Vulnerabilities > Canonical > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-23 | CVE-2019-2566 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Plug-in). | 4.0 |
| 2019-04-23 | CVE-2019-7303 | Unspecified vulnerability in Canonical Snapd and Ubuntu Linux A vulnerability in the seccomp filters of Canonical snapd before version 2.37.4 allows a strict mode snap to insert characters into a terminal on a 64-bit host. | 5.0 |
| 2019-04-23 | CVE-2019-11474 | Incorrect Calculation vulnerability in multiple products coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (floating-point exception and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009. | 6.5 |
| 2019-04-22 | CVE-2019-11459 | Use of Uninitialized Resource vulnerability in multiple products The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files. | 5.5 |
| 2019-04-22 | CVE-2019-11454 | Cross-site Scripting vulnerability in multiple products Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an _viewlog operation. | 6.1 |
| 2019-04-22 | CVE-2015-1343 | Information Exposure Through Log Files vulnerability in Canonical Ubuntu Linux 15.10 All versions of unity-scope-gdrive logs search terms to syslog. | 5.0 |
| 2019-04-22 | CVE-2015-1327 | Permissions, Privileges, and Access Controls vulnerability in Canonical Ubuntu Linux 15.04 Content Hub before version 0.0+15.04.20150331-0ubuntu1.0 DBUS API only requires a file path for a content item, it doesn't actually require the confined app have access to the file to create a transfer. | 4.3 |
| 2019-04-22 | CVE-2015-1320 | Credentials Management vulnerability in Canonical Metal AS A Service 1.9.0/1.9.1 The SeaMicro provisioning of Ubuntu MAAS logs credentials, including username and password, for the management interface. | 5.0 |
| 2019-04-22 | CVE-2015-1316 | Key Management Errors vulnerability in Canonical Juju Juju Core's Joyent provider before version 1.25.5 uploads the user's private ssh key. | 5.0 |
| 2019-04-22 | CVE-2014-1428 | 7PK - Security Features vulnerability in Canonical Metal AS A Service 1.9.0/1.9.1 A vulnerability in generate_filestorage_key of Ubuntu MAAS allows an attacker to brute-force filenames. | 5.0 |