Lucene search
K

221 matches found

CVE
CVE
added 2026/06/04 11:59 p.m.33 views

CVE-2026-50589

In the provided documents, CVE-2026-50589 affects OpenStack Ironic 32 prior to 37.0.0. The underlying issue is that an unauthenticated malicious user can submit a crafted JSON string to certain API/JSON-RPC endpoints, leading to a service crash. The reports consistently reference the same conditi...

7.5CVSS5.5AI score0.00433EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/04 11:59 p.m.8 views

CVE-2026-50589

In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash...

5.3CVSS5.5AI score0.00433EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/04 11:59 p.m.45 views

CVE-2026-50589

In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash...

5.3CVSS0.00433EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/04 11:59 p.m.9 views

CVE-2026-50589

In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash...

7.5CVSS5.5AI score0.00433EPSS
Exploits0
NVD
NVD
added 2026/06/04 4:17 a.m.12 views

CVE-2026-48681

OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image...

8.1CVSS0.00601EPSS
Exploits0References3
NVD
NVD
added 2026/06/04 4:17 a.m.10 views

CVE-2026-44917

OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxetemplate...

4.9CVSS0.00283EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/04 12:30 a.m.15 views

EUVD-2026-34181

OpenStack Ironic through 35.0.x allows Boot Script Injection...

5.8AI score0.00262EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/04 12:13 a.m.13 views

CVE-2026-42997

A flaw was found in OpenStack Ironic. During the import process, a user invoking molds can request that authorization credentials be sent to a remote endpoint. This can lead to the disclosure of a time-limited Keystone token, which grants access to OpenStack services Ironic is authorized for, or...

7.7CVSS5.7AI score0.0044EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/04 12:0 a.m.35 views

CVE-2026-48681

OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image...

5.9CVSS0.00601EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/04 12:0 a.m.8 views

CVE-2026-44917

OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxetemplate...

4.9CVSS5.8AI score0.00283EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/04 12:0 a.m.11 views

EUVD-2026-34203

OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image...

8.1CVSS5.8AI score0.00601EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/04 12:0 a.m.8 views

CVE-2026-48681

OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image...

5.9CVSS5.8AI score0.00601EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.19 views

PT-2026-46840

Name of the Vulnerable Software and Affected Versions OpenStack Ironic versions 32 through 35.0.1 Description An unauthenticated malicious user can cause a service crash by submitting a crafted JSON string to certain endpoints on the API or JSON-RPC service. Recommendations Update OpenStack Ironi...

7.5CVSS5.5AI score0.00433EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.25 views

PT-2026-46139

Name of the Vulnerable Software and Affected Versions OpenStack Ironic versions prior to 35.0.2 Description An issue exists where a crafted ISO image can lead to file overwrite via directory traversal during the deployment process. Directory traversal is a technique that allows an attacker to...

8.1CVSS5.4AI score0.00601EPSS
Exploits0References15
EUVD
EUVD
added 2026/06/04 12:0 a.m.14 views

EUVD-2026-34202

OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxetemplate...

4.9CVSS5.8AI score0.00283EPSS
Exploits0References2
CVE
CVE
added 2026/06/04 12:0 a.m.20 views

CVE-2026-48681

OpenStack Ironic versions before 35.0.2 are affected by a vulnerability that allows file overwrite via directory traversal during deployment when processing a crafted ISO image. The issue concerns the deployment phase’s handling of ISO content, enabling unintended filesystem writes. Public source...

8.1CVSS5.8AI score0.00601EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/04 12:0 a.m.20 views

CVE-2026-44917

OpenStack Ironic (prior to 35.0.2) is vulnerable to an information-disclosure issue where a malicious authenticated project admin or manager can read local files on the Ironic conductor via a pxe_template. This CVE is documented across multiple sources (OpenStack Ironic, Debian tracker, CVE lists...

4.9CVSS5.8AI score0.00283EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 12:0 a.m.6 views

CVE-2026-48681

OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image...

5.9CVSS5.8AI score0.00601EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/04 12:0 a.m.10 views

CVE-2026-44917

OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxetemplate...

4.9CVSS5.8AI score0.00283EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/04 12:0 a.m.40 views

CVE-2026-44917

OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxetemplate...

4.9CVSS0.00283EPSS
Exploits0References2
Rows per page
Query Builder