Lucene search
K

234 matches found

SUSE CVE
SUSE CVE
added 2026/06/12 2:25 a.m.11 views

SUSE CVE-2026-48681

OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image...

8.1CVSS5.2AI score0.00601EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/10 9:27 p.m.10 views

CVE-2026-48681

A flaw was found in OpenStack Ironic before 35.0.2. A directory traversal vulnerability during deployment allows an attacker to overwrite files on the system when a crafted ISO image is used. This can compromise confidentiality and integrity of files on the deployment target...

8.1CVSS5.4AI score0.00601EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/06/09 2:20 a.m.13 views

SUSE CVE-2026-50589

In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash...

5.3CVSS5.5AI score0.00433EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/05 12:31 a.m.14 views

EUVD-2026-34774

In OpenStack Ironic 32 through 35.0.1, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash...

5.3CVSS5.8AI score0.00433EPSS
Exploits0References2
OSV
OSV
added 2026/06/05 12:17 a.m.14 views

DEBIAN-CVE-2026-50589

In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash...

7.5CVSS5.5AI score0.00433EPSS
Exploits0References1
NVD
NVD
added 2026/06/05 12:17 a.m.15 views

CVE-2026-50589

In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash...

7.5CVSS0.00433EPSS
Exploits0References6
OSV
OSV
added 2026/06/05 12:17 a.m.8 views

UBUNTU-CVE-2026-50589

In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash...

7.5CVSS5.5AI score0.00433EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.10 views

OpenStack Ironic 安全漏洞

OpenStack Ironic is an integrated OpenStack software. It is used to configure bare machines rather than virtual machines. There were security vulnerabilities in versions 32 to 37.0.0 of OpenStack Ironic. These vulnerabilities stemmed from unverified malicious users being able to submit specially...

7.5CVSS5.3AI score0.00433EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-50589

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and...

7.5CVSS5.4AI score0.00433EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:59 p.m.8 views

CVE-2026-50589

In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash...

5.3CVSS5.5AI score0.00433EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/04 11:59 p.m.8 views

CVE-2026-50589

In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash...

5.3CVSS5.5AI score0.00433EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/04 11:59 p.m.48 views

CVE-2026-50589

In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash...

5.3CVSS0.00433EPSS
Exploits0References2
CVE
CVE
added 2026/06/04 11:59 p.m.35 views

CVE-2026-50589

In the provided documents, CVE-2026-50589 affects OpenStack Ironic 32 prior to 37.0.0. The underlying issue is that an unauthenticated malicious user can submit a crafted JSON string to certain API/JSON-RPC endpoints, leading to a service crash. The reports consistently reference the same conditi...

7.5CVSS5.5AI score0.00433EPSS
Exploits0References6Affected Software1
Debian CVE
Debian CVE
added 2026/06/04 11:59 p.m.10 views

CVE-2026-50589

In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash...

7.5CVSS5.5AI score0.00433EPSS
Exploits0
OSV
OSV
added 2026/06/04 11:59 p.m.4 views

CVE-2026-50589

In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash...

5.3CVSS6AI score0.00433EPSS
Exploits0References9
NVD
NVD
added 2026/06/04 4:17 a.m.12 views

CVE-2026-48681

OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image...

8.1CVSS0.00601EPSS
Exploits0References3
NVD
NVD
added 2026/06/04 4:17 a.m.11 views

CVE-2026-44917

OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxetemplate...

4.9CVSS0.00283EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/04 12:30 a.m.17 views

EUVD-2026-34181

OpenStack Ironic through 35.0.x allows Boot Script Injection...

5.8AI score0.00262EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/04 12:13 a.m.13 views

CVE-2026-42997

A flaw was found in OpenStack Ironic. During the import process, a user invoking molds can request that authorization credentials be sent to a remote endpoint. This can lead to the disclosure of a time-limited Keystone token, which grants access to OpenStack services Ironic is authorized for, or...

7.7CVSS5.7AI score0.0044EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/04 12:0 a.m.11 views

CVE-2026-44917

OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxetemplate...

4.9CVSS5.8AI score0.00283EPSS
Exploits0References2
Rows per page
Query Builder