Vulnerabilities > Canonical

DATE CVE VULNERABILITY TITLE RISK
2019-04-22 CVE-2015-1327 Permissions, Privileges, and Access Controls vulnerability in Canonical Ubuntu Linux 15.04
Content Hub before version 0.0+15.04.20150331-0ubuntu1.0 DBUS API only requires a file path for a content item, it doesn't actually require the confined app have access to the file to create a transfer.
local
low complexity
canonical CWE-264
7.8
7.8
2019-04-22 CVE-2015-1320 Credentials Management vulnerability in Canonical Metal AS a Service 1.9.0/1.9.1
The SeaMicro provisioning of Ubuntu MAAS logs credentials, including username and password, for the management interface.
network
low complexity
canonical CWE-255
critical
 9.8
9.8
2019-04-22 CVE-2015-1316 Key Management Errors vulnerability in Canonical Juju
Juju Core's Joyent provider before version 1.25.5 uploads the user's private ssh key.
network
low complexity
canonical CWE-320
7.5
7.5
2019-04-22 CVE-2014-1428 7PK - Security Features vulnerability in Canonical Metal AS a Service 1.9.0/1.9.1
A vulnerability in generate_filestorage_key of Ubuntu MAAS allows an attacker to brute-force filenames.
network
low complexity
canonical CWE-254
5.3
5.3
2019-04-22 CVE-2014-1427 Cross-site Scripting vulnerability in Canonical Metal AS a Service 1.9.0/1.9.1
A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting.
network
low complexity
canonical CWE-79
6.1
6.1
2019-04-22 CVE-2014-1426 Improper Input Validation vulnerability in Canonical Metal AS a Service 1.9.0/1.9.1
A vulnerability in maasserver.api.get_file_by_name of Ubuntu MAAS allows unauthenticated network clients to download any file.
network
low complexity
canonical CWE-20
7.5
7.5
2019-04-22 CVE-2011-3151 Protection Mechanism Failure vulnerability in Canonical Selinux
The Ubuntu SELinux initscript before version 1:0.10 used touch to create a lockfile in a world-writable directory.
network
high complexity
canonical CWE-693
5.9
5.9
2019-04-22 CVE-2019-11235 Insufficient Verification of Data Authenticity vulnerability in multiple products
FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499.
network
low complexity
freeradius fedoraproject redhat canonical opensuse CWE-345
critical
 9.8
9.8
2019-04-22 CVE-2019-11234 Improper Authentication vulnerability in multiple products
FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497.
network
low complexity
freeradius fedoraproject redhat canonical CWE-287
critical
 9.8
9.8
2019-04-19 CVE-2019-11338 NULL Pointer Dereference vulnerability in multiple products
libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data.
network
low complexity
ffmpeg debian novell canonical CWE-476
8.8
8.8