Hp Helion Openstack vulnerabilities

5 known vulnerabilities affecting hp/helion_openstack.

Total CVEs

5

CISA KEV

0

Public exploits

2

Exploited in wild

0

Severity breakdown

HIGH4MEDIUM1

Vulnerabilities

Page 1 of 1

CVE-2022-27239HIGHCVSS 7.8v8.02022-04-27

CVE-2022-27239 [HIGH] CWE-787 CVE-2022-27239: In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-li In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.

CVE-2019-3683HIGHCVSS 8.8v8.02020-01-17

CVE-2019-3683 [HIGH] CWE-732 CVE-2019-3683: The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00 The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project. This allowed these users to access, modify, create and delete arbitrary resources, contrary to expectations.

CVE-2016-3710HIGHCVSS 8.8v2.0.0v2.1.0+2 more2016-05-11

CVE-2016-3710 [HIGH] CWE-119 CVE-2016-3710: The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which a The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.

CVE-2016-2107MEDIUMCVSS 5.9PoCv2.0.0v2.1.0+2 more2016-05-05

CVE-2016-2107 [MEDIUM] CVE-2016-2107: The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.

CVE-2015-7547HIGHCVSS 8.1PoCv1.1.1v2.0.0+1 more2016-02-18

CVE-2015-7547 [HIGH] CWE-119 CVE-2015-7547: Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or A