Apache Libcloud vulnerabilities
3 known vulnerabilities affecting apache/libcloud.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
MEDIUM2LOW1
Vulnerabilities
Page 1 of 1
CVE-2013-6480LOWCVSS 2.1PoCv0.12.3v0.12.4+3 more2014-01-07
CVE-2013-6480 [LOW] CWE-200 CVE-2013-6480: Libcloud 0.12.3 through 0.13.2 does not set the scrub_data parameter for the destroy DigitalOcean AP
Libcloud 0.12.3 through 0.13.2 does not set the scrub_data parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM.
nvd
CVE-2012-3446MEDIUMCVSS 5.9fixed in 0.11.02012-11-04
CVE-2012-3446 [MEDIUM] CWE-295 CVE-2012-3446: Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether th
Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
nvd
CVE-2010-4340MEDIUMCVSS 4.3≤ 0.4.0v0.2.0+2 more2011-09-12
CVE-2010-4340 [MEDIUM] CWE-264 CVE-2010-4340: libcloud before 0.4.1 does not verify SSL certificates for HTTPS connections, which allows remote at
libcloud before 0.4.1 does not verify SSL certificates for HTTPS connections, which allows remote attackers to spoof certificates and bypass intended access restrictions via a man-in-the-middle (MITM) attack.
nvd