Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cloudstack vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2015-3251
Apache CloudStack prior to 4.5.2 might allow remote authenticated administrators to obtain sensitive password information for root accounts of virtual machines via unspecified vectors related to API calls.
Apache Cloudstack 4.5.1
Apache Cloudstack 4.4.4
445
VMScore
CVE-2013-2756
Apache CloudStack 4.0.0 prior to 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x prior to 3.0.6 Patch C allows remote malicious users to bypass the console proxy authentication by leveraging knowledge of the source code.
Apache Cloudstack 4.0.2
Apache Cloudstack 4.0.1
Citrix Cloudplatform 3.0.3
Citrix Cloudplatform 3.0.5
Apache Cloudstack 4.0.0
Citrix Cloudplatform 3.0.6
Citrix Cloudplatform 3.0
Citrix Cloudplatform 3.0.4
445
VMScore
CVE-2013-2758
Apache CloudStack 4.0.0 prior to 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x prior to 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote malicious users to guess the console access URL via a brute force attack.
Apache Cloudstack 4.0.2
Apache Cloudstack 4.0.1
Citrix Cloudplatform 3.0.3
Citrix Cloudplatform 3.0.5
Apache Cloudstack 4.0.0
Citrix Cloudplatform 3.0.6
Citrix Cloudplatform 3.0
Citrix Cloudplatform 3.0.4
409
VMScore
CVE-2022-26779
Apache CloudStack before 4.16.1.0 used insecure random number generation for project invitation tokens. If a project invite is created based only on an email address, a random token is generated. An attacker with knowledge of the project ID and the fact that the invite is sent, c...
Apache Cloudstack
534
VMScore
CVE-2015-3252
Apache CloudStack prior to 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote malicious users to gain access by connecting to the VNC server.
Apache Cloudstack
668
VMScore
CVE-2019-17562
A buffer overflow vulnerability has been found in the baremetal component of Apache CloudStack. This applies to all versions before 4.13.1. The vulnerability is due to the lack of validation of the mac parameter in baremetal virtual router. If you insert an arbitrary shell comman...
Apache Cloudstack
134
VMScore
CVE-2012-5616
Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) prior to 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of...
Citrix Cloudplatform
Apache Cloudstack 4.0.0
NA
CVE-2024-29006
By default the CloudStack management server honours the x-forwarded-for HTTP header and logs it as the source IP of an API request. This could lead to authentication bypass and other operational problems should an attacker decide to spoof their IP address this way. Users are reco...
668
VMScore
CVE-2013-2757
Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x prior to 3.0.6 Patch C does not properly restrict access to VNC ports on the management network, which allows remote malicious users to have unspecified impact via unknown vectors.
Citrix Cloudplatform 3.0.6
Citrix Cloudplatform 3.0
Citrix Cloudplatform 3.0.5
Citrix Cloudplatform 3.0.3
Citrix Cloudplatform 3.0.4
NA
CVE-2024-29007
The CloudStack management server and secondary storage VM could be tricked into making requests to restricted or random resources by means of following 301 HTTP redirects presented by external servers when downloading templates or ISOs. Users are recommended to upgrade to version...
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »