Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-1427 | 1 Canonical | 1 Metal As A Service | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. This issue affects MAAS versions prior to 1.9.2. | |||||
CVE-2014-1426 | 1 Canonical | 1 Metal As A Service | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in maasserver.api.get_file_by_name of Ubuntu MAAS allows unauthenticated network clients to download any file. This issue affects: Ubuntu MAAS versions prior to 1.9.2. | |||||
CVE-2014-1428 | 1 Canonical | 1 Metal As A Service | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
A vulnerability in generate_filestorage_key of Ubuntu MAAS allows an attacker to brute-force filenames. This issue affects Ubuntu MAAS versions prior to 1.9.2. | |||||
CVE-2015-1320 | 1 Canonical | 1 Metal As A Service | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
The SeaMicro provisioning of Ubuntu MAAS logs credentials, including username and password, for the management interface. This issue affects Ubuntu MAAS versions prior to 1.9.2. |