These are security advisories for all HP Helion Eucalyptus products.

Last updated Advisory CVEs Affected products Description Severity
2015-07-29 ESA-32 CVE-2015-5040 HP Helion Eucalyptus 4.1.1 and earlier Reserved to announce a new security problem Moderate
2015-05-15 ESA-31 CVE-2015-3456 HP Helion Eucalyptus 4.1.1 and earlier The VENOM Vulnerability in QEMU/KVM Important
2015-03-06 ESA-30 CVE-2015-0204 The FREAK Vulnerability in OpenSSL Informational
2015-01-30 ESA-29 CVE-2015-0235 HP Helion Eucalyptus 4.0.2 and earlier The GHOST Vulnerability in Glibc Critical
2014-11-03 ESA-27 CVE-2014-5039 Eucalyptus Management Console 4.0.1 XSS in the Eucalyptus Management Console Critical
2014-11-03 ESA-26 CVE-2014-5038 HP Helion Eucalyptus 3.0.0 to HP Helion Eucalyptus 4.0.1 Sensitive Information in the HP Helion Eucalyptus Log Files Low
2014-11-03 ESA-25 CVE-2014-5037 HP Helion Eucalyptus 4.0.0 to HP Helion Eucalyptus 4.0.1 Sensitive Information in the Eucalyptus Requests Log Moderate
2014-10-22 ESA-28 CVE-2014-3566 Eucalyptus Management Console, HP Helion Eucalyptus 4.0 The POODLE Attack Important
2014-10-04 ESA-24 CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187 The Shellshock Bash Vulnerability Informational
2014-08-27 ESA-23 CVE-2014-5036 HP Helion Eucalyptus 3.4.2 to 4.0.0 Sensitive Information in HP Helion Eucalyptus Log Files Low
2014-08-27 ESA-22 CVE-2013-4770 Eucalyptus Management Console 4.0.0 XSS in the Eucalyptus Management Console Critical
2014-06-12 ESA-21 CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470, CVE-2014-5298 EuStore EMIs before 2014-06-10 EuStore EMIs are Affected by OpenSSL Vulnerabilities Important
2014-06-06 ESA-20 CVE-2014-0224 HP Helion Eucalyptus 3.4.2 and HP Helion Eucalyptus 4.0.0 OpenSSL CCS Injection Vulnerability Affects Load Balancing and Imaging Service EMIs Important
2014-06-06 ESA-19 CVE-2014-0224 Centos 6.5, RHEL 6 Update OpenSSL Packages to Address OpenSSL CCS Injection Vulnerability Informational
2014-04-10 ESA-18 CVE-2014-0160 Centos 6.5, RHEL 6 Update OpenSSL Packages to Address HeartBleed Bug Informational
2014-04-10 ESA-17 CVE-2014-0160 EuStore EMI 2714641871 (Fedora 18), EMI 0355237665 (Fedora 20), 1424900416 (OpenSUSE 12.2), 3550541955 (Debian Wheezy) The HeartBleed Bug Affects EuStore EMIs Critical
2014-03-11 ESA-16 CVE-2013-4769 HP Helion Eucalyptus 3.3.0 to HP Helion Eucalyptus 3.4.1 HP Helion Eucalyptus Can Act as an Open DNS Resolver Moderate
2014-03-11 ESA-15 CVE-2013-4768 HP Helion Eucalyptus 2.0 to HP Helion Eucalyptus 3.4.1 Web Services Denial of Service Vulnerability Important
2013-10-24 ESA-14 CVE-2013-4767 HP Helion Eucalyptus 3.0.0 to HP Helion Eucalyptus 3.3.1 Shell Injection Vulnerability on NC Critical
2013-09-11 ESA-13 CVE-2013-4766 HP Helion Eucalyptus 3.3.0 and earlier Unauthorized Access to CC/NC Log Files Moderate
2013-07-25 ESA-11 CVE-2013-1899 HP Helion Eucalyptus 3.2.x, 3.1.x Denial of Service Vulnerability in Postgres Important
2013-06-20 ESA-12 CVE-2013-2297 EuStore EMI EMI 3868652036 (Centos 6.3), EMI 0400376721 (Fedora 16), EMI 2425352071 (Fedora 17), 1347115203 (OpenSUSE 12.2) Insecure Configuration In Some EuStore EMIs Important
2013-04-16 ESA-10 CVE-2013-2296 HP Helion Eucalyptus 3.2.1 and earlier Missing Authorization Vulnerability in Walrus Low
2013-04-16 ESA-09 CVE-2012-4067 HP Helion Eucalyptus 3.2.1 and earlier Insecure XML Parsing Vulnerability in Walrus Important
2013-02-28 ESA-08 CVE-2012-4066 HP Helion Eucalyptus 3.2.0 and earlier Walrus Request Manipulation Vulnerability Important
2012-08-28 ESA-07 CVE-2012-4065 HP Helion Eucalyptus 3.0.2, 3.1.0 and earlier SOAP Web Services Authorization Bypass Vulnerability Critical
2012-08-28 ESA-06 CVE-2012-4064 HP Helion Eucalyptus 3.0.2, 3.1.0 and earlier SOAP Web Services Privilege Escalation Vulnerability Critical
2012-08-28 ESA-05 CVE-2012-4063 HP Helion Eucalyptus 3.0.2, 3.1.0 and earlier Insecure Apache Santuario (XML Security) Library Configuration Important
2012-07-11 ESA-04 CVE-2012-3241 HP Helion Eucalyptus 2.0.3, 3.0.1 and earlier VMWare Broker Lack of Authentication Vulnerability Critical
2012-07-11 ESA-03 CVE-2012-3240 HP Helion Eucalyptus 2.0.3, 3.0.1 and earlier Walrus Authentication Bypass Vulnerability Critical
2011-05-25 ESA-02 CVE-2011-0730 HP Helion Eucalyptus EE 2.0.1, HP Helion Eucalyptus 2.0.2 and earlier SOAP Interfaces Vulnerable to XML Signature Element Wrapping Attacks Critical
2010-12-16 ESA-01 CVE-2010-3905 HP Helion Eucalyptus 2.0.0, HP Helion Eucalyptus 2.0.1 Password Reset Vulnerability Critical