Vulnerabilities > Canonical > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-04-22 CVE-2014-1427 Cross-site Scripting vulnerability in Canonical Metal AS A Service 1.9.0/1.9.1
A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting.
network
canonical CWE-79
4.3
2019-04-22 CVE-2014-1426 Improper Input Validation vulnerability in Canonical Metal AS A Service 1.9.0/1.9.1
A vulnerability in maasserver.api.get_file_by_name of Ubuntu MAAS allows unauthenticated network clients to download any file.
network
low complexity
canonical CWE-20
5.0
2019-04-22 CVE-2011-3151 Protection Mechanism Failure vulnerability in Canonical Selinux
The Ubuntu SELinux initscript before version 1:0.10 used touch to create a lockfile in a world-writable directory.
network
canonical CWE-693
5.8
2019-04-18 CVE-2018-16878 Resource Exhaustion vulnerability in multiple products
A flaw was found in pacemaker up to and including version 2.0.1.
5.5
2019-04-18 CVE-2019-11035 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function.
network
low complexity
php canonical netapp CWE-119
6.4
2019-04-18 CVE-2019-11034 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function.
network
low complexity
php canonical netapp CWE-119
6.4
2019-04-11 CVE-2019-9628 Improper Handling of Exceptional Conditions vulnerability in multiple products
The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class.
network
low complexity
xmltooling-project canonical opensuse CWE-755
5.0
2019-04-11 CVE-2019-3460 Improper Input Validation vulnerability in multiple products
A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1.
6.5
2019-04-11 CVE-2019-3459 Out-of-bounds Read vulnerability in multiple products
A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.
6.5
2019-04-09 CVE-2019-3887 Incorrect Authorization vulnerability in multiple products
A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled.
local
high complexity
linux fedoraproject canonical redhat CWE-863
5.6