr='@' as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complet...
OpenStack Cyborg uses rule:allow (check_str='@') as the default policy for multiple API endpoints
OpenStack Cyborg before 16.0.1 uses rule:allow checkstr='@' as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complet...
DEBIAN-CVE-2026-40213
OpenStack Cyborg before 16.0.1 uses rule:allow checkstr='@' as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complet...
UBUNTU-CVE-2026-40213
OpenStack Cyborg before 16.0.1 uses rule:allow checkstr='@' as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complet...
CVE-2026-40213
OpenStack Cyborg before 16.0.1 uses rule:allow checkstr='@' as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complet...
SUSE CVE-2026-43008
In the Linux kernel, the following vulnerability has been resolved: gpio: qixis-fpga: Fix error handling for devmregmapinitmmio devmregmapinitmmio returns an ERRPTR on failure, not NULL. The original code checked for NULL which would never trigger on error, potentially leading to an invalid point...
CVE-2026-40213
OpenStack Cyborg before 16.0.1 uses rule:allow checkstr='@' as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complet...
CVE-2026-40213
OpenStack Cyborg before 16.0.1 uses rule:allow checkstr='@' as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complet...
CVE-2026-40213
OpenStack Cyborg before 16.0.1 is affected by CVE-2026-40213. The issue arises from a default policy rule (rule:allow with check_str='@') applied to multiple API endpoints, which unconditionally authorizes any request bearing a valid Keystone token regardless of user roles, project membership, or...
CVE-2026-40213
OpenStack Cyborg before 16.0.1 uses rule:allow checkstr='@' as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complet...
CVE-2026-40213
OpenStack Cyborg before 16.0.1 uses rule:allow checkstr='@' as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complet...
PT-2026-38596
Name of the Vulnerable Software and Affected Versions OpenStack Cyborg versions prior to 16.0.1 Description Multiple API endpoints use rule:allow check str='@' as the default policy, which unconditionally authorizes any request containing a valid Keystone token. This occurs regardless of the user...
Linux Distros Unpatched Vulnerability : CVE-2026-43008
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: gpio: qixis-fpga: Fix error handling for devmregmapinitmmio devmregmapinitmmio returns an...
CVE-2026-43008
A flaw was found in the Linux kernel's qixis-fpga driver. This vulnerability is due to incorrect error handling when initializing memory-mapped I/O Input/Output regions. An attacker could potentially exploit this flaw by triggering an error condition, which may lead to an invalid pointer...
CVE-2026-43008
In the Linux kernel, the following vulnerability has been resolved: gpio: qixis-fpga: Fix error handling for devmregmapinitmmio devmregmapinitmmio returns an ERRPTR on failure, not NULL. The original code checked for NULL which would never trigger on error, potentially leading to an invalid point...
CVE-2026-43008 gpio: qixis-fpga: Fix error handling for devm_regmap_init_mmio()
In the Linux kernel, the following vulnerability has been resolved: gpio: qixis-fpga: Fix error handling for devmregmapinitmmio devmregmapinitmmio returns an ERRPTR on failure, not NULL. The original code checked for NULL which would never trigger on error, potentially leading to an invalid point...
CVE-2026-43008
CVE-2026-43008 affects the Linux kernel gpio: qixis-fpga driver. The issue is incorrect error handling in devm_regmap_init_mmio(): it returns ERR_PTR() on failure, but code checked for NULL, risking invalid pointer dereference. Mitigation: patch uses IS_ERR() and PTR_ERR() to handle errors correc...