Helion Openstack

helion_openstack

Vendor: Hp • 5 CVEs

CVEs (5)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-27239 5Debian FedoraprojectHp+2 more 19Caas Platform Cifs UtilsDebian Linux+16 more Nov 21, 2024 Apr 27, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.
CVE-2019-3683 2Hp Suse 3Helion Openstack Keystone Json AssignmentOpenstack Cloud Nov 21, 2024 Jan 17, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to...Show more The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project. This allowed these users to access, modify, create and delete arbitrary resources, contrary to expectations.Show less
CVE-2016-3710 7Canonical CitrixDebian+4 more 15Debian Linux Enterprise Linux DesktopEnterprise Linux Server+12 more May 6, 2026 May 11, 2016 N/A· v4 8.8 HIGH· v3 7.2 HIGH· v2 The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the ban...Show more The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.Show less
CVE-2016-2107 8Canonical DebianGoogle+5 more 15Android Debian LinuxEnterprise Linux Desktop+12 more May 6, 2026 May 5, 2016 N/A· v4 5.9 MEDIUM· v3 2.6 LOW· v2 The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a...Show more The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.Show less
CVE-2015-7547 10Canonical DebianF5+7 more 30Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Analytics+27 more May 6, 2026 Feb 18, 2016 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash...Show more Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.Show less