Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 17 results


CVE-2022-48197

Medium priority
Needs evaluation

** UNSUPPORTED WHEN ASSIGNED ** Reflected cross-site scripting (XSS) exists in Sandbox examples in the YUI2 repository. The download distributions, TreeView component and the YUI Javascript library overall are not affected. NOTE:...

3 affected packages

maas, yui, yui3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
maas Not in release Not affected Not affected Not affected
yui Not in release Not in release Not in release Needs evaluation
yui3 Not in release Not affected Not affected Not affected
Show less packages

CVE-2012-2092

Medium priority

Some fixes available 3 of 4

A Security Bypass vulnerability exists in Ubuntu Cobbler before 2,2,2 in the cobbler-ubuntu-import script due to an error when verifying the GPG signature.

2 affected packages

cobbler, maas-provision

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cobbler
maas-provision
Show less packages

CVE-2015-1320

Medium priority
Ignored

The SeaMicro provisioning of Ubuntu MAAS logs credentials, including username and password, for the management interface. This issue affects Ubuntu MAAS versions prior to 1.9.2.

1 affected packages

maas

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
maas Not affected
Show less packages

CVE-2014-1428

Medium priority
Ignored

A vulnerability in generate_filestorage_key of Ubuntu MAAS allows an attacker to brute-force filenames. This issue affects Ubuntu MAAS versions prior to 1.9.2.

1 affected packages

maas

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
maas Not affected
Show less packages

CVE-2014-1427

Medium priority
Ignored

A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. This issue affects MAAS versions prior to 1.9.2.

1 affected packages

maas

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
maas Not affected
Show less packages

CVE-2014-1426

Medium priority
Ignored

A vulnerability in maasserver.api.get_file_by_name of Ubuntu MAAS allows unauthenticated network clients to download any file. This issue affects: Ubuntu MAAS versions prior to 1.9.2.

1 affected packages

maas

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
maas Not affected
Show less packages

CVE-2016-9605

Medium priority
Ignored

A flaw was found in cobbler software component version 2.6.11-1. It suffers from an invalid parameter validation vulnerability, leading the arbitrary file reading. The flaw is triggered by navigating to a vulnerable URL...

2 affected packages

cobbler, maas-provision

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cobbler Not in release Not in release Not in release Not affected
maas-provision Not in release Not in release Not in release Not in release
Show less packages

CVE-2014-3225

Medium priority

Some fixes available 1 of 10

Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile.

2 affected packages

cobbler, maas-provision

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cobbler Not in release Not in release Not in release Fixed
maas-provision Not in release Not in release Not in release Not in release
Show less packages

CVE-2013-1069

Medium priority

Some fixes available 3 of 4

Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 uses world-readable permissions for txlongpoll.yaml, which allows local users to obtain RabbitMQ authentication credentials by reading the file.

1 affected packages

maas

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
maas
Show less packages

CVE-2013-1070

Medium priority
Fixed

Cross-site scripting (XSS) vulnerability in the API in Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 allows remote attackers to inject arbitrary web script or HTML via the op parameter to nodes/.

1 affected packages

maas

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
maas
Show less packages