Skip to main content

Eucalyptus

18 CVEs product

Monthly

CVE-2017-7999 MEDIUM This Month

Atlassian Eucalyptus before 4.4.1, when in EDGE mode, allows remote authenticated users with certain privileges to cause a denial of service (E2 service outage) via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Atlassian Eucalyptus
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2015-6861 HIGH This Week

HPE Helion Eucalyptus 3.4.0 through 4.2.0 allows remote authenticated users to bypass an intended AssumeRole permission requirement and assume an IAM role by leveraging a policy setting for a user's. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Eucalyptus
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2014-5040 MEDIUM This Month

HP Helion Eucalyptus 4.1.x before 4.1.2 and HPE Helion Eucalyptus 4.2.x before 4.2.1 allow remote authenticated users to bypass intended access restrictions and modify arbitrary (1) access key. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

HP Privilege Escalation Eucalyptus
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2013-4769 MEDIUM This Month

The cloud controller (aka CLC) component in Eucalyptus 3.3.x and 3.4.x before 3.4.2, when the dns.recursive.enabled setting is used, allows remote attackers to cause a denial of service (traffic. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Eucalyptus
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-5038 LOW PATCH Monitor

Eucalyptus 3.0.0 through 4.0.1, when the log level is set to DEBUG or lower, logs user and system passwords, which allows local users to obtain sensitive information by reading the cloud log files. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Eucalyptus
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-5037 LOW PATCH Monitor

Eucalyptus 4.0.0 through 4.0.1, when the log level is set to INFO, logs user and system passwords, which allows local users to obtain sensitive information by reading cloud-requests.log. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Eucalyptus
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-5036 LOW Monitor

The Storage Controller (SC) component in Eucalyptus 3.4.2 through 4.0.x before 4.0.1, when Dell Equallogic SAN is used, logs the CHAP user credentials, which allows local users to obtain sensitive. Rated low severity (CVSS 1.9). No vendor patch available.

Information Disclosure Dell Eucalyptus
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2013-4768 MEDIUM This Month

The web services APIs in Eucalyptus 2.0 through 3.4.1 allow remote attackers to cause a denial of service via vectors related to the "network connection clean up code" and (1) Cloud Controller (CLC),. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service VMware Eucalyptus
NVD VulDB
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-4767 CRITICAL Act Now

Unspecified vulnerability in Eucalyptus before 3.3.2 has unknown impact and attack vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Eucalyptus
NVD
CVSS 2.0
10.0
EPSS
0.5%
CVE-2013-4766 Maven MEDIUM PATCH This Month

The gather log service in Eucalyptus before 3.3.1 allows remote attackers to read log files via an unspecified request to the (1) Cluster Controller (CC) or (2) Node Controller (NC) component. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Eucalyptus
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-2296 MEDIUM This Month

Walrus in Eucalyptus before 3.2.2 does not verify authorization for the GetBucketLoggingStatus, SetBucketLoggingStatus, and SetBucketVersioningStatus bucket operations, which allows remote. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Eucalyptus
NVD
CVSS 2.0
5.5
EPSS
0.1%
CVE-2012-4067 MEDIUM This Month

Walrus in Eucalyptus before 3.2.2 allows remote attackers to cause a denial of service (memory, thread, and CPU consumption) via a crafted XML message containing a DTD, as demonstrated by a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Eucalyptus
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-4066 MEDIUM This Month

The internal message protocol for Walrus in Eucalyptus 3.2.0 and earlier does not require signatures for unspecified request headers, which allows attackers to (1) delete or (2) upload snapshots. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Eucalyptus
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2012-4065 LOW Monitor

Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authenticated users to bypass unspecified authorization checks and obtain. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Eucalyptus
NVD
CVSS 2.0
3.5
EPSS
0.1%
CVE-2012-4064 MEDIUM This Month

Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authenticated users to gain privileges by sending a message to (1) Cloud. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Eucalyptus
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2012-4063 MEDIUM This Month

