Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Cloudstack
(Apache)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 25 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2016-06-10 | CVE-2016-3085 | Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1, when SAML-based authentication is enabled and used, allow remote attackers to bypass authentication and access the user interface via vectors related to the SAML plugin. | Cloudstack | 6.5 | ||
| 2016-02-08 | CVE-2015-3252 | Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote attackers to gain access by connecting to the VNC server. | Cloudstack | 9.8 | ||
| 2016-02-08 | CVE-2015-3251 | Apache CloudStack before 4.5.2 might allow remote authenticated administrators to obtain sensitive password information for root accounts of virtual machines via unspecified vectors related to API calls. | Cloudstack | 4.9 | ||
| 2015-01-15 | CVE-2014-9593 | Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call. | Cloudstack | N/A | ||
| 2014-12-10 | CVE-2014-7807 | Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to bypass authentication via a login request without a password, which triggers an unauthenticated bind. | Cloudstack | N/A | ||
| 2014-01-15 | CVE-2014-0031 | The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache CloudStack before 4.2.1 allow remote authenticated users to list network ACLS for other users via a crafted request. | Cloudstack | N/A | ||
| 2014-01-15 | CVE-2013-6398 | The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being restarted, which allows remote attackers to bypass intended restrictions via a request. | Cloudstack | N/A | ||
| 2018-02-06 | CVE-2013-4317 | In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API call listProjectAccounts as a regular, non-administrative user, the user is able to see information for accounts other than their own. | Cloudstack | 4.3 | ||
| 2013-08-19 | CVE-2013-2136 | Multiple cross-site scripting (XSS) vulnerabilities in Apache CloudStack before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Physical network name to the Zone wizard; (2) New network name, (3) instance name, or (4) group to the Instance wizard; (5) unspecified "multi-edit fields;" and (6) unspecified "list view" edit fields related to global settings. | Cloudstack | N/A | ||
| 2012-10-26 | CVE-2012-4501 | Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs. | Cloudstack, Cloudstack | N/A |