Helion Openstack HP Helion Openstack

Do you want an email whenever new security vulnerabilities are reported in HP Helion Openstack?

By the Year

In 2022 there have been 1 vulnerability in HP Helion Openstack with an average score of 7.8 out of ten. Helion Openstack did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2022 as compared to last year.

Year Vulnerabilities Average Score
2022 1 7.80
2021 0 0.00
2020 1 8.80
2019 0 0.00
2018 0 0.00

It may take a day or so for new Helion Openstack vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent HP Helion Openstack Security Vulnerabilities

In cifs-utils through 6.14

CVE-2022-27239 7.8 - High - April 27, 2022

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.

Memory Corruption

The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project

CVE-2019-3683 8.8 - High - January 17, 2020

The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project. This allowed these users to access, modify, create and delete arbitrary resources, contrary to expectations.

Incorrect Permission Assignment for Critical Resource

The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which

CVE-2016-3710 8.8 - High - May 11, 2016

The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.

Buffer Overflow

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response

CVE-2015-7547 8.1 - High - February 18, 2016

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.

Buffer Overflow

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for GNU Glibc or by HP? Click the Watch button to subscribe.

HP
Vendor

subscribe