19 matches found
CVE-2026-54423
In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the sendraw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control...
CVE-2026-54423
In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the sendraw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control...
EUVD-2026-42781
In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the sendraw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control...
CVE-2026-54423
OpenStack Ironic (before 37.0.1) is vulnerable: a user capable of deploying nodes via IPMI can abuse the IPMI send_raw step to send arbitrary IPMI commands to a node, bypassing Ironic’s access control. Impact is high (CVE-2026-54423). The root cause is the exposure of IPMI send_raw in deployment ...
CVE-2026-54423
A malicious user with access to deploy a node directly via Ironic can specify the IPMI sendraw deployment step with a malicious payload and send commands to that nodes' BMC. IPMI sendraw capability is exposed multiple ways, including via VendorPassthru interfaces restricted to system admin and...
CVE-2026-25529
Postal is an open source SMTP server. Postal versions less than 3.3.5 had a HTML injection vulnerability that allowed unescaped data to be included in the admin interface. The primary way for unescaped data to be added is via the API's "send/raw" method. This could allow arbitrary HTML to be...
CVE-2026-25529
Postal is an open source SMTP server. Postal versions less than 3.3.5 had a HTML injection vulnerability that allowed unescaped data to be included in the admin interface. The primary way for unescaped data to be added is via the API's "send/raw" method. This could allow arbitrary HTML to be...
CVE-2026-25529 Postal has HTML injection / XSS in message view
Postal is an open source SMTP server. Postal versions less than 3.3.5 had a HTML injection vulnerability that allowed unescaped data to be included in the admin interface. The primary way for unescaped data to be added is via the API's "send/raw" method. This could allow arbitrary HTML to be...
CVE-2026-25529
Postal is an open source SMTP server. CVE-2026-25529 affects versions before 3.3.5, where unescaped data could be injected into the admin interface, primarily via the API’s send/raw method. This HTML injection could permit arbitrary HTML and potentially unauthorised JavaScript execution in the ad...
EUVD-2026-11603
Postal is an open source SMTP server. Postal versions less than 3.3.5 had a HTML injection vulnerability that allowed unescaped data to be included in the admin interface. The primary way for unescaped data to be added is via the API's "send/raw" method. This could allow arbitrary HTML to be...
CVE-2026-25529 Postal has HTML injection / XSS in message view
Postal is an open source SMTP server. Postal versions less than 3.3.5 had a HTML injection vulnerability that allowed unescaped data to be included in the admin interface. The primary way for unescaped data to be added is via the API's "send/raw" method. This could allow arbitrary HTML to be...
CVE-2026-25529 Postal has HTML injection / XSS in message view
Postal is an open source SMTP server. Postal versions less than 3.3.5 had a HTML injection vulnerability that allowed unescaped data to be included in the admin interface. The primary way for unescaped data to be added is via the API's "send/raw" method. This could allow arbitrary HTML to be...
Postal 跨站脚本漏洞
Postal is a complete and fully functional email server developed by Postal OpenSource. It is used for websites and web servers. Versions of Postal prior to 3.3.5 contained a cross-site scripting vulnerability. This vulnerability stemmed from the send/raw method in the API, which allowed unescaped...
PT-2026-25008
Postal is an open source SMTP server. Postal versions less than 3.3.5 had a HTML injection vulnerability that allowed unescaped data to be included in the admin interface. The primary way for unescaped data to be added is via the API's "send/raw" method. This could allow arbitrary HTML to be...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003316)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003316 advisory. An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aacsendrawsrb...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002297)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002297 advisory. The aacsendrawsrb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local...
CVE-2020-27045
In CESendRawFrame of cemain.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID:...
CVE-2020-27045
In CESendRawFrame of cemain.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID:...
CVE-2020-27048
In RWSendRawFrame of rwmain.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID:...