Vulnerabilities > Canonical > Metal AS A Service > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-22 | CVE-2014-1428 | 7PK - Security Features vulnerability in Canonical Metal AS a Service 1.9.0/1.9.1 A vulnerability in generate_filestorage_key of Ubuntu MAAS allows an attacker to brute-force filenames. | 5.3 |
| 2019-04-22 | CVE-2014-1427 | Cross-site Scripting vulnerability in Canonical Metal AS a Service 1.9.0/1.9.1 A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. | 6.1 |