Vulnerabilities > Apache > Cloudstack > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-07-05 CVE-2024-39864 Unspecified vulnerability in Apache Cloudstack
The CloudStack integration API service allows running its unauthenticated API server (usually on port 8096 when configured and enabled via integration.api.port global setting) for internal portal integrations and for testing purposes.
network
low complexity
apache
critical
9.8
2024-07-05 CVE-2024-38346 Unspecified vulnerability in Apache Cloudstack
The CloudStack cluster service runs on unauthenticated port (default 9090) that can be misused to run arbitrary commands on targeted hypervisors and CloudStack management server hosts.
network
low complexity
apache
critical
9.8
2022-07-18 CVE-2022-35741 XXE vulnerability in Apache Cloudstack
Apache CloudStack version 4.5.0 and later has a SAML 2.0 authentication Service Provider plugin which is found to be vulnerable to XML external entity (XXE) injection.
network
low complexity
apache CWE-611
critical
9.8
2020-05-14 CVE-2019-17562 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apache Cloudstack
A buffer overflow vulnerability has been found in the baremetal component of Apache CloudStack.
network
low complexity
apache CWE-119
critical
9.8
2018-02-06 CVE-2016-6813 Unspecified vulnerability in Apache Cloudstack
Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call designed to allow a user to register for the developer API.
network
low complexity
apache
critical
9.8
2016-02-08 CVE-2015-3252 Credentials Management vulnerability in Apache Cloudstack
Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote attackers to gain access by connecting to the VNC server.
network
low complexity
apache CWE-255
critical
9.8