Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
eucalyptus eucalyptus 2.0.0 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2010-3905
The password reset feature in the administrator interface for Eucalyptus 2.0.0 and 2.0.1 does not perform authentication, which allows remote malicious users to gain privileges by sending password reset requests for other users.
Eucalyptus Eucalyptus 2.0.0
Eucalyptus Eucalyptus 2.0.1
5
CVSSv2
CVE-2012-4063
The Apache Santuario configuration in Eucalyptus prior to 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote malicious users to cause a denial of service via unspecified vectors.
Eucalyptus Eucalyptus 1.0
Eucalyptus Eucalyptus 1.1
Eucalyptus Eucalyptus 3.1.1
Eucalyptus Eucalyptus 3.0
Eucalyptus Eucalyptus 1.4
Eucalyptus Eucalyptus 1.5.1
Eucalyptus Eucalyptus 1.6.2
Eucalyptus Eucalyptus 1.5.2
Eucalyptus Eucalyptus
Eucalyptus Eucalyptus 1.2
Eucalyptus Eucalyptus 2.0.3
Eucalyptus Eucalyptus 1.3
Eucalyptus Eucalyptus 3.0.1
Eucalyptus Eucalyptus 2.0.2
Eucalyptus Eucalyptus 2.0.1
Eucalyptus Eucalyptus 2.0.0
Eucalyptus Eucalyptus 2.0
Eucalyptus Eucalyptus 1.6
5
CVSSv2
CVE-2012-4066
The internal message protocol for Walrus in Eucalyptus 3.2.0 and previous versions does not require signatures for unspecified request headers, which allows malicious users to (1) delete or (2) upload snapshots.
Eucalyptus Eucalyptus 1.4
Eucalyptus Eucalyptus 2.0
Eucalyptus Eucalyptus 3.0
Eucalyptus Eucalyptus 3.0.1
Eucalyptus Eucalyptus 3.1.0
Eucalyptus Eucalyptus 1.6
Eucalyptus Eucalyptus 2.0.1
Eucalyptus Eucalyptus 2.0.0
Eucalyptus Eucalyptus 1.6.2
Eucalyptus Eucalyptus 1.5.1
Eucalyptus Eucalyptus 1.2
Eucalyptus Eucalyptus 2.0.3
Eucalyptus Eucalyptus 1.3
Eucalyptus Eucalyptus
Eucalyptus Eucalyptus 1.0
Eucalyptus Eucalyptus 1.1
Eucalyptus Eucalyptus 1.5.2
Eucalyptus Eucalyptus 2.0.2
3.5
CVSSv2
CVE-2012-4065
Eucalyptus prior to 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authenticated users to bypass unspecified authorization checks and obtain direct access to a (1) Cloud Controller or (2) Walrus service via a crafted messa...
Eucalyptus Eucalyptus 1.3
Eucalyptus Eucalyptus 1.0
Eucalyptus Eucalyptus 1.1
Eucalyptus Eucalyptus 2.0.1
Eucalyptus Eucalyptus 2.0.2
Eucalyptus Eucalyptus 3.1.1
Eucalyptus Eucalyptus 3.0
Eucalyptus Eucalyptus 2.0
Eucalyptus Eucalyptus 1.5.1
Eucalyptus Eucalyptus 2.0.3
Eucalyptus Eucalyptus 2.0.0
Eucalyptus Eucalyptus 1.5.2
Eucalyptus Eucalyptus
Eucalyptus Eucalyptus 1.4
Eucalyptus Eucalyptus 1.2
Eucalyptus Eucalyptus 1.6.2
Eucalyptus Eucalyptus 3.0.1
Eucalyptus Eucalyptus 1.6
6.5
CVSSv2
CVE-2012-4064
Eucalyptus prior to 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authenticated users to gain privileges by sending a message to (1) Cloud Controller or (2) Walrus with the internal message format and a modified user id.
