Eucalyptus Eucalyptus
22 CVEs affecting Eucalyptus Eucalyptus. Latest disclosed: 2018-02-15. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2016-8528 | High | 8.8 | 2018-02-15 | A Remote Escalation of Privilege vulnerability in HPE Helion Eucalyptus version 3.3.0 through 4.3.1 was found. |
CVE-2016-8520 | High | 8.8 | 2018-02-15 | HPE Helion Eucalyptus v4.3.0 and earlier does not correctly check IAM user's permissions for accessing versioned objects and ACLs. In some cases, authenticated… |
CVE-2015-6861 | High | 7.5 | 2016-01-05 | HPE Helion Eucalyptus 3.4.0 through 4.2.0 allows remote authenticated users to bypass an intended AssumeRole permission requirement and assume an IAM role by l… |
CVE-2014-5040 | Medium | 6.8 | 2016-01-05 | HP Helion Eucalyptus 4.1.x before 4.1.2 and HPE Helion Eucalyptus 4.2.x before 4.2.1 allow remote authenticated users to bypass intended access restrictions an… |
CVE-2017-7999 | Medium | 6.5 | 2017-06-01 | Atlassian Eucalyptus before 4.4.1, when in EDGE mode, allows remote authenticated users with certain privileges to cause a denial of service (E2 service outage… |
CVE-2013-4769 | | 2014-12-26 | The cloud controller (aka CLC) component in Eucalyptus 3.3.x and 3.4.x before 3.4.2, when the dns.recursive.enabled setting is used, allows remote attackers to… | |
CVE-2014-5038 | | 2014-11-07 | Eucalyptus 3.0.0 through 4.0.1, when the log level is set to DEBUG or lower, logs user and system passwords, which allows local users to obtain sensitive infor… | |
CVE-2014-5037 | | 2014-11-07 | Eucalyptus 4.0.0 through 4.0.1, when the log level is set to INFO, logs user and system passwords, which allows local users to obtain sensitive information by… | |
CVE-2014-5036 | | 2014-09-05 | The Storage Controller (SC) component in Eucalyptus 3.4.2 through 4.0.x before 4.0.1, when Dell Equallogic SAN is used, logs the CHAP user credentials, which a… | |
CVE-2013-4768 | | 2014-04-16 | The web services APIs in Eucalyptus 2.0 through 3.4.1 allow remote attackers to cause a denial of service via vectors related to the "network connection clean… | |
CVE-2013-4767 | | 2013-10-10 | Unspecified vulnerability in Eucalyptus before 3.3.2 has unknown impact and attack vectors. | |
CVE-2013-4766 | | 2013-09-17 | The gather log service in Eucalyptus before 3.3.1 allows remote attackers to read log files via an unspecified request to the (1) Cluster Controller (CC) or (2… | |
CVE-2013-2296 | | 2013-09-17 | Walrus in Eucalyptus before 3.2.2 does not verify authorization for the GetBucketLoggingStatus, SetBucketLoggingStatus, and SetBucketVersioningStatus bucket op… | |
CVE-2012-4067 | | 2013-09-17 | Walrus in Eucalyptus before 3.2.2 allows remote attackers to cause a denial of service (memory, thread, and CPU consumption) via a crafted XML message containi… | |
CVE-2012-4066 | | 2013-03-08 | The internal message protocol for Walrus in Eucalyptus 3.2.0 and earlier does not require signatures for unspecified request headers, which allows attackers to… | |
CVE-2012-4065 | | 2012-10-01 | Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authenticated users to bypass unspec… | |
CVE-2012-4064 | | 2012-10-01 | Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authenticated users to gain privileg… | |
CVE-2012-4063 | | 2012-10-01 | The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote at… | |
CVE-2012-3241 | | 2012-07-17 | The VMware Broker in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 does not properly authenticate SOAP requests, which allows remote attackers to execute arbitrary V… | |
CVE-2012-3240 | | 2012-07-17 | The Walrus service in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 allows remote attackers to gain administrator privileges via a crafted REST request. |