This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Fedoraproject First view 2013-09-30
Product Fedora Last view 2020-02-17
Version 20 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:fedoraproject:fedora

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
9.8 2020-02-17 CVE-2014-8089

SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.

7.5 2020-02-05 CVE-2010-5304

A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client.

7.5 2020-01-28 CVE-2014-2581

Smb4K before 1.1.1 allows remote attackers to obtain credentials via vectors related to the cuid option in the "Additional options" line edit.

5.9 2020-01-28 CVE-2013-0294

packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack.

9.8 2020-01-24 CVE-2014-4172

A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java.

4.3 2019-12-03 CVE-2013-4411

Review Board: URL processing gives unauthorized users access to review lists

7.5 2019-12-02 CVE-2013-4410

ReviewBoard: has an access-control problem in REST API

7.5 2019-12-02 CVE-2012-4428

openslp: SLPIntersectStringList()' Function has a DoS vulnerability

6.1 2019-11-21 CVE-2015-2793

Cross-site scripting (XSS) vulnerability in templates/openid-selector.tmpl in ikiwiki before 3.20150329 allows remote attackers to inject arbitrary web script or HTML via the openid_identifier parameter in a verify action to ikiwiki.cgi.

5.5 2019-11-18 CVE-2014-5118

Trusted Boot (tboot) before 1.8.2 has a 'loader.c' Security Bypass Vulnerability

7.5 2019-11-15 CVE-2014-0021

Chrony before 1.29.1 has traffic amplification in cmdmon protocol

5.9 2019-11-05 CVE-2013-5123

The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.

9.8 2019-11-04 CVE-2013-4409

An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests.

7.8 2019-11-04 CVE-2013-4251

The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories.

6.5 2018-04-10 CVE-2014-1400

The entity_access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions and read unpublished comments via unspecified vectors.

6.5 2018-04-10 CVE-2014-1399

The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on referenced entities via unspecified vectors.

6.5 2018-04-10 CVE-2014-1398

The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on comment, user and node statistics properties via unspecified vectors.

7.8 2018-03-08 CVE-2014-7272

Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to gain root privileges because code running as root performs write operations within a user home directory, and this user may have created links in advance (exploitation requires the user to win a race condition in the ~/.Xauthority chown case, but not other cases).

7.8 2018-03-08 CVE-2014-7271

Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to log in as user "sddm" without authentication.

9.8 2018-02-01 CVE-2014-3005

XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.

5.5 2018-01-08 CVE-2014-1859

(1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file.

7.5 2017-12-29 CVE-2014-8119

The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions.

6.5 2017-10-10 CVE-2014-9092

libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker.

5.9 2017-09-19 CVE-2015-3420

The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures.

7.5 2017-08-25 CVE-2015-1395

Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
21% (31) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
7% (11) CWE-20 Improper Input Validation
6% (9) CWE-264 Permissions, Privileges, and Access Controls
5% (8) CWE-200 Information Exposure
4% (6) CWE-416 Use After Free
4% (6) CWE-310 Cryptographic Issues
4% (6) CWE-189 Numeric Errors
4% (6) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
3% (5) CWE-399 Resource Management Errors
3% (5) CWE-59 Improper Link Resolution Before File Access ('Link Following')
2% (4) CWE-787 Out-of-bounds Write
2% (4) CWE-476 NULL Pointer Dereference
2% (4) CWE-287 Improper Authentication
2% (4) CWE-125 Out-of-bounds Read
2% (4) CWE-77 Improper Sanitization of Special Elements used in a Command ('Comma...
2% (4) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
2% (3) CWE-362 Race Condition
2% (3) CWE-284 Access Control (Authorization) Issues
2% (3) CWE-17 Code
1% (2) CWE-611 Information Leak Through XML External Entity File Disclosure
1% (2) CWE-522 Insufficiently Protected Credentials
1% (2) CWE-326 Inadequate Encryption Strength
1% (2) CWE-269 Improper Privilege Management
1% (2) CWE-190 Integer Overflow or Wraparound
1% (2) CWE-94 Failure to Control Generation of Code ('Code Injection')

ExploitDB Exploits

id Description
32998 Heartbleed OpenSSL - Information Leak Exploit (2) - DTLS Support
32791 Heartbleed OpenSSL - Information Leak Exploit (1)
32764 OpenSSL 1.0.1f TLS Heartbeat Extension - Memory Disclosure (Multiple SSL/TLS ...
32745 OpenSSL TLS Heartbeat Extension - Memory Disclosure

OpenVAS Exploits

id Description
2014-10-16 Name : POODLE SSLv3 Protocol CBC ciphers Information Disclosure Vulnerability
File : nvt/gb_poodel_sslv3_info_disc_vuln.nasl

