389 matches found
Apache CloudStack Authentication Bypass Vulnerability (CNVD-2016-03958)
Apache CloudStack is open source software for deploying and managing large networks of virtual machines. After multiple versions of Apache CloudStack enabled SAML-based authentication, a remote attacker exploited this vulnerability to bypass authentication and access the user interface...
CVE-2016-3085
Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1, when SAML-based authentication is enabled and used, allow remote attackers to bypass authentication and access the user interface via vectors related to the SAML plugin...
CVE-2016-3085
Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1, when SAML-based authentication is enabled and used, allow remote attackers to bypass authentication and access the user interface via vectors related to the SAML plugin...
Authentication flaw
Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1, when SAML-based authentication is enabled and used, allow remote attackers to bypass authentication and access the user interface via vectors related to the SAML plugin...
CVE-2016-3085
CVE-2016-3085 affects Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1. When SAML-based authentication is enabled, remote attackers can bypass authentication and access the user interface via vectors related to the SAML plugin. The conne...
CVE-2016-3085
Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1, when SAML-based authentication is enabled and used, allow remote attackers to bypass authentication and access the user interface via vectors related to the SAML plugin...
Apache CloudStack Trust Management Vulnerability
Apache CloudStack is a suite of open source cloud computing software from the Apache Apache Software Foundation in the United States. The software can be used to deploy, manage, and configure public and private clouds IaaS. A security vulnerability exists in Apache CloudStack 4.5.1 and earlier...
Apache CloudStack Information Disclosure Vulnerability (CNVD-2016-01066)
Apache CloudStack is a suite of open source cloud computing software from the Apache USA Software Foundation. The software can be used to deploy, manage, and configure public and private clouds IaaS. A security vulnerability exists in Apache CloudStack versions 4.5.1 and earlier. A remote attacke...
CVE-2015-3252
Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote attackers to gain access by connecting to the VNC server...
CVE-2015-3251
Apache CloudStack before 4.5.2 might allow remote authenticated administrators to obtain sensitive password information for root accounts of virtual machines via unspecified vectors related to API calls...
Code injection
Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote attackers to gain access by connecting to the VNC server...
Design/Logic Flaw
Apache CloudStack before 4.5.2 might allow remote authenticated administrators to obtain sensitive password information for root accounts of virtual machines via unspecified vectors related to API calls...
CVE-2015-3252
Apache CloudStack vulnerability CVE-2015-3252 affects CloudStack before 4.5.2 (4.5.1 and earlier per CNVD). The issue arises from improper preservation of VNC passwords during KVM VM migrations, enabling a remote attacker to gain access by connecting to the VNC server. According to the sources, t...
CVE-2015-3252
Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote attackers to gain access by connecting to the VNC server...
CVE-2015-3251
Apache CloudStack before 4.5.2 might allow remote authenticated administrators to obtain sensitive password information for root accounts of virtual machines via unspecified vectors related to API calls...
CVE-2015-3251
CVE-2015-3251 : In Apache CloudStack, versions before 4.5.2 allow remote authenticated administrators to obtain sensitive password information for root accounts of virtual machines via unspecified API-call vectors. The vulnerability is an information disclosure issue tied to the API surface used ...
Apache CloudStack Information Disclosure Vulnerability
Apache CloudStack is an open source cloud computing solution. An information disclosure vulnerability exists in Apache CloudStack, which allows remote attackers to exploit this vulnerability to obtain private keys via listSslCerts API calls...
CVE-2014-9593
Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call...
Code injection
Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call...
CVE-2014-9593
Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call...