Apache: >> Cloudstack >> 4.1.0 Security Vulnerabilities
Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote attackers to gain access by connecting to the VNC server.
CVSS Score
9.8
EPSS Score
0.019
Published
2016-02-08
Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call.
CVSS Score
5.0
EPSS Score
0.027
Published
2015-01-15
The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache CloudStack before 4.2.1 allow remote authenticated users to list network ACLS for other users via a crafted request.
CVSS Score
4.0
EPSS Score
0.003
Published
2014-01-15
The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being restarted, which allows remote attackers to bypass intended restrictions via a request.
CVSS Score
2.8
EPSS Score
0.01
Published
2014-01-15
Multiple cross-site scripting (XSS) vulnerabilities in Apache CloudStack before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Physical network name to the Zone wizard; (2) New network name, (3) instance name, or (4) group to the Instance wizard; (5) unspecified "multi-edit fields;" and (6) unspecified "list view" edit fields related to global settings.
CVSS Score
4.3
EPSS Score
0.067
Published
2013-08-19
Page 2