Vulnerabilities > Canonical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-22 | CVE-2015-1316 | Key Management Errors vulnerability in Canonical Juju Juju Core's Joyent provider before version 1.25.5 uploads the user's private ssh key. | 5.0 |
| 2019-04-22 | CVE-2014-1428 | 7PK - Security Features vulnerability in Canonical Metal AS A Service 1.9.0/1.9.1 A vulnerability in generate_filestorage_key of Ubuntu MAAS allows an attacker to brute-force filenames. | 5.0 |
| 2019-04-22 | CVE-2014-1427 | Cross-site Scripting vulnerability in Canonical Metal AS A Service 1.9.0/1.9.1 A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. | 4.3 |
| 2019-04-22 | CVE-2014-1426 | Improper Input Validation vulnerability in Canonical Metal AS A Service 1.9.0/1.9.1 A vulnerability in maasserver.api.get_file_by_name of Ubuntu MAAS allows unauthenticated network clients to download any file. | 5.0 |
| 2019-04-22 | CVE-2011-3151 | Protection Mechanism Failure vulnerability in Canonical Selinux The Ubuntu SELinux initscript before version 1:0.10 used touch to create a lockfile in a world-writable directory. | 5.8 |
| 2019-04-22 | CVE-2019-11235 | Insufficient Verification of Data Authenticity vulnerability in multiple products FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499. | 7.5 |
| 2019-04-22 | CVE-2019-11234 | Improper Authentication vulnerability in multiple products FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497. | 7.5 |
| 2019-04-19 | CVE-2019-11338 | NULL Pointer Dereference vulnerability in multiple products libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data. | 8.8 |
| 2019-04-18 | CVE-2019-11324 | Improper Certificate Validation vulnerability in multiple products The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. | 7.5 |
| 2019-04-18 | CVE-2019-3885 | Use After Free vulnerability in multiple products A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs. | 7.5 |