CVE Tools

eucalyptus

Cloud & SaaSoss-project

21

Cumulative CVEs

12

Monthly snapshots

#23

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting eucalyptus.

CVE-2014-5039Cross-site scripting (XSS) vulnerability in Eucalyptus Management Console (EMC) 4.0.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.9.6Jan 31, 2020
CVE-2013-4770Cross-site scripting (XSS) vulnerability in Eucalyptus Management Console (EMC) 4.0.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.6.1Jan 27, 2020
CVE-2016-8528A Remote Escalation of Privilege vulnerability in HPE Helion Eucalyptus version 3.3.0 through 4.3.1 was found.8.8Feb 15, 2018
CVE-2016-8520HPE Helion Eucalyptus v4.3.0 and earlier does not correctly check IAM user's permissions for accessing versioned objects and ACLs. In some cases, authenticated users with S3 permissions could also ...8.8Feb 15, 2018
CVE-2017-7999Atlassian Eucalyptus before 4.4.1, when in EDGE mode, allows remote authenticated users with certain privileges to cause a denial of service (E2 service outage) via unspecified vectors.6.5Jun 1, 2017
CVE-2015-6861HPE Helion Eucalyptus 3.4.0 through 4.2.0 allows remote authenticated users to bypass an intended AssumeRole permission requirement and assume an IAM role by leveraging a policy setting for a user'...7.5Jan 5, 2016
CVE-2014-5040HP Helion Eucalyptus 4.1.x before 4.1.2 and HPE Helion Eucalyptus 4.2.x before 4.2.1 allow remote authenticated users to bypass intended access restrictions and modify arbitrary (1) access key cred...6.8Jan 5, 2016
CVE-2013-4769The cloud controller (aka CLC) component in Eucalyptus 3.3.x and 3.4.x before 3.4.2, when the dns.recursive.enabled setting is used, allows remote attackers to cause a denial of service (traffic am...4.3Dec 26, 2014
CVE-2014-5038Eucalyptus 3.0.0 through 4.0.1, when the log level is set to DEBUG or lower, logs user and system passwords, which allows local users to obtain sensitive information by reading the cloud log files.2.1Nov 7, 2014
CVE-2014-5037Eucalyptus 4.0.0 through 4.0.1, when the log level is set to INFO, logs user and system passwords, which allows local users to obtain sensitive information by reading cloud-requests.log.2.1Nov 7, 2014
CVE-2014-5036The Storage Controller (SC) component in Eucalyptus 3.4.2 through 4.0.x before 4.0.1, when Dell Equallogic SAN is used, logs the CHAP user credentials, which allows local users to obtain sensitive ...1.9Sep 5, 2014
CVE-2013-4768The web services APIs in Eucalyptus 2.0 through 3.4.1 allow remote attackers to cause a denial of service via vectors related to the "network connection clean up code" and (1) Cloud Controller (CLC...5.0Apr 15, 2014
CVE-2013-4767Unspecified vulnerability in Eucalyptus before 3.3.2 has unknown impact and attack vectors.10.0Oct 10, 2013
CVE-2013-4766The gather log service in Eucalyptus before 3.3.1 allows remote attackers to read log files via an unspecified request to the (1) Cluster Controller (CC) or (2) Node Controller (NC) component.4.3Sep 17, 2013
CVE-2013-2297Eucalyptus EuStore sets a blank root password in the default configuration of EMI 3868652036, EMI 0400376721, EMI 2425352071, and EMI 1347115203, which allows local users to gain privileges via uns...6.9Sep 17, 2013