Lucene search
K

8 matches found

EUVD
EUVD
added 2026/05/05 9:31 p.m.10 views

EUVD-2026-27428

An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token which provides access to all OpenStack services Ironic is authorized for; o...

7.7CVSS5.8AI score0.0044EPSS
Exploits0References3
NVD
NVD
added 2026/05/05 7:16 p.m.9 views

CVE-2026-42997

An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token which provides access to all OpenStack services Ironic is authorized for; o...

7.7CVSS0.0044EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/05 12:0 a.m.6 views

CVE-2026-42997

An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token which provides access to all OpenStack services Ironic is authorized for; o...

7.7CVSS5.8AI score0.0044EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/05/05 12:0 a.m.16 views

CVE-2026-42997

CVE-2026-42997 affects iDRAC in OpenStack Ironic (pre-35.0.1). During import, a user invoking molds can trigger authorization to a remote endpoint, forwarding a credential: either a time-limited Keystone token (granting access to all services Ironic is authorized for) or basic credentials for mol...

7.7CVSS5.8AI score0.0044EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/05/05 12:0 a.m.39 views

CVE-2026-42997

An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token which provides access to all OpenStack services Ironic is authorized for; o...

7.7CVSS0.0044EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/05/08 12:0 a.m.5 views

Arista Networks CloudVision Portal 安全漏洞

Arista Networks CloudVision Portal is a suite of web-based user management portals for the CloudVision platform from Arista Networks, USA. The product includes features such as network device configuration, compliance management, change management, and network monitoring management. A security...

8.7CVSS6.8AI score0.00514EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2017/08/29 3:29 p.m.2 views

CVE-2017-12867

The SimpleSAMLAuthTimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to extend its validity period by manipulating the prepended time offset...

5.9CVSS5.5AI score0.0125EPSS
Exploits0References4
OSV
OSV
added 2017/08/29 3:29 p.m.3 views

DEBIAN-CVE-2017-12867

The SimpleSAMLAuthTimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to extend its validity period by manipulating the prepended time offset...

5.9CVSS9.3AI score0.0125EPSS
Exploits0References1
Rows per page
Query Builder