Information Assurance Vulnerability Management (IAVM)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2015-A-0154 Multiple Vulnerabilities in Oracle Fusion Middleware
Severity: Category I - VMSKEY: V0061081
2015-A-0113 Multiple Vulnerabilities in Juniper Networks CTPOS
Severity: Category I - VMSKEY: V0060737
2015-B-0012 Multiple Vulnerabilities in VMware ESXi 5.0
Severity: Category I - VMSKEY: V0058517
2015-B-0013 Multiple Vulnerabilities in VMware ESXi 5.1
Severity: Category I - VMSKEY: V0058515
2015-B-0014 Multiple Vulnerabilities in VMware ESXi 5.5
Severity: Category I - VMSKEY: V0058513
2014-B-0103 Multiple Vulnerabilities in VMware Horizon View Client
Severity: Category I - VMSKEY: V0053509
2014-B-0102 Multiple Vulnerabilities in VMware vCenter Converter Standalone 5.5
Severity: Category I - VMSKEY: V0053507
2014-B-0101 Multiple Vulnerabilities in VMware vCenter Converter Standalone 5.1
Severity: Category I - VMSKEY: V0053505
2014-A-0115 Multiple Vulnerabilities in VMware Horizon View
Severity: Category I - VMSKEY: V0053501
2014-B-0097 Multiple Vulnerabilities in VMware ESXi 5.0
Severity: Category I - VMSKEY: V0053319
2014-A-0109 Multiple Vulnerabilities in VMware Fusion
Severity: Category I - VMSKEY: V0053183
2014-B-0095 Multiple Vulnerabilities in Splunk
Severity: Category I - VMSKEY: V0053177
2014-A-0111 Multiple Vulnerabilities in VMware Workstation
Severity: Category I - VMSKEY: V0053179
2014-A-0110 Multiple Vulnerabilities in VMware Player
Severity: Category I - VMSKEY: V0053181
2014-A-0103 Multiple Vulnerabilities in Oracle E-Business
Severity: Category I - VMSKEY: V0053195
2014-B-0088 Multiple Vulnerabilities in VMware ESXi 5.5
Severity: Category I - VMSKEY: V0052911
2014-B-0089 Multiple Vulnerabilities in VMware ESXi 5.1
Severity: Category I - VMSKEY: V0052909
2014-B-0091 Multiple Vulnerabilities in VMware vCenter Update Manager 5.5
Severity: Category I - VMSKEY: V0052907
2014-B-0084 HP Onboard Administrator Information Disclosure Vulnerability
Severity: Category I - VMSKEY: V0052901
2014-B-0085 Multiple Vulnerabilities in HP System Management Homepage (SMH)
Severity: Category I - VMSKEY: V0052899
2014-B-0092 Multiple Vulnerabilities in VMware vSphere Client 5.5
Severity: Category I - VMSKEY: V0052893
2014-A-0089 Multiple Vulnerabilities in Juniper Pulse Secure Access Service (IVE)
Severity: Category I - VMSKEY: V0052805
2014-A-0087 Multiple Vulnerabilities in McAfee ePolicy Orchestrator
Severity: Category I - VMSKEY: V0052637
2014-B-0079 Multiple Vulnerabilities in IBM AIX
Severity: Category I - VMSKEY: V0052641
2014-B-0078 Multiple Vulnerabilities in Blue Coat ProxySG
Severity: Category I - VMSKEY: V0052639

