Product
eucalyptus
25 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2014-5039
CVE-2013-4770
CVE-2016-8528
CVE-2016-8520
CVE-2017-7999
CVE-2015-6861
CVE-2014-5040
CVE-2013-4769
CVE-2014-5038
CVE-2014-5037
CVE-2014-5036
CVE-2013-4768
CVE-2013-4767
CVE-2013-4766
CVE-2013-2297
CVE-2013-2296
CVE-2012-4067
CVE-2012-4066
CVE-2012-4065
CVE-2012-4064
CVE-2012-4063
CVE-2012-3241
CVE-2012-3240
CVE-2011-0730
CVE-2010-3905
>= 4.0.0 and < 4.0.2
Cross-site scripting (XSS) vulnerability in Eucalyptus Management Console (EMC) 4.0.x before 4.0.2 allows remote attackers to inje
>= 4.0.0 and < 4.0.1
Cross-site scripting (XSS) vulnerability in Eucalyptus Management Console (EMC) 4.0.x before 4.0.1 allows remote attackers to inje
>= 3.3.0 and <= 4.3.1
A Remote Escalation of Privilege vulnerability in HPE Helion Eucalyptus version 3.3.0 through 4.3.1 was found.
<= 4.3.0
HPE Helion Eucalyptus v4.3.0 and earlier does not correctly check IAM user's permissions for accessing versioned objects and ACLs.
all versions
Atlassian Eucalyptus before 4.4.1, when in EDGE mode, allows remote authenticated users with certain privileges to cause a denial
all versions
HPE Helion Eucalyptus 3.4.0 through 4.2.0 allows remote authenticated users to bypass an intended AssumeRole permission requiremen
all versions
HP Helion Eucalyptus 4.1.x before 4.1.2 and HPE Helion Eucalyptus 4.2.x before 4.2.1 allow remote authenticated users to bypass in
all versions
The cloud controller (aka CLC) component in Eucalyptus 3.3.x and 3.4.x before 3.4.2, when the dns.recursive.enabled setting is use
all versions
Eucalyptus 3.0.0 through 4.0.1, when the log level is set to DEBUG or lower, logs user and system passwords, which allows local us
all versions
Eucalyptus 4.0.0 through 4.0.1, when the log level is set to INFO, logs user and system passwords, which allows local users to obt
all versions
The Storage Controller (SC) component in Eucalyptus 3.4.2 through 4.0.x before 4.0.1, when Dell Equallogic SAN is used, logs the C
all versions
The web services APIs in Eucalyptus 2.0 through 3.4.1 allow remote attackers to cause a denial of service via vectors related to t
<= 3.3.1
Unspecified vulnerability in Eucalyptus before 3.3.2 has unknown impact and attack vectors.
<= 3.3.0
The gather log service in Eucalyptus before 3.3.1 allows remote attackers to read log files via an unspecified request to the (1)
all versions
Eucalyptus EuStore sets a blank root password in the default configuration of EMI 3868652036, EMI 0400376721, EMI 2425352071, and
<= 3.2.1
Walrus in Eucalyptus before 3.2.2 does not verify authorization for the GetBucketLoggingStatus, SetBucketLoggingStatus, and SetBuc
<= 3.2.1
Walrus in Eucalyptus before 3.2.2 allows remote attackers to cause a denial of service (memory, thread, and CPU consumption) via a
<= 3.2.0
The internal message protocol for Walrus in Eucalyptus 3.2.0 and earlier does not require signatures for unspecified request heade
<= 3.1.0
Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authent
<= 3.1.0
Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authent
<= 3.1.0
The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to docu
all versions
The VMware Broker in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 does not properly authenticate SOAP requests, which allows remote att
all versions
The Walrus service in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 allows remote attackers to gain administrator privileges via a craft
< 2.0.3
Eucalyptus before 2.0.3 and Eucalyptus EE before 2.0.2, as used in Ubuntu Enterprise Cloud (UEC) and other products, do not proper
all versions
The password reset feature in the administrator interface for Eucalyptus 2.0.0 and 2.0.1 does not perform authentication, which al