Vulnerabilities > Apache > Cloudstack > 2.1.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-15 | CVE-2022-26779 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Apache Cloudstack Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. | 4.6 |
| 2020-05-14 | CVE-2019-17562 | Improper Input Validation vulnerability in Apache Cloudstack A buffer overflow vulnerability has been found in the baremetal component of Apache CloudStack. | 7.5 |
| 2016-02-08 | CVE-2015-3252 | Credentials Management vulnerability in Apache Cloudstack Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote attackers to gain access by connecting to the VNC server. | 6.0 |
| 2015-01-15 | CVE-2014-9593 | Information Exposure vulnerability in Apache Cloudstack Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call. | 5.0 |
| 2014-01-15 | CVE-2014-0031 | Permissions, Privileges, and Access Controls vulnerability in Apache Cloudstack The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache CloudStack before 4.2.1 allow remote authenticated users to list network ACLS for other users via a crafted request. | 4.0 |
| 2014-01-15 | CVE-2013-6398 | Permissions, Privileges, and Access Controls vulnerability in Apache Cloudstack The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being restarted, which allows remote attackers to bypass intended restrictions via a request. | 2.8 |
| 2013-08-19 | CVE-2013-2136 | Cross-Site Scripting vulnerability in Apache Cloudstack Multiple cross-site scripting (XSS) vulnerabilities in Apache CloudStack before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Physical network name to the Zone wizard; (2) New network name, (3) instance name, or (4) group to the Instance wizard; (5) unspecified "multi-edit fields;" and (6) unspecified "list view" edit fields related to global settings. | 4.3 |