Lucene search
+L
ApacheCloudstack4.0.0

4 matches found

CVE
CVE
added 2024/07/05 1:40 p.m.113 views

CVE-2024-39864

The CVE-2024-39864 issue affects Apache CloudStack's Integration API service. When integration.api.port is set to 0 (default), an improper initialisation causes the unauthenticated integration API server to listen on a random port. An attacker with access to the CloudStack management network coul...

9.8CVSS9.9AI score0.01772EPSS
CVE
CVE
added 2024/07/05 1:40 p.m.83 views

CVE-2024-38346

CVE-2024-38346 affects Apache CloudStack’s cluster service that runs on an unauthenticated port (default 9090). The provided documents describe a code-injection vulnerability enabling remote code execution on targeted hypervisors and CloudStack management server hosts, potentially leading to comp...

9.8CVSS10AI score0.03301EPSS
CVE
CVE
added 2024/11/12 2:34 p.m.71 views

CVE-2024-50386

CVE-2024-50386 affects Apache CloudStack where by default, derived KVM-compatible templates can be registered for download to primary storage. The root cause is missing validation checks for KVM templates in CloudStack versions 4.0.0–4.18.2.4 and 4.19.0–4.19.1.2. An attacker able to register temp...

9.9CVSS8.7AI score0.01419EPSS
CVE
CVE
added 2024/10/16 7:55 a.m.64 views

CVE-2024-45219

Apache CloudStack CVE-2024-45219 concerns a KVM-related vulnerability where default user uploads/registrations of templates and volumes can bypass validation for KVM-compatible disks. The issue spans CloudStack versions 4.0.0–4.18.2.3 and 4.19.0.0–4.19.1.1, allowing an attacker who can upload or ...

8.5CVSS8.8AI score0.01229EPSS