The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service Apache Eucalyptus
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2012-3241 HIGH This Week

The VMware Broker in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 does not properly authenticate SOAP requests, which allows remote attackers to execute arbitrary VMware Broker API commands. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation VMware Eucalyptus
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2012-3240 HIGH This Week

The Walrus service in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 allows remote attackers to gain administrator privileges via a crafted REST request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Eucalyptus
NVD
CVSS 2.0
7.5
EPSS
0.5%
EPSS 0% CVSS 6.5
MEDIUM This Month

Atlassian Eucalyptus before 4.4.1, when in EDGE mode, allows remote authenticated users with certain privileges to cause a denial of service (E2 service outage) via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Atlassian Eucalyptus
NVD
EPSS 0% CVSS 7.5
HIGH This Week

HPE Helion Eucalyptus 3.4.0 through 4.2.0 allows remote authenticated users to bypass an intended AssumeRole permission requirement and assume an IAM role by leveraging a policy setting for a user's. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Eucalyptus
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

HP Helion Eucalyptus 4.1.x before 4.1.2 and HPE Helion Eucalyptus 4.2.x before 4.2.1 allow remote authenticated users to bypass intended access restrictions and modify arbitrary (1) access key. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

HP Privilege Escalation Eucalyptus
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The cloud controller (aka CLC) component in Eucalyptus 3.3.x and 3.4.x before 3.4.2, when the dns.recursive.enabled setting is used, allows remote attackers to cause a denial of service (traffic. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Eucalyptus
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

Eucalyptus 3.0.0 through 4.0.1, when the log level is set to DEBUG or lower, logs user and system passwords, which allows local users to obtain sensitive information by reading the cloud log files. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Eucalyptus
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

Eucalyptus 4.0.0 through 4.0.1, when the log level is set to INFO, logs user and system passwords, which allows local users to obtain sensitive information by reading cloud-requests.log. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Eucalyptus
NVD
EPSS 0% CVSS 1.9
LOW Monitor

The Storage Controller (SC) component in Eucalyptus 3.4.2 through 4.0.x before 4.0.1, when Dell Equallogic SAN is used, logs the CHAP user credentials, which allows local users to obtain sensitive. Rated low severity (CVSS 1.9). No vendor patch available.

Information Disclosure Dell Eucalyptus
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The web services APIs in Eucalyptus 2.0 through 3.4.1 allow remote attackers to cause a denial of service via vectors related to the "network connection clean up code" and (1) Cloud Controller (CLC),. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service VMware Eucalyptus
NVD VulDB
EPSS 1% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in Eucalyptus before 3.3.2 has unknown impact and attack vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Eucalyptus
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The gather log service in Eucalyptus before 3.3.1 allows remote attackers to read log files via an unspecified request to the (1) Cluster Controller (CC) or (2) Node Controller (NC) component. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Eucalyptus
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Walrus in Eucalyptus before 3.2.2 does not verify authorization for the GetBucketLoggingStatus, SetBucketLoggingStatus, and SetBucketVersioningStatus bucket operations, which allows remote. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Eucalyptus
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Walrus in Eucalyptus before 3.2.2 allows remote attackers to cause a denial of service (memory, thread, and CPU consumption) via a crafted XML message containing a DTD, as demonstrated by a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Eucalyptus
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The internal message protocol for Walrus in Eucalyptus 3.2.0 and earlier does not require signatures for unspecified request headers, which allows attackers to (1) delete or (2) upload snapshots. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Eucalyptus
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authenticated users to bypass unspecified authorization checks and obtain. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Eucalyptus
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authenticated users to gain privileges by sending a message to (1) Cloud. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Eucalyptus
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service Apache +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The VMware Broker in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 does not properly authenticate SOAP requests, which allows remote attackers to execute arbitrary VMware Broker API commands. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation VMware Eucalyptus
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The Walrus service in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 allows remote attackers to gain administrator privileges via a crafted REST request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Eucalyptus
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy