7716 matches found
PT-2026-46138
OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxe template...
CVE-2026-46447
OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driverinfo or node.instanceinfo...
PT-2026-46066
Name of the Vulnerable Software and Affected Versions OpenStack Ironic versions prior to 35.0.2 Description An issue allows Boot Script Injection of an iPXE script, which is a network boot firmware used to boot computers from a network. This occurs if an attacker is able to set the node.driver in...
CVE-2026-46447
OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driverinfo or node.instanceinfo...
CVE-2026-46447
OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driverinfo or node.instanceinfo...
Linux Distros Unpatched Vulnerability : CVE-2026-46447
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driverinfo or node.instanceinfo. CVE-2026-46447 Note...
CVE-2026-46447
OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driverinfo or node.instanceinfo...
CVE-2026-46447
OpenStack Ironic
[SECURITY] [DLA 4611-1] keystone security update
Debian LTS Advisory DLA-4611-1 [email protected] https://www.debian.org/lts/security/ Santiago Ruano Rincón May 31, 2026 https://wiki.debian.org/LTS Package : keystone Version : 2:18.1.0-1+deb11u3 CVE ID : CVE-2026-33551 CVE-2026-40683 CVE-2026-42998 CVE-2026-42999 CVE-2026-43000...
Debian dla-4611 : keystone - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4611 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4611-1 [email protected]...
EUVD-2026-33074
In OpenStack Neutron before 28.0.1, the tagging controller enforces plural policy action names on single-tag write operations while the defined policy rules use singular names. The mismatched names evaluate as allowed under the default policy, permitting a project reader to create and update tags...
CVE-2026-42999
An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforcecall unconditionally merges the raw JSON request body into the policy enforcement dictionary via policydict.updatejsoninput.copy, overwriting trusted target data that was previously set from...
Linux Distros Unpatched Vulnerability : CVE-2026-42998
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone application credential authentication plugin does not verify that the user supplied in...
Linux Distros Unpatched Vulnerability : CVE-2026-44394
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propagate the original token's expiry to...
Linux Distros Unpatched Vulnerability : CVE-2026-42999
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforcecall unconditionally merges the raw JSON request body...
Linux Distros Unpatched Vulnerability : CVE-2026-49299
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OpenStack Neutron before 28.0.1, the tagging controller enforces plural policy action names on single- tag write operations while the defined policy rules us...
CVE-2026-42998
An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone application credential authentication plugin does not verify that the user supplied in the authentication request matches the owner of the application credential. An attacker can authenticate with their own application...
DEBIAN-CVE-2026-49299
In OpenStack Neutron before 28.0.1, the tagging controller enforces plural policy action names on single-tag write operations while the defined policy rules use singular names. The mismatched names evaluate as allowed under the default policy, permitting a project reader to create and update tags...
CVE-2026-49299
In OpenStack Neutron before 28.0.1, the tagging controller enforces plural policy action names on single-tag write operations while the defined policy rules use singular names. The mismatched names evaluate as allowed under the default policy, permitting a project reader to create and update tags...
UBUNTU-CVE-2026-49299
In OpenStack Neutron before 28.0.1, the tagging controller enforces plural policy action names on single-tag write operations while the defined policy rules use singular names. The mismatched names evaluate as allowed under the default policy, permitting a project reader to create and update tags...