389 matches found
Apache CloudStack Input Validation Error Vulnerability
Apache CloudStack is a set of Infrastructure as a Service IaaS cloud computing platforms from the Apache Software Apache Software Foundation in the United States. The platform is primarily used for deploying and managing large networks of virtual machines. A buffer overflow vulnerability exists i...
CVE-2019-17562
A buffer overflow vulnerability has been found in the baremetal component of Apache CloudStack. This applies to all versions prior to 4.13.1. The vulnerability is due to the lack of validation of the mac parameter in baremetal virtual router. If you insert an arbitrary shell command into the mac...
CVE-2019-17562
A buffer overflow vulnerability has been found in the baremetal component of Apache CloudStack. This applies to all versions prior to 4.13.1. The vulnerability is due to the lack of validation of the mac parameter in baremetal virtual router. If you insert an arbitrary shell command into the mac...
Buffer overflow
A buffer overflow vulnerability has been found in the baremetal component of Apache CloudStack. This applies to all versions prior to 4.13.1. The vulnerability is due to the lack of validation of the mac parameter in baremetal virtual router. If you insert an arbitrary shell command into the mac...
CVE-2019-17562
A buffer overflow vulnerability has been found in the baremetal component of Apache CloudStack. This applies to all versions prior to 4.13.1. The vulnerability is due to the lack of validation of the mac parameter in baremetal virtual router. If you insert an arbitrary shell command into the mac...
CVE-2019-17562
Apache CloudStack baremetal component contains a buffer overflow (affecting all versions prior to 4.13.1) caused by inadequate validation of the mac parameter in baremetal virtual router. An attacker can inject shell commands via the mac field (example: /baremetal/provisiondone/{mac} with special...
CVE-2013-4317
In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API call listProjectAccounts as a regular, non-administrative user, the user is able to see information for accounts other than their own...
Apache CloudStack Information Disclosure Vulnerability (CNVD-2018-03759)
Apache CloudStack is a suite of open source cloud computing software from the Apache USA Software Foundation. The software can be used to deploy, manage, and configure public and private clouds IaaS. A security vulnerability exists in Apache CloudStack versions 4.1.0 and 4.1.1. An attacker could...
Design/Logic Flaw
Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call designed to allow a user to register for the developer API. If a malicious user is able to determine the ID of another non-"root" CloudStack user, the malicious user may be able to reset the API keys for the other user, in turn...
Information disclosure
In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API call listProjectAccounts as a regular, non-administrative user, the user is able to see information for accounts other than their own...
CVE-2016-6813
Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call designed to allow a user to register for the developer API. If a malicious user is able to determine the ID of another non-"root" CloudStack user, the malicious user may be able to reset the API keys for the other user, in turn...
CVE-2013-4317
In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API call listProjectAccounts as a regular, non-administrative user, the user is able to see information for accounts other than their own...
CVE-2016-6813
Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call designed to allow a user to register for the developer API. If a malicious user is able to determine the ID of another non-"root" CloudStack user, the malicious user may be able to reset the API keys for the other user, in turn...
CVE-2013-4317
In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API call listProjectAccounts as a regular, non-administrative user, the user is able to see information for accounts other than their own...
CVE-2016-6813
Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call designed to allow a user to register for the developer API. If a malicious user is able to determine the ID of another non-"root" CloudStack user, the malicious user may be able to reset the API keys for the other user, in turn...
CVE-2013-4317
CVE-2013-4317 describes an information-disclosure vulnerability in Apache CloudStack versions 4.1.0 and 4.1.1 . When a regular, non-administrative user calls the CloudStack API operation listProjectAccounts , the user can view information for accounts other than their own. The connected Red Hat a...
CVE-2016-6813
CVE-2016-6813 affects Apache CloudStack 4.1–4.8.1.0 and 4.9.0.0. The issue is an API call that lets a user register for the developer API, and if the attacker can determine another non-root user’s CloudStack ID, they may reset that user’s API keys and gain access to their account and resources. T...
PT-2018-4968 · Apache · Apache Cloudstack
Name of the Vulnerable Software and Affected Versions: Apache CloudStack versions 4.1 through 4.8.1.0 Apache CloudStack version 4.9.0.0 Description: The issue allows a malicious user to reset the API keys for another non-root CloudStack user if the malicious user can determine the ID of that user...
Apache CloudStack Authorization Bypass Vulnerability
Apache CloudStack is open source software for deploying and managing large networks of virtual machines. An authorization bypass vulnerability exists in Apache CloudStack 4.1 and later. An attacker can exploit this vulnerability to gain unauthorized access and sensitive information...
SOL05715414 - Apache CloudStack vulnerability CVE-2016-3085
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...