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2020-01-21 OpenSSL SSL ChangeCipherSpec man-in-the-middle attempt
RuleID : 52487 - Type : SERVER-OTHER - Revision : 1
2017-04-12 PowerDNS name compression pointer loop denial of service attempt
RuleID : 41905 - Type : PROTOCOL-DNS - Revision : 1
2017-04-12 PowerDNS name compression pointer loop denial of service attempt
RuleID : 41904 - Type : PROTOCOL-DNS - Revision : 1
2017-04-12 PowerDNS name compression pointer loop denial of service attempt
RuleID : 41903 - Type : PROTOCOL-DNS - Revision : 1
2017-04-12 PowerDNS name compression pointer loop denial of service attempt
RuleID : 41852 - Type : PROTOCOL-DNS - Revision : 2
2014-12-18 SSLv3 CBC client connection attempt
RuleID : 32566 - Type : POLICY-OTHER - Revision : 2
2014-11-19 SSLv3 POODLE CBC padding brute force attempt
RuleID : 32205 - Type : SERVER-OTHER - Revision : 5
2014-11-19 SSLv3 POODLE CBC padding brute force attempt
RuleID : 32204 - Type : SERVER-OTHER - Revision : 5
2014-11-16 OpenSSL TLSv1.2 ChangeCipherSpec man-in-the-middle exploitation attempt
RuleID : 31484 - Type : SERVER-OTHER - Revision : 3
2014-11-16 OpenSSL TLSv1.1 ChangeCipherSpec man-in-the-middle exploitation attempt
RuleID : 31483 - Type : SERVER-OTHER - Revision : 3
2014-11-16 OpenSSL TLSv1.0 ChangeCipherSpec man-in-the-middle exploitation attempt
RuleID : 31482 - Type : SERVER-OTHER - Revision : 3
2014-11-16 OpenSSL SSL ChangeCipherSpec man-in-the-middle exploitation attempt
RuleID : 31481 - Type : SERVER-OTHER - Revision : 3
2014-11-16 OpenSSL TLSv1.2 ChangeCipherSpec man-in-the-middle exploitation attempt
RuleID : 31480 - Type : SERVER-OTHER - Revision : 3
2014-11-16 OpenSSL TLSv1.1 ChangeCipherSpec man-in-the-middle exploitation attempt
RuleID : 31479 - Type : SERVER-OTHER - Revision : 3
2014-11-16 OpenSSL TLSv1.0 ChangeCipherSpec man-in-the-middle exploitation attempt
RuleID : 31478 - Type : SERVER-OTHER - Revision : 3
2014-11-16 OpenSSL SSL ChangeCipherSpec man-in-the-middle exploitation attempt
RuleID : 31477 - Type : SERVER-OTHER - Revision : 3
2014-04-25 OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30788-community - Type : SERVER-OTHER - Revision : 4
2014-05-24 OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30788 - Type : SERVER-OTHER - Revision : 4
2014-04-25 OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30787-community - Type : SERVER-OTHER - Revision : 4
2014-05-24 OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30787 - Type : SERVER-OTHER - Revision : 4
2014-04-25 OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30786-community - Type : SERVER-OTHER - Revision : 4
2014-05-24 OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30786 - Type : SERVER-OTHER - Revision : 4
2014-04-25 OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30785-community - Type : SERVER-OTHER - Revision : 4
2014-05-24 OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30785 - Type : SERVER-OTHER - Revision : 4
2014-04-25 OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30784-community - Type : SERVER-OTHER - Revision : 4

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-04-10 Name: The remote AIX host is missing a security patch.
File: aix_IJ02915.nasl - Type: ACT_GATHER_INFO
2018-04-10 Name: The remote AIX host is missing a security patch.
File: aix_IJ02917.nasl - Type: ACT_GATHER_INFO
2018-04-10 Name: The remote AIX host is missing a security patch.
File: aix_IJ02918.nasl - Type: ACT_GATHER_INFO
2018-04-10 Name: The remote AIX host is missing a security patch.
File: aix_IJ02919.nasl - Type: ACT_GATHER_INFO
2018-04-10 Name: The remote AIX host is missing a security patch.
File: aix_IJ02920.nasl - Type: ACT_GATHER_INFO
2018-04-10 Name: The remote AIX host is missing a security patch.
File: aix_IJ03121.nasl - Type: ACT_GATHER_INFO
2018-04-10 Name: The remote AIX host is missing a security patch.
File: aix_IJ03273.nasl - Type: ACT_GATHER_INFO
2017-12-07 Name: The remote host is potentially affected by an SSL/TLS vulnerability.
File: check_point_gaia_sk103683.nasl - Type: ACT_GATHER_INFO
2017-11-30 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-3114-1.nasl - Type: ACT_GATHER_INFO
2017-10-20 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_b95e5674b4d611e7b8950cc47a494882.nasl - Type: ACT_GATHER_INFO
2017-09-08 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1171.nasl - Type: ACT_GATHER_INFO
2017-09-08 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1172.nasl - Type: ACT_GATHER_INFO
2017-08-25 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2017-1860.nasl - Type: ACT_GATHER_INFO
2017-08-22 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20170801_libtasn1_on_SL7_x.nasl - Type: ACT_GATHER_INFO
2017-08-09 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-1860.nasl - Type: ACT_GATHER_INFO
2017-08-03 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-1860.nasl - Type: ACT_GATHER_INFO
2017-07-27 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-3367-1.nasl - Type: ACT_GATHER_INFO
2017-07-20 Name: The remote database server is affected by multiple vulnerabilities.
File: oracle_rdbms_cpu_jul_2017.nasl - Type: ACT_GATHER_INFO
2017-07-10 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201707-05.nasl - Type: ACT_GATHER_INFO
2017-07-05 Name: The remote Debian host is missing a security update.
File: debian_DLA-1010.nasl - Type: ACT_GATHER_INFO
2017-05-01 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2016-1038.nasl - Type: ACT_GATHER_INFO
2017-04-12 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-459.nasl - Type: ACT_GATHER_INFO
2017-04-03 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2017-0057.nasl - Type: ACT_GATHER_INFO
2017-03-08 Name: The remote web server hosts a job scheduling and management system that is af...
File: jenkins_security_advisory_2017-02-01.nasl - Type: ACT_GATHER_INFO
2017-03-06 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_5ed094a0015011e7ae1b002590263bf5.nasl - Type: ACT_GATHER_INFO