Lucene search
K

217 matches found

RedhatCVE
RedhatCVE
added 2026/06/25 10:58 p.m.6 views

CVE-2026-50221

A flaw was found in OpenStack Swift's proxy-server. Internal container update routing headers X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device are not stripped from client requests before being forwarded to object-servers. An authenticated user with write access can inje...

6.4CVSS5.9AI score0.00146EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-50221

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device...

5.4CVSS6.2AI score0.00146EPSS
Exploits1References3
NVD
NVD
added 2026/06/23 6:18 p.m.15 views

CVE-2026-50221

In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device from client requests before forwarding them to object-servers. An authenticated user with write access can inject these headers to...

5.4CVSS0.00146EPSS
Exploits1References4
OSV
OSV
added 2026/06/23 6:18 p.m.6 views

UBUNTU-CVE-2026-50221

In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device from client requests before forwarding them to object-servers. An authenticated user with write access can inject these headers to...

5.4CVSS6AI score0.00146EPSS
Exploits1References4
OSV
OSV
added 2026/06/23 5:3 p.m.2 views

CVE-2026-50221

In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device from client requests before forwarding them to object-servers. An authenticated user with write access can inject these headers to...

5.3CVSS6.2AI score0.00146EPSS
Exploits1References7
Cvelist
Cvelist
added 2026/06/23 5:3 p.m.36 views

CVE-2026-50221

In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device from client requests before forwarding them to object-servers. An authenticated user with write access can inject these headers to...

5.3CVSS0.00146EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/23 5:3 p.m.8 views

EUVD-2026-38537

In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device from client requests before forwarding them to object-servers. An authenticated user with write access can inject these headers to...

5.3CVSS6AI score0.00146EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/06/23 5:3 p.m.8 views

CVE-2026-50221

In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device from client requests before forwarding them to object-servers. An authenticated user with write access can inject these headers to...

5.4CVSS6AI score0.00146EPSS
Exploits1
CVE
CVE
added 2026/06/23 5:3 p.m.32 views

CVE-2026-50221

CVE-2026-50221 affects OpenStack Swift prior to 2.37.2, where proxy-server fails to strip internal update headers (X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device) from client requests before forwarding to object-servers. An authenticated user with write access can inje...

5.4CVSS6AI score0.00146EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.15 views

PT-2026-51572

Name of the Vulnerable Software and Affected Versions OpenStack Swift versions prior to 2.37.2 Description The proxy-server fails to strip internal update headers from client requests before forwarding them to object-servers. An authenticated user with write access can inject the headers...

5.4CVSS6AI score0.00146EPSS
Exploits1References8
Fedora
Fedora
added 2026/06/19 1:10 a.m.16 views

[SECURITY] Fedora 43 Update: restic-0.19.0-1.fc43

Fast, secure, efficient backup program. restic supports the following backends for storing backups natively: Local directory sftp server via SSH HTTP REST server protocol, rest-server Amazon S3 either from Amazon or using the Minio server OpenStack Swift BackBlaze B2 Microsoft Azure Blob Storage...

9.8CVSS5.3AI score0.34734EPSS
Exploits4
Fedora
Fedora
added 2026/06/19 1:1 a.m.18 views

[SECURITY] Fedora 44 Update: restic-0.19.0-1.fc44

Fast, secure, efficient backup program. restic supports the following backends for storing backups natively: Local directory sftp server via SSH HTTP REST server protocol, rest-server Amazon S3 either from Amazon or using the Minio server OpenStack Swift BackBlaze B2 Microsoft Azure Blob Storage...

9.8CVSS5.3AI score0.34734EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2026/06/06 6:42 a.m.15 views

CVE-2026-49017

A flaw was found in OpenStack Swift. An authenticated attacker can exploit this vulnerability by sending a specially crafted, truncated aws-chunked PUT request body to the s3api middleware. This action causes an infinite loop within the StreamingInput class, leading to the affected proxy-server...

7.1CVSS5.3AI score0.00322EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/28 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-49017

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInp...

7.1CVSS5.8AI score0.00322EPSS
Exploits0References2
OSV
OSV
added 2026/05/27 3:30 a.m.2 views

GHSA-G7JQ-J257-RWW2 OpenStack Swift: s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body

In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently...

7.1CVSS5.9AI score0.00322EPSS
Exploits0References7
OSV
OSV
added 2026/05/27 2:16 a.m.10 views

DEBIAN-CVE-2026-49017

In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently...

7.1CVSS5.9AI score0.00322EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 2:16 a.m.14 views

CVE-2026-49017

In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently...

7.1CVSS0.00322EPSS
Exploits0References5
OSV
OSV
added 2026/05/27 2:16 a.m.13 views

UBUNTU-CVE-2026-49017

In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently...

7.1CVSS5.9AI score0.00322EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/05/27 2:16 a.m.20 views

CVE-2026-49017

In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently...

7.1CVSS5.9AI score0.00322EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/27 1:57 a.m.10 views

CVE-2026-49017

In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently...

7.1CVSS5.9AI score0.00322EPSS
Exploits0References3
Rows per page
Query Builder