[Git][security-tracker-team/security-tracker][master] Add CVE-2025-44021/ironic

Thu May 8 21:44:31 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ffc3aae9 by Salvatore Bonaccorso at 2025-05-08T22:44:09+02:00
Add CVE-2025-44021/ironic

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -61,7 +61,10 @@ CVE-2025-45787 (TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow viat
 CVE-2025-44023 (An issue in dlink DNS-320 v.1.00 and DNS-320LW v.1.01.0914.20212 allow ...)
 	NOT-FOR-US: D-Link
 CVE-2025-44021 (OpenStack Ironic before 29.0.1 can write unintended files to a target  ...)
-	TODO: check
+	- ironic <unfixed>
+	NOTE: https://bugs.launchpad.net/ironic/+bug/2107847
+	NOTE: https://security.openstack.org/ossa/OSSA-2025-001.html
+	NOTE: https://www.openwall.com/lists/oss-security/2025/05/08/1
 CVE-2025-41450 (Improper Authentication vulnerability in Danfoss AKSM8xxA Series.This  ...)
 	NOT-FOR-US: Danfoss
 CVE-2025-40846 (Improper Input Validation, the returnUrl parameter in Account Security ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ffc3aae9c0e97a2ff3e1016693f6586862cd67a4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ffc3aae9c0e97a2ff3e1016693f6586862cd67a4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250508/2a043fec/attachment.htm>
