Lucene search
+L

10 matches found

cve
cve
added 2025/12/03 3:45 p.m.18 views

CVE-2025-7044

The set of connected documents confirms a concrete vulnerability in MAAS: the user websocket handler does improper input validation, enabling an authenticated, unprivileged attacker to intercept a user.update request and inject is_superuser = true, which can grant full administrative control over...

7.7CVSS6.4AI score0.00237EPSS
Exploits0References1Affected Software1
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2013-1109

Malware in sbrugna...

2.1CVSS6.1AI score0.00379EPSS
Exploits0References3
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2013-1110

Malware in sbrugna...

4.3CVSS6.1AI score0.02379EPSS
Exploits1References4
cnnvd
cnnvd
added 2025/07/21 12:0 a.m.5 views

Canonical MAAS 安全漏洞

Canonical MAAS is a Canonical open source software for large-scale physical server management and automated deployment. A security vulnerability exists in Canonical MAAS that stems from insufficient authentication and could allow an attacker to bypass authentication checks and run RPC commands...

9.8CVSS6.4AI score0.00363EPSS
Exploits1References2
cnvd
cnvd
added 2019/04/24 12:0 a.m.2 views

MAAS Cross-Site Scripting Vulnerability

Canonical Ubuntu Metal as a Service MAAS is a suite of cloud server deployment and management tools from Canonical in the UK. The tool enables centralized deployment and management of a large number of server hardware environments. A cross-site scripting vulnerability exists in the REST API in...

9.6CVSS6.4AI score0.01088EPSS
Exploits0References1
osv
osv
added 2015/09/25 6:42 p.m.5 views

USN-2746-2 simplestreams regression

USN-2746-1 fixed a vulnerability in Simple Streams. The update caused a regression preventing MAAS from downloading PXE images. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Simple Streams did not properly perform gpg...

5.8AI score
Exploits0References2
nvd
nvd
added 2014/02/17 4:55 p.m.25 views

CVE-2013-1069

Ubuntu Metal as a Service MaaS 1.2 and 1.4 uses world-readable permissions for txlongpoll.yaml, which allows local users to obtain RabbitMQ authentication credentials by reading the file...

2.1CVSS6.2AI score0.00379EPSS
Exploits0References2
cvelist
cvelist
added 2014/02/17 4:0 p.m.28 views

CVE-2013-1070

Cross-site scripting XSS vulnerability in the API in Ubuntu Metal as a Service MaaS 1.2 and 1.4 allows remote attackers to inject arbitrary web script or HTML via the op parameter to nodes/...

5.5AI score0.02379EPSS
Exploits1References3
cvelist
cvelist
added 2014/02/17 4:0 p.m.27 views

CVE-2013-1069

Ubuntu Metal as a Service MaaS 1.2 and 1.4 uses world-readable permissions for txlongpoll.yaml, which allows local users to obtain RabbitMQ authentication credentials by reading the file...

6.2AI score0.00379EPSS
Exploits0References2
cve
cve
added 2014/02/17 4:0 p.m.65 views

CVE-2013-1070

The CVE-2013-1070 entry concerns Ubuntu MAAS (Metal as a Service) API XSS on the nodes/ op parameter in MAAS 1.2 and 1.4. The connected Ubuntu USN-2105-1 describes two issues: (1) a cross-site scripting vulnerability in the MAAS API that could allow an attacker to modify contents or steal data wi...

4.3CVSS5.6AI score0.02379EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder