Eucalyptus Eucalyptus

22 CVEs affecting Eucalyptus Eucalyptus. Latest disclosed: 2018-02-15. Critical: 0, High: 3.

Top CVEs affecting Eucalyptus Eucalyptus
CVESeverityScorePublishedSummary
CVE-2016-8528High8.82018-02-15A Remote Escalation of Privilege vulnerability in HPE Helion Eucalyptus version 3.3.0 through 4.3.1 was found.
CVE-2016-8520High8.82018-02-15HPE Helion Eucalyptus v4.3.0 and earlier does not correctly check IAM user's permissions for accessing versioned objects and ACLs. In some cases, authenticated…
CVE-2015-6861High7.52016-01-05HPE Helion Eucalyptus 3.4.0 through 4.2.0 allows remote authenticated users to bypass an intended AssumeRole permission requirement and assume an IAM role by l…
CVE-2014-5040Medium6.82016-01-05HP Helion Eucalyptus 4.1.x before 4.1.2 and HPE Helion Eucalyptus 4.2.x before 4.2.1 allow remote authenticated users to bypass intended access restrictions an…
CVE-2017-7999Medium6.52017-06-01Atlassian Eucalyptus before 4.4.1, when in EDGE mode, allows remote authenticated users with certain privileges to cause a denial of service (E2 service outage…
CVE-2013-47692014-12-26The cloud controller (aka CLC) component in Eucalyptus 3.3.x and 3.4.x before 3.4.2, when the dns.recursive.enabled setting is used, allows remote attackers to…
CVE-2014-50382014-11-07Eucalyptus 3.0.0 through 4.0.1, when the log level is set to DEBUG or lower, logs user and system passwords, which allows local users to obtain sensitive infor…
CVE-2014-50372014-11-07Eucalyptus 4.0.0 through 4.0.1, when the log level is set to INFO, logs user and system passwords, which allows local users to obtain sensitive information by…
CVE-2014-50362014-09-05The Storage Controller (SC) component in Eucalyptus 3.4.2 through 4.0.x before 4.0.1, when Dell Equallogic SAN is used, logs the CHAP user credentials, which a…
CVE-2013-47682014-04-16The web services APIs in Eucalyptus 2.0 through 3.4.1 allow remote attackers to cause a denial of service via vectors related to the "network connection clean…
CVE-2013-47672013-10-10Unspecified vulnerability in Eucalyptus before 3.3.2 has unknown impact and attack vectors.
CVE-2013-47662013-09-17The gather log service in Eucalyptus before 3.3.1 allows remote attackers to read log files via an unspecified request to the (1) Cluster Controller (CC) or (2…
CVE-2013-22962013-09-17Walrus in Eucalyptus before 3.2.2 does not verify authorization for the GetBucketLoggingStatus, SetBucketLoggingStatus, and SetBucketVersioningStatus bucket op…
CVE-2012-40672013-09-17Walrus in Eucalyptus before 3.2.2 allows remote attackers to cause a denial of service (memory, thread, and CPU consumption) via a crafted XML message containi…
CVE-2012-40662013-03-08The internal message protocol for Walrus in Eucalyptus 3.2.0 and earlier does not require signatures for unspecified request headers, which allows attackers to…
CVE-2012-40652012-10-01Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authenticated users to bypass unspec…
CVE-2012-40642012-10-01Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authenticated users to gain privileg…
CVE-2012-40632012-10-01The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote at…
CVE-2012-32412012-07-17The VMware Broker in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 does not properly authenticate SOAP requests, which allows remote attackers to execute arbitrary V…
CVE-2012-32402012-07-17The Walrus service in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 allows remote attackers to gain administrator privileges via a crafted REST request.