Vulnerabilities > Canonical > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-23 | CVE-2019-2566 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Plug-in). | 4.9 |
| 2019-04-23 | CVE-2019-11474 | Incorrect Calculation vulnerability in multiple products coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (floating-point exception and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009. | 6.5 |
| 2019-04-22 | CVE-2019-11459 | Use of Uninitialized Resource vulnerability in multiple products The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files. | 5.5 |
| 2019-04-22 | CVE-2019-11454 | Cross-site Scripting vulnerability in multiple products Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an _viewlog operation. | 6.1 |
| 2019-04-22 | CVE-2015-1343 | Information Exposure Through Log Files vulnerability in Canonical Ubuntu Linux 15.10 All versions of unity-scope-gdrive logs search terms to syslog. | 5.3 |
| 2019-04-22 | CVE-2014-1428 | 7PK - Security Features vulnerability in Canonical Metal AS a Service 1.9.0/1.9.1 A vulnerability in generate_filestorage_key of Ubuntu MAAS allows an attacker to brute-force filenames. | 5.3 |
| 2019-04-22 | CVE-2014-1427 | Cross-site Scripting vulnerability in Canonical Metal AS a Service 1.9.0/1.9.1 A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. | 6.1 |
| 2019-04-22 | CVE-2011-3151 | Protection Mechanism Failure vulnerability in Canonical Selinux The Ubuntu SELinux initscript before version 1:0.10 used touch to create a lockfile in a world-writable directory. | 5.9 |
| 2019-04-18 | CVE-2018-16878 | Resource Exhaustion vulnerability in multiple products A flaw was found in pacemaker up to and including version 2.0.1. | 5.5 |
| 2019-04-11 | CVE-2019-3460 | Improper Input Validation vulnerability in multiple products A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1. | 6.5 |