Vulnerabilities > Apache > Cloudstack > 4.3.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-15 | CVE-2022-26779 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Apache Cloudstack Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. | 4.6 |
| 2020-05-14 | CVE-2019-17562 | Improper Input Validation vulnerability in Apache Cloudstack A buffer overflow vulnerability has been found in the baremetal component of Apache CloudStack. | 7.5 |
| 2018-02-06 | CVE-2016-6813 | Unspecified vulnerability in Apache Cloudstack Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call designed to allow a user to register for the developer API. | 9.8 |
| 2016-02-08 | CVE-2015-3252 | Credentials Management vulnerability in Apache Cloudstack Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote attackers to gain access by connecting to the VNC server. | 6.0 |
| 2015-01-15 | CVE-2014-9593 | Information Exposure vulnerability in Apache Cloudstack Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call. | 5.0 |
| 2014-12-10 | CVE-2014-7807 | Improper Authentication vulnerability in Apache Cloudstack Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to bypass authentication via a login request without a password, which triggers an unauthenticated bind. | 5.0 |