VYPR

Libcloud

by Apache

Source repositories

CVEs (3)

  • CVE-2012-3446MedNov 4, 2012
    risk 0.31cvss 5.9epss 0.01

    Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL…

  • CVE-2013-6480Jan 7, 2014
    risk 0.00cvss epss 0.02

    Libcloud 0.12.3 through 0.13.2 does not set the scrub_data parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM.

  • CVE-2010-4340Sep 12, 2011
    risk 0.00cvss epss 0.01

    libcloud before 0.4.1 does not verify SSL certificates for HTTPS connections, which allows remote attackers to spoof certificates and bypass intended access restrictions via a man-in-the-middle (MITM) attack.