20 matches found
EUVD-2014-1504
Malware in sbrugna...
EUVD-2014-1502
Malware in sbrugna...
EUVD-2014-1503
Malware in sbrugna...
EUVD-2015-1461
Malware in sbrugna...
CVE-2015-1320
The SeaMicro provisioning of Ubuntu MAAS logs credentials, including username and password, for the management interface. This issue affects Ubuntu MAAS versions prior to 1.9.2...
Design/Logic Flaw
The SeaMicro provisioning of Ubuntu MAAS logs credentials, including username and password, for the management interface. This issue affects Ubuntu MAAS versions prior to 1.9.2...
UBUNTU-CVE-2014-1428
A vulnerability in generatefilestoragekey of Ubuntu MAAS allows an attacker to brute-force filenames. This issue affects Ubuntu MAAS versions prior to 1.9.2...
Cross site scripting
A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. This issue affects MAAS versions prior to 1.9.2...
Design/Logic Flaw
A vulnerability in maasserver.api.getfilebyname of Ubuntu MAAS allows unauthenticated network clients to download any file. This issue affects: Ubuntu MAAS versions prior to 1.9.2...
CVE-2015-1320
The SeaMicro provisioning of Ubuntu MAAS logs credentials, including username and password, for the management interface. This issue affects Ubuntu MAAS versions prior to 1.9.2...
CVE-2014-1427 MAAS API vulnerable to CSRF attack
A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. This issue affects MAAS versions prior to 1.9.2...
CVE-2014-1428
The CVE-2014-1428 entry concerns Ubuntu MAAS and the generate_filestorage_key function. Affected: MAAS versions prior to 1.9.2. Issue: vulnerability that allows an attacker to brute-force filenames due to flaws in key/identifier generation. Impact details are limited to the described statment; ex...
CVE-2015-1320 Probe-and-enlist for SeaMicro chassis writes password to the log
The SeaMicro provisioning of Ubuntu MAAS logs credentials, including username and password, for the management interface. This issue affects Ubuntu MAAS versions prior to 1.9.2...
CVE-2014-1428 uuid.uuid1() is not suitable as an unguessable identifier/token
A vulnerability in generatefilestoragekey of Ubuntu MAAS allows an attacker to brute-force filenames. This issue affects Ubuntu MAAS versions prior to 1.9.2...
CVE-2015-1320
The CVE describes a credential disclosure issue in the SeaMicro provisioning used by Ubuntu MAAS: credentials (username and password) are logged by the management interface. Affected are MAAS versions before 1.9.2. This is tied to the SeaMicro provisioning flow and exposes sensitive data via logs...
CVE-2014-1426
CVE-2014-1426 concerns a vulnerability in MAAS (Ubuntu MAAS) where maasserver.api.get_file_by_name can be abused by unauthenticated network clients to download arbitrary files. Affected: MAAS versions prior to 1.9.2. The underlying issue is not fully detailed in the provided documents, but the im...
CVE-2013-1070
Cross-site scripting XSS vulnerability in the API in Ubuntu Metal as a Service MaaS 1.2 and 1.4 allows remote attackers to inject arbitrary web script or HTML via the op parameter to nodes/...
Cross site scripting
Cross-site scripting XSS vulnerability in the API in Ubuntu Metal as a Service MaaS 1.2 and 1.4 allows remote attackers to inject arbitrary web script or HTML via the op parameter to nodes/...
CVE-2013-1069
Ubuntu Metal as a Service MaaS 1.2 and 1.4 uses world-readable permissions for txlongpoll.yaml, which allows local users to obtain RabbitMQ authentication credentials by reading the file...
CVE-2013-1070
Cross-site scripting XSS vulnerability in the API in Ubuntu Metal as a Service MaaS 1.2 and 1.4 allows remote attackers to inject arbitrary web script or HTML via the op parameter to nodes/...