CVE-2015-1320
The SeaMicro provisioning of Ubuntu MAAS logs credentials, including username and password, for the management interface. This issue affects Ubuntu MAAS versions prior to 1.9.2.
Source: CVE-2015-1320
CVE-2015-1320
The SeaMicro provisioning of Ubuntu MAAS logs credentials, including username and password, for the management interface. This issue affects Ubuntu MAAS versions prior to 1.9.2.
Source: CVE-2015-1320
CVE-2015-1326
python-dbusmock before version 0.15.1 AddTemplate() D-Bus method call or DBusTestCase.spawn_server_template() method could be tricked into executing malicious code if an attacker supplies a .pyc file.
Source: CVE-2015-1326
CVE-2015-1327
Content Hub before version 0.0+15.04.20150331-0ubuntu1.0 DBUS API only requires a file path for a content item, it doesn’t actually require the confined app have access to the file to create a transfer. This could allow a malicious application using the DBUS API to export file:///etc/passwd which would then send a copy of that file to another app.
Source: CVE-2015-1327
CVE-2015-1340
LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod() call that races against the stat in the Filepath.Walk() function. A symbolic link created in that window could cause any file on the system to have any mode of the attacker’s choice.
Source: CVE-2015-1340
CVE-2015-1341
Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Appoprt before 2.19.2 function _python_module_path.
Source: CVE-2015-1341
CVE-2014-1428
A vulnerability in generate_filestorage_key of Ubuntu MAAS allows an attacker to brute-force filenames. This issue affects Ubuntu MAAS versions prior to 1.9.2.
Source: CVE-2014-1428
CVE-2019-11452
whatsns 4.0 allows index.php?admin_category/remove.html cid[] SQL injection.
Source: CVE-2019-11452
CVE-2019-11244
In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by –cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). If –cache-dir is specified and pointed at a different location accessible to other users/groups, the written files may be modified by other users/groups and disrupt the kubectl invocation.
Source: CVE-2019-11244
CVE-2019-11243
In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client certificate/key data). In the affected versions, rest.AnonymousClientConfig() did not effectively clear service account credentials loaded using rest.InClusterConfig()
Source: CVE-2019-11243
CVE-2019-11450
whatsns 4.0 allows index.php?question/ajaxadd.html title SQL injection.
Source: CVE-2019-11450