Vulnerabilities > Apache > Cloudstack
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-14 | CVE-2019-17562 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apache Cloudstack A buffer overflow vulnerability has been found in the baremetal component of Apache CloudStack. | 9.8 |
| 2018-02-06 | CVE-2016-6813 | Unspecified vulnerability in Apache Cloudstack Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call designed to allow a user to register for the developer API. | 9.8 |
| 2018-02-06 | CVE-2013-4317 | Information Exposure vulnerability in Apache Cloudstack 4.1.0/4.1.1 In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API call listProjectAccounts as a regular, non-administrative user, the user is able to see information for accounts other than their own. | 4.3 |
| 2016-06-10 | CVE-2016-3085 | 7PK - Security Features vulnerability in Apache Cloudstack Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1, when SAML-based authentication is enabled and used, allow remote attackers to bypass authentication and access the user interface via vectors related to the SAML plugin. | 6.5 |
| 2016-02-08 | CVE-2015-3252 | Credentials Management vulnerability in Apache Cloudstack Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote attackers to gain access by connecting to the VNC server. | 9.8 |
| 2016-02-08 | CVE-2015-3251 | Information Exposure vulnerability in Apache Cloudstack 4.4.4/4.5.1 Apache CloudStack before 4.5.2 might allow remote authenticated administrators to obtain sensitive password information for root accounts of virtual machines via unspecified vectors related to API calls. | 4.9 |