Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cloudstack vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2013-4317
In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API call listProjectAccounts as a regular, non-administrative user, the user is able to see information for accounts other than their own.
Apache Cloudstack 4.1.0
Apache Cloudstack 4.1.1
445
VMScore
CVE-2013-2758
Apache CloudStack 4.0.0 prior to 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x prior to 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote malicious users to guess the console access URL via a brute force attack.
Apache Cloudstack 4.0.2
Apache Cloudstack 4.0.1
Citrix Cloudplatform 3.0.3
Citrix Cloudplatform 3.0.5
Apache Cloudstack 4.0.0
Citrix Cloudplatform 3.0.6
Citrix Cloudplatform 3.0
Citrix Cloudplatform 3.0.4
445
VMScore
CVE-2013-2756
Apache CloudStack 4.0.0 prior to 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x prior to 3.0.6 Patch C allows remote malicious users to bypass the console proxy authentication by leveraging knowledge of the source code.
Apache Cloudstack 4.0.2
Apache Cloudstack 4.0.1
Citrix Cloudplatform 3.0.3
Citrix Cloudplatform 3.0.5
Apache Cloudstack 4.0.0
Citrix Cloudplatform 3.0.6
Citrix Cloudplatform 3.0
Citrix Cloudplatform 3.0.4
409
VMScore
CVE-2022-26779
Apache CloudStack before 4.16.1.0 used insecure random number generation for project invitation tokens. If a project invite is created based only on an email address, a random token is generated. An attacker with knowledge of the project ID and the fact that the invite is sent, c...
Apache Cloudstack
668
VMScore
CVE-2019-17562
A buffer overflow vulnerability has been found in the baremetal component of Apache CloudStack. This applies to all versions before 4.13.1. The vulnerability is due to the lack of validation of the mac parameter in baremetal virtual router. If you insert an arbitrary shell comman...
Apache Cloudstack
534
VMScore
CVE-2015-3252
Apache CloudStack prior to 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote malicious users to gain access by connecting to the VNC server.
Apache Cloudstack
134
VMScore
CVE-2012-5616
Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) prior to 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of...
Citrix Cloudplatform
Apache Cloudstack 4.0.0
NA
CVE-2024-29006
By default the CloudStack management server honours the x-forwarded-for HTTP header and logs it as the source IP of an API request. This could lead to authentication bypass and other operational problems should an attacker decide to spoof their IP address this way. Users are reco...
668
VMScore
CVE-2013-2757
Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x prior to 3.0.6 Patch C does not properly restrict access to VNC ports on the management network, which allows remote malicious users to have unspecified impact via unknown vectors.
Citrix Cloudplatform 3.0.6
Citrix Cloudplatform 3.0
Citrix Cloudplatform 3.0.5
Citrix Cloudplatform 3.0.3
Citrix Cloudplatform 3.0.4
NA
CVE-2024-29008
A problem has been identified in the CloudStack additional VM configuration (extraconfig) feature which can be misused by anyone who has privilege to deploy a VM instance or configure settings of an already deployed VM instance, to configure additional VM configuration even when ...
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »