This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Fedoraproject First view 2013-06-15
Product Fedora Last view 2020-02-17
Version 19 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:fedoraproject:fedora

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
9.8 2020-02-17 CVE-2014-8089

SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.

7.5 2020-02-06 CVE-2013-4572

The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user.

7.5 2020-02-05 CVE-2010-5304

A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client.

7.5 2020-01-28 CVE-2014-2581

Smb4K before 1.1.1 allows remote attackers to obtain credentials via vectors related to the cuid option in the "Additional options" line edit.

9.8 2020-01-28 CVE-2013-1437

Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value.

5.9 2020-01-28 CVE-2013-0294

packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack.

6.1 2020-01-02 CVE-2013-4752

Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit this vulnerability to inject malicious content into the Web application page and conduct various attacks.

7.5 2019-12-31 CVE-2013-4357

The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service.

7.8 2019-12-31 CVE-2013-4161

gksu-polkit-0.0.3-6.fc18 was reported as fixing the issue in CVE-2012-5617 but the patch was improperly applied and it did not fixed the security issue.

6.1 2019-12-11 CVE-2013-4158

smokeping before 2.6.9 has XSS (incomplete fix for CVE-2012-0790)

9.8 2019-12-10 CVE-2013-2166

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass

4.3 2019-12-03 CVE-2013-4411

Review Board: URL processing gives unauthorized users access to review lists

7.5 2019-12-02 CVE-2013-4410

ReviewBoard: has an access-control problem in REST API

7.8 2019-11-25 CVE-2012-5617

gksu-polkit: permissive PolicyKit policy configuration file allows privilege escalation

5.5 2019-11-18 CVE-2014-5118

Trusted Boot (tboot) before 1.8.2 has a 'loader.c' Security Bypass Vulnerability

7.5 2019-11-15 CVE-2014-0021

Chrony before 1.29.1 has traffic amplification in cmdmon protocol

9.8 2019-11-04 CVE-2013-4409

An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests.

7.8 2019-11-04 CVE-2013-4251

The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories.

8.1 2019-11-01 CVE-2013-4751

php-symfony2-Validator has loss of information during serialization

6.1 2019-11-01 CVE-2013-4168

Cross-site scripting (XSS) vulnerability in SmokePing 2.6.9 in the start and end time fields.

6.5 2018-04-10 CVE-2014-1400

The entity_access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions and read unpublished comments via unspecified vectors.

6.5 2018-04-10 CVE-2014-1399

The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on referenced entities via unspecified vectors.

6.5 2018-04-10 CVE-2014-1398

The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on comment, user and node statistics properties via unspecified vectors.

7.8 2018-02-09 CVE-2014-3219

fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER.

9.8 2018-02-01 CVE-2014-3005

XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
10% (9) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
8% (7) CWE-416 Use After Free
8% (7) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
8% (7) CWE-20 Improper Input Validation
7% (6) CWE-264 Permissions, Privileges, and Access Controls
5% (5) CWE-310 Cryptographic Issues
5% (5) CWE-269 Improper Privilege Management
4% (4) CWE-787 Out-of-bounds Write
3% (3) CWE-326 Inadequate Encryption Strength
3% (3) CWE-284 Access Control (Authorization) Issues
3% (3) CWE-189 Numeric Errors
2% (2) CWE-362 Race Condition
2% (2) CWE-287 Improper Authentication
2% (2) CWE-200 Information Exposure
2% (2) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
2% (2) CWE-94 Failure to Control Generation of Code ('Code Injection')
2% (2) CWE-59 Improper Link Resolution Before File Access ('Link Following')
2% (2) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
1% (1) CWE-611 Information Leak Through XML External Entity File Disclosure
1% (1) CWE-522 Insufficiently Protected Credentials
1% (1) CWE-476 NULL Pointer Dereference
1% (1) CWE-384 Session Fixation
1% (1) CWE-352 Cross-Site Request Forgery (CSRF)
1% (1) CWE-346 Origin Validation Error
1% (1) CWE-330 Use of Insufficiently Random Values

ExploitDB Exploits

id Description
32998 Heartbleed OpenSSL - Information Leak Exploit (2) - DTLS Support
32791 Heartbleed OpenSSL - Information Leak Exploit (1)
32764 OpenSSL 1.0.1f TLS Heartbeat Extension - Memory Disclosure (Multiple SSL/TLS ...
32745 OpenSSL TLS Heartbeat Extension - Memory Disclosure
27778 Samba nttrans Reply - Integer Overflow Vulnerability

OpenVAS Exploits

id Description
2014-10-16 Name : POODLE SSLv3 Protocol CBC ciphers Information Disclosure Vulnerability
File : nvt/gb_poodel_sslv3_info_disc_vuln.nasl

Information Assurance Vulnerability Management (IAVM)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2015-A-0154 Multiple Vulnerabilities in Oracle Fusion Middleware
Severity: Category I - VMSKEY: V0061081
2015-A-0113 Multiple Vulnerabilities in Juniper Networks CTPOS
Severity: Category I - VMSKEY: V0060737
2015-B-0012 Multiple Vulnerabilities in VMware ESXi 5.0
Severity: Category I - VMSKEY: V0058517
2015-B-0013 Multiple Vulnerabilities in VMware ESXi 5.1
Severity: Category I - VMSKEY: V0058515
2015-B-0014 Multiple Vulnerabilities in VMware ESXi 5.5
Severity: Category I - VMSKEY: V0058513
2014-B-0103 Multiple Vulnerabilities in VMware Horizon View Client
Severity: Category I - VMSKEY: V0053509
2014-B-0102 Multiple Vulnerabilities in VMware vCenter Converter Standalone 5.5
Severity: Category I - VMSKEY: V0053507
2014-B-0101 Multiple Vulnerabilities in VMware vCenter Converter Standalone 5.1
Severity: Category I - VMSKEY: V0053505
2014-A-0115 Multiple Vulnerabilities in VMware Horizon View
Severity: Category I - VMSKEY: V0053501
2014-B-0097 Multiple Vulnerabilities in VMware ESXi 5.0
Severity: Category I - VMSKEY: V0053319
2014-A-0110 Multiple Vulnerabilities in VMware Player
Severity: Category I - VMSKEY: V0053181
2014-B-0095 Multiple Vulnerabilities in Splunk
Severity: Category I - VMSKEY: V0053177
2014-A-0111 Multiple Vulnerabilities in VMware Workstation
Severity: Category I - VMSKEY: V0053179
2014-A-0109 Multiple Vulnerabilities in VMware Fusion
Severity: Category I - VMSKEY: V0053183
2014-A-0103 Multiple Vulnerabilities in Oracle E-Business
Severity: Category I - VMSKEY: V0053195
2014-B-0088 Multiple Vulnerabilities in VMware ESXi 5.5
Severity: Category I - VMSKEY: V0052911
2014-B-0089 Multiple Vulnerabilities in VMware ESXi 5.1
Severity: Category I - VMSKEY: V0052909
2014-B-0091 Multiple Vulnerabilities in VMware vCenter Update Manager 5.5
Severity: Category I - VMSKEY: V0052907
2014-B-0084 HP Onboard Administrator Information Disclosure Vulnerability
Severity: Category I - VMSKEY: V0052901
2014-B-0085 Multiple Vulnerabilities in HP System Management Homepage (SMH)
Severity: Category I - VMSKEY: V0052899
2014-B-0092 Multiple Vulnerabilities in VMware vSphere Client 5.5
Severity: Category I - VMSKEY: V0052893
2014-A-0089 Multiple Vulnerabilities in Juniper Pulse Secure Access Service (IVE)
Severity: Category I - VMSKEY: V0052805
2014-B-0080 Multiple Vulnerabilities in Stunnel
Severity: Category I - VMSKEY: V0052627
2014-B-0079 Multiple Vulnerabilities in IBM AIX
Severity: Category I - VMSKEY: V0052641
2014-B-0078 Multiple Vulnerabilities in Blue Coat ProxySG
Severity: Category I - VMSKEY: V0052639

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2020-01-21 OpenSSL SSL ChangeCipherSpec man-in-the-middle attempt
RuleID : 52487 - Type : SERVER-OTHER - Revision : 1
2017-12-19 ISC BIND 9 DNS rdata length handling remote denial of service attempt
RuleID : 44879 - Type : SERVER-OTHER - Revision : 1
2014-12-18 SSLv3 CBC client connection attempt
RuleID : 32566 - Type : POLICY-OTHER - Revision : 2
2014-11-19 SSLv3 POODLE CBC padding brute force attempt
RuleID : 32205 - Type : SERVER-OTHER - Revision : 5
2014-11-19 SSLv3 POODLE CBC padding brute force attempt
RuleID : 32204 - Type : SERVER-OTHER - Revision : 5
2014-11-16 OpenSSL TLSv1.2 ChangeCipherSpec man-in-the-middle exploitation attempt
RuleID : 31484 - Type : SERVER-OTHER - Revision : 3
2014-11-16 OpenSSL TLSv1.1 ChangeCipherSpec man-in-the-middle exploitation attempt
RuleID : 31483 - Type : SERVER-OTHER - Revision : 3
2014-11-16 OpenSSL TLSv1.0 ChangeCipherSpec man-in-the-middle exploitation attempt
RuleID : 31482 - Type : SERVER-OTHER - Revision : 3
2014-11-16 OpenSSL SSL ChangeCipherSpec man-in-the-middle exploitation attempt
RuleID : 31481 - Type : SERVER-OTHER - Revision : 3
2014-11-16 OpenSSL TLSv1.2 ChangeCipherSpec man-in-the-middle exploitation attempt
RuleID : 31480 - Type : SERVER-OTHER - Revision : 3
2014-11-16 OpenSSL TLSv1.1 ChangeCipherSpec man-in-the-middle exploitation attempt
RuleID : 31479 - Type : SERVER-OTHER - Revision : 3
2014-11-16 OpenSSL TLSv1.0 ChangeCipherSpec man-in-the-middle exploitation attempt
RuleID : 31478 - Type : SERVER-OTHER - Revision : 3
2014-11-16 OpenSSL SSL ChangeCipherSpec man-in-the-middle exploitation attempt
RuleID : 31477 - Type : SERVER-OTHER - Revision : 3
2014-04-25 OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30788-community - Type : SERVER-OTHER - Revision : 4
2014-05-24 OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30788 - Type : SERVER-OTHER - Revision : 4
2014-04-25 OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30787-community - Type : SERVER-OTHER - Revision : 4
2014-05-24 OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30787 - Type : SERVER-OTHER - Revision : 4
2014-04-25 OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30786-community - Type : SERVER-OTHER - Revision : 4
2014-05-24 OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30786 - Type : SERVER-OTHER - Revision : 4
2014-04-25 OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30785-community - Type : SERVER-OTHER - Revision : 4
2014-05-24 OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30785 - Type : SERVER-OTHER - Revision : 4
2014-04-25 OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30784-community - Type : SERVER-OTHER - Revision : 4
2014-05-24 OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30784 - Type : SERVER-OTHER - Revision : 4
2014-04-25 OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30783-community - Type : SERVER-OTHER - Revision : 4
2014-05-24 OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30783 - Type : SERVER-OTHER - Revision : 4

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2017-12-07 Name: The remote host is potentially affected by an SSL/TLS vulnerability.
File: check_point_gaia_sk103683.nasl - Type: ACT_GATHER_INFO
2017-11-30 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-3114-1.nasl - Type: ACT_GATHER_INFO
2017-07-27 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-3367-1.nasl - Type: ACT_GATHER_INFO
2017-07-20 Name: The remote database server is affected by multiple vulnerabilities.
File: oracle_rdbms_cpu_jul_2017.nasl - Type: ACT_GATHER_INFO
2017-04-21 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2017-0066.nasl - Type: ACT_GATHER_INFO
2017-04-12 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-459.nasl - Type: ACT_GATHER_INFO
2017-04-03 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2017-0057.nasl - Type: ACT_GATHER_INFO
2017-03-06 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_5ed094a0015011e7ae1b002590263bf5.nasl - Type: ACT_GATHER_INFO
2017-02-13 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201702-05.nasl - Type: ACT_GATHER_INFO
2017-01-13 Name: The remote Debian host is missing a security update.
File: debian_DLA-781.nasl - Type: ACT_GATHER_INFO
2017-01-10 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_03532a19d68e11e6917114dae9d210b8.nasl - Type: ACT_GATHER_INFO
2016-12-08 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201612-24.nasl - Type: ACT_GATHER_INFO
2016-11-23 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-1339.nasl - Type: ACT_GATHER_INFO
2016-09-28 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-2396-1.nasl - Type: ACT_GATHER_INFO
2016-09-26 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201609-02.nasl - Type: ACT_GATHER_INFO
2016-09-19 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-2329-1.nasl - Type: ACT_GATHER_INFO
2016-09-13 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-2285-1.nasl - Type: ACT_GATHER_INFO
2016-07-25 Name: An application installed on the remote host is affected by multiple vulnerabi...
File: oracle_secure_global_desktop_jul_2016_cpu.nasl - Type: ACT_GATHER_INFO
2016-07-21 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201607-11.nasl - Type: ACT_GATHER_INFO
2016-06-27 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201606-11.nasl - Type: ACT_GATHER_INFO
2016-06-27 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201606-12.nasl - Type: ACT_GATHER_INFO
2016-06-17 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-1457-1.nasl - Type: ACT_GATHER_INFO
2016-05-27 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2985-2.nasl - Type: ACT_GATHER_INFO
2016-05-26 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2985-1.nasl - Type: ACT_GATHER_INFO
2016-05-18 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL16716.nasl - Type: ACT_GATHER_INFO