Vulnerabilities > Canonical > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-04-22 | CVE-2014-1427 | Cross-site Scripting vulnerability in Canonical Metal AS A Service 1.9.0/1.9.1 A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. | 4.3 |
2019-04-22 | CVE-2014-1426 | Improper Input Validation vulnerability in Canonical Metal AS A Service 1.9.0/1.9.1 A vulnerability in maasserver.api.get_file_by_name of Ubuntu MAAS allows unauthenticated network clients to download any file. | 5.0 |
2019-04-22 | CVE-2011-3151 | Protection Mechanism Failure vulnerability in Canonical Selinux The Ubuntu SELinux initscript before version 1:0.10 used touch to create a lockfile in a world-writable directory. | 5.8 |
2019-04-18 | CVE-2018-16878 | Resource Exhaustion vulnerability in multiple products A flaw was found in pacemaker up to and including version 2.0.1. | 5.5 |
2019-04-18 | CVE-2019-11035 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. | 6.4 |
2019-04-18 | CVE-2019-11034 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. | 6.4 |
2019-04-11 | CVE-2019-9628 | Improper Handling of Exceptional Conditions vulnerability in multiple products The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. | 5.0 |
2019-04-11 | CVE-2019-3460 | Improper Input Validation vulnerability in multiple products A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1. | 6.5 |
2019-04-11 | CVE-2019-3459 | Out-of-bounds Read vulnerability in multiple products A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1. | 6.5 |
2019-04-09 | CVE-2019-3887 | Incorrect Authorization vulnerability in multiple products A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. | 5.6 |