60 matches found
[SECURITY] Fedora 20 Update: python-libcloud-0.13.3-1.fc20
libcloud is a client library for interacting with many of the popular cloud server providers. It was created to make it easy for developers to build products that work between any of the services that it supports...
[SECURITY] Fedora 18 Update: python-libcloud-0.13.3-1.fc18
libcloud is a client library for interacting with many of the popular cloud server providers. It was created to make it easy for developers to build products that work between any of the services that it supports...
[SECURITY] Fedora 19 Update: python-libcloud-0.13.3-1.fc19
libcloud is a client library for interacting with many of the popular cloud server providers. It was created to make it easy for developers to build products that work between any of the services that it supports...
Apache libcloud pritection bypass
Parameter to scrub data after deletion does not acutally work...
[CVE-2013-6480] Libcloud doesn't send scrub_data query parameter when destroying a DigitalOcean node
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE-2013-6480 Libcloud doesn't send scrubdata query parameter when destroying a DigitalOcean node Severity: Low Vendor: Apache Software Foundation Project: Apache Libcloud http://libcloud.apache.org/ Affected Versions: Apache Libcloud 0.12.3 to 0.13...
CVE-2013-6480
Libcloud 0.12.3 through 0.13.2 does not set the scrubdata parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM...
PYSEC-2014-97
Libcloud 0.12.3 through 0.13.2 does not set the scrubdata parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM...
Design/Logic Flaw
Libcloud 0.12.3 through 0.13.2 does not set the scrubdata parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM...
PYSEC-2014-97
Libcloud 0.12.3 through 0.13.2 does not set the scrubdata parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM...
CVE-2013-6480
Libcloud 0.12.3 through 0.13.2 does not set the scrubdata parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM...
CVE-2013-6480
CVE-2013-6480 affects Libcloud 0.12.3–0.13.2 where destroy DigitalOcean API calls do not set scrub_data, enabling local users with access to a new VM to obtain sensitive data. The incident is documented by multiple advisories (GHSA-G892-9H8M-R69R, OSV) and vendor/openSUSE/Fedora records. The publ...
CVE-2013-6480
Libcloud 0.12.3 through 0.13.2 does not set the scrubdata parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM...
Apache Libcloud Digital Ocean API本地信息泄露漏洞
BUGTRAQ ID: 64617 CVECAN ID: CVE-2013-6480 libcloud 是用Python开发的访问云计算服务的统一接口。 Apache Libcloud 0.12.3-0.13.2版本销毁DigitalOcean节点时,没有发送scrubdata query参数,这可使本地攻击者利用此漏洞获取敏感信息。 0 Apache Group Libcloud 0.12.3 - 0.13.3 厂商补丁: Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
Apache Libcloud Digital Ocean API - Local Information Disclosure
source: https://www.securityfocus.com/bid/64617/info Apache Libcloud is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information. Information obtained may lead to further attacks. Apache Libcloud versions 0.12.3 through 0.13.2 a...
Apache Libcloud Digital Ocean API - Local Information Disclosure
Apache Libcloud Digital Ocean API - Local Information Disclosure source: https://www.securityfocus.com/bid/64617/info Apache Libcloud is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information. Information obtained may lead to...
CVE-2012-3446
Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted...
CVE-2012-3446
Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted...
DEBIAN-CVE-2012-3446
Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted...
Code injection
Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted...
PYSEC-2012-12
Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted...