Canonical: Security Vulnerabilities
All versions of unity-scope-gdrive logs search terms to syslog.
CVSS Score
2.0
EPSS Score
0.008
Published
2019-04-22
UDM provides support for running commands after a download is completed, this is currently made use of for click package installation. This functionality was not restricted to unconfined applications. Before UDM version 1.2+16.04.20160408-0ubuntu1 any confined application could make use of the UDM C++ API to run arbitrary commands in an unconfined environment as the phablet user.
CVSS Score
6.7
EPSS Score
0.008
Published
2019-04-22
In all versions of AppArmor mount rules are accidentally widened when compiled.
CVSS Score
3.9
EPSS Score
0.01
Published
2019-04-22
Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an _viewlog operation.
CVSS Score
6.1
EPSS Score
0.024
Published
2019-04-22
A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service (application outage).
CVSS Score
8.1
EPSS Score
0.031
Published
2019-04-22
The Ubuntu SELinux initscript before version 1:0.10 used touch to create a lockfile in a world-writable directory. If the OS kernel does not have symlink protections then an attacker can cause a zero byte file to be allocated on any writable filesystem.
CVSS Score
5.2
EPSS Score
0.006
Published
2019-04-22
A vulnerability in maasserver.api.get_file_by_name of Ubuntu MAAS allows unauthenticated network clients to download any file. This issue affects: Ubuntu MAAS versions prior to 1.9.2.
CVSS Score
8.6
EPSS Score
0.014
Published
2019-04-22
A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. This issue affects MAAS versions prior to 1.9.2.
CVSS Score
9.6
EPSS Score
0.011
Published
2019-04-22
A vulnerability in generate_filestorage_key of Ubuntu MAAS allows an attacker to brute-force filenames. This issue affects Ubuntu MAAS versions prior to 1.9.2.
CVSS Score
2.0
EPSS Score
0.009
Published
2019-04-22
Juju Core's Joyent provider before version 1.25.5 uploads the user's private ssh key.
CVSS Score
6.4
EPSS Score
0.012
Published
2019-04-22