Vulnerabilities > Apache > Cloudstack > 4.19.0.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-12 | CVE-2024-50386 | Unspecified vulnerability in Apache Cloudstack Account users in Apache CloudStack by default are allowed to register templates to be downloaded directly to the primary storage for deploying instances. | 9.9 |
| 2024-10-16 | CVE-2024-45461 | Missing Authorization vulnerability in Apache Cloudstack The CloudStack Quota feature allows cloud administrators to implement a quota or usage limit system for cloud resources, and is disabled by default. | 6.3 |
| 2024-10-16 | CVE-2024-45462 | Unspecified vulnerability in Apache Cloudstack The logout operation in the CloudStack web interface does not expire the user session completely which is valid until expiry by time or restart of the backend service. | 7.1 |
| 2024-10-16 | CVE-2024-45693 | Unspecified vulnerability in Apache Cloudstack Users logged into the Apache CloudStack's web interface can be tricked to submit malicious CSRF requests due to missing validation of the origin of the requests. | 8.8 |
| 2024-08-07 | CVE-2024-42062 | Incorrect Authorization vulnerability in Apache Cloudstack CloudStack account-users by default use username and password based authentication for API and UI access. | 7.2 |
| 2024-07-19 | CVE-2024-41107 | Unspecified vulnerability in Apache Cloudstack The CloudStack SAML authentication (disabled by default) does not enforce signature check. | 8.1 |