Eucalyptus Eucalyptus 1.1
Eucalyptus Eucalyptus 2.0.1
Eucalyptus Eucalyptus 2.0.0
Eucalyptus Eucalyptus 1.6.2
Eucalyptus Eucalyptus 1.4
Eucalyptus Eucalyptus 1.5.1
Eucalyptus Eucalyptus 3.0
Eucalyptus Eucalyptus 2.0
Eucalyptus Eucalyptus 1.6
Eucalyptus Eucalyptus
Eucalyptus Eucalyptus 1.2
Eucalyptus Eucalyptus 1.3
Eucalyptus Eucalyptus 3.0.1
Eucalyptus Eucalyptus 3.1.1
Eucalyptus Eucalyptus 2.0.3
Eucalyptus Eucalyptus 1.0
Eucalyptus Eucalyptus 1.5.2
Eucalyptus Eucalyptus 2.0.2
4.3
CVSSv2
CVE-2012-4067
Walrus in Eucalyptus prior to 3.2.2 allows remote malicious users to cause a denial of service (memory, thread, and CPU consumption) via a crafted XML message containing a DTD, as demonstrated by a bucket-logging request.
Eucalyptus Eucalyptus 3.1.0
Eucalyptus Eucalyptus 3.0.1
Eucalyptus Eucalyptus 3.0
Eucalyptus Eucalyptus 2.0.3
Eucalyptus Eucalyptus 1.0
Eucalyptus Eucalyptus
Eucalyptus Eucalyptus 3.2.0
Eucalyptus Eucalyptus 3.1.2
Eucalyptus Eucalyptus 1.6.2
Eucalyptus Eucalyptus 1.6
Eucalyptus Eucalyptus 1.5.2
Eucalyptus Eucalyptus 1.5.1
Eucalyptus Eucalyptus 3.1.1
Eucalyptus Eucalyptus 2.0.2
Eucalyptus Eucalyptus 2.0.0
Eucalyptus Eucalyptus 1.3
Eucalyptus Eucalyptus 1.1
Eucalyptus Eucalyptus 2.0.1
Eucalyptus Eucalyptus 2.0
Eucalyptus Eucalyptus 1.4
Eucalyptus Eucalyptus 1.2
5.5
CVSSv2
CVE-2013-2296
Walrus in Eucalyptus prior to 3.2.2 does not verify authorization for the GetBucketLoggingStatus, SetBucketLoggingStatus, and SetBucketVersioningStatus bucket operations, which allows remote authenticated users to bypass intended restrictions on (1) modifying the logging setting,...
Eucalyptus Eucalyptus 1.5.1
Eucalyptus Eucalyptus 1.4
Eucalyptus Eucalyptus 1.3
Eucalyptus Eucalyptus 1.2
Eucalyptus Eucalyptus 2.0.3
Eucalyptus Eucalyptus 2.0.2
Eucalyptus Eucalyptus 2.0.1
Eucalyptus Eucalyptus 2.0.0
Eucalyptus Eucalyptus 3.1.2
Eucalyptus Eucalyptus 3.1.0
Eucalyptus Eucalyptus 3.0
Eucalyptus Eucalyptus 2.0
Eucalyptus Eucalyptus 1.6
Eucalyptus Eucalyptus 1.0
Eucalyptus Eucalyptus 3.2.0
Eucalyptus Eucalyptus 3.1.1
Eucalyptus Eucalyptus 3.0.1
Eucalyptus Eucalyptus 1.6.2
Eucalyptus Eucalyptus 1.5.2
Eucalyptus Eucalyptus 1.1
Eucalyptus Eucalyptus
4.3
CVSSv2
CVE-2013-4766
The gather log service in Eucalyptus prior to 3.3.1 allows remote malicious users to read log files via an unspecified request to the (1) Cluster Controller (CC) or (2) Node Controller (NC) component.
Eucalyptus Eucalyptus 1.6
Eucalyptus Eucalyptus 1.6.2
Eucalyptus Eucalyptus 2.0
Eucalyptus Eucalyptus 2.0.0
Eucalyptus Eucalyptus 1.0
Eucalyptus Eucalyptus 1.1
Eucalyptus Eucalyptus 1.2
Eucalyptus Eucalyptus 3.0.1
Eucalyptus Eucalyptus 3.1.0
Eucalyptus Eucalyptus 3.1.1
Eucalyptus Eucalyptus 3.1.2
Eucalyptus Eucalyptus 3.2.0
Eucalyptus Eucalyptus 1.4
Eucalyptus Eucalyptus 1.5.2
Eucalyptus Eucalyptus 2.0.1
Eucalyptus Eucalyptus 2.0.3
Eucalyptus Eucalyptus 3.2.1
Eucalyptus Eucalyptus
Eucalyptus Eucalyptus 1.3
Eucalyptus Eucalyptus 1.5.1
Eucalyptus Eucalyptus 2.0.2
Eucalyptus Eucalyptus 3.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started