This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Fedoraproject First view 2014-05-21
Product Fedora Last view 2020-02-20
Version 21 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:fedoraproject:fedora

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.5 2020-02-20 CVE-2015-4411

The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service (worker resource consumption) via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410.

7.5 2020-02-20 CVE-2015-4410

The Moped::BSON::ObjecId.legal? method in rubygem-moped before commit dd5a7c14b5d2e466f7875d079af71ad19774609b allows remote attackers to cause a denial of service (worker resource consumption) or perform a cross-site scripting (XSS) attack via a crafted string.

9.8 2020-02-17 CVE-2014-8089

SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.

7.5 2020-02-05 CVE-2010-5304

A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client.

3.5 2020-01-31 CVE-2015-6815

The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.

6.5 2020-01-23 CVE-2015-5745

Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message.

6.5 2020-01-23 CVE-2015-5278

The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.

6.5 2020-01-23 CVE-2015-5239

Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.

6.1 2019-11-21 CVE-2015-2793

Cross-site scripting (XSS) vulnerability in templates/openid-selector.tmpl in ikiwiki before 3.20150329 allows remote attackers to inject arbitrary web script or HTML via the openid_identifier parameter in a verify action to ikiwiki.cgi.

5.9 2019-11-05 CVE-2013-5123

The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.

7.8 2018-03-08 CVE-2014-7272

Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to gain root privileges because code running as root performs write operations within a user home directory, and this user may have created links in advance (exploitation requires the user to win a race condition in the ~/.Xauthority chown case, but not other cases).

7.8 2018-03-08 CVE-2014-7271

Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to log in as user "sddm" without authentication.

7.5 2017-12-29 CVE-2015-8008

The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token.

7.5 2017-12-29 CVE-2014-8119

The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions.

9.8 2017-10-18 CVE-2015-5740

The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers.

9.8 2017-10-18 CVE-2015-5739

The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" instead of "Content-Length."

6.5 2017-10-10 CVE-2014-9092

libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker.

3.1 2017-09-26 CVE-2015-5070

The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.4 and 1.13.x before 1.13.1, when a case-insensitive filesystem is used, allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5069.

4.3 2017-09-26 CVE-2015-5069

The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML.

7.8 2017-09-25 CVE-2015-5704

scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands.

8.8 2017-09-20 CVE-2015-5607

Cross-site request forgery in the REST API in IPython 2 and 3.

5.9 2017-09-19 CVE-2015-3420

The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures.

7.5 2017-09-06 CVE-2015-5705

Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename.

7.5 2017-08-25 CVE-2015-1395

Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.

5.5 2017-08-25 CVE-2014-9637

GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
29% (40) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
9% (13) CWE-20 Improper Input Validation
7% (10) CWE-200 Information Exposure
6% (9) CWE-264 Permissions, Privileges, and Access Controls
5% (8) CWE-399 Resource Management Errors
5% (7) CWE-189 Numeric Errors
3% (5) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
2% (4) CWE-77 Improper Sanitization of Special Elements used in a Command ('Comma...
2% (4) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
2% (3) CWE-476 NULL Pointer Dereference
2% (3) CWE-287 Improper Authentication
2% (3) CWE-284 Access Control (Authorization) Issues
2% (3) CWE-125 Out-of-bounds Read
2% (3) CWE-59 Improper Link Resolution Before File Access ('Link Following')
2% (3) CWE-17 Code
1% (2) CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggli...
1% (2) CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('...
1% (2) CWE-19 Data Handling
0% (1) CWE-704 Incorrect Type Conversion or Cast
0% (1) CWE-611 Information Leak Through XML External Entity File Disclosure
0% (1) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
0% (1) CWE-362 Race Condition
0% (1) CWE-361 Time and State
0% (1) CWE-352 Cross-Site Request Forgery (CSRF)
0% (1) CWE-331 Insufficient Entropy

OpenVAS Exploits

id Description
2014-10-16 Name : POODLE SSLv3 Protocol CBC ciphers Information Disclosure Vulnerability
File : nvt/gb_poodel_sslv3_info_disc_vuln.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0202 Citrix XenServer Information Disclosure Vulnerability
Severity: Category I - VMSKEY: V0061343
2015-A-0199 Multiple Vulnerabilities in Apple Mac OS X
Severity: Category I - VMSKEY: V0061337
2015-A-0154 Multiple Vulnerabilities in Oracle Fusion Middleware
Severity: Category I - VMSKEY: V0061081
2015-B-0014 Multiple Vulnerabilities in VMware ESXi 5.5
Severity: Category I - VMSKEY: V0058513
2015-B-0013 Multiple Vulnerabilities in VMware ESXi 5.1
Severity: Category I - VMSKEY: V0058515
2015-B-0012 Multiple Vulnerabilities in VMware ESXi 5.0
Severity: Category I - VMSKEY: V0058517
2014-B-0060 Multiple Vulnerabilities in Google Chrome
Severity: Category I - VMSKEY: V0050897

Snort® IPS/IDS

Date Description
2017-04-12 PowerDNS name compression pointer loop denial of service attempt
RuleID : 41905 - Type : PROTOCOL-DNS - Revision : 1
2017-04-12 PowerDNS name compression pointer loop denial of service attempt
RuleID : 41904 - Type : PROTOCOL-DNS - Revision : 1
2017-04-12 PowerDNS name compression pointer loop denial of service attempt
RuleID : 41903 - Type : PROTOCOL-DNS - Revision : 1
2017-04-12 cURL and libcurl set-cookie remote code execution attempt
RuleID : 41853 - Type : OS-LINUX - Revision : 4
2017-04-12 PowerDNS name compression pointer loop denial of service attempt
RuleID : 41852 - Type : PROTOCOL-DNS - Revision : 2
2015-09-24 gnuTLS _asn1_extract_der_octet memory error inbound malicious client dos attempt
RuleID : 35766 - Type : SERVER-OTHER - Revision : 3
2015-09-24 gnuTLS _asn1_extract_der_octet memory error inbound malicious client dos attempt
RuleID : 35765 - Type : SERVER-OTHER - Revision : 3
2015-09-24 gnuTLS _asn1_extract_der_octet memory error inbound malicious server dos attempt
RuleID : 35764 - Type : SERVER-OTHER - Revision : 3
2015-09-24 gnuTLS _asn1_extract_der_octet memory error inbound malicious server dos attempt
RuleID : 35763 - Type : SERVER-OTHER - Revision : 3
2014-12-18 SSLv3 CBC client connection attempt
RuleID : 32566 - Type : POLICY-OTHER - Revision : 2
2014-11-19 SSLv3 POODLE CBC padding brute force attempt
RuleID : 32205 - Type : SERVER-OTHER - Revision : 5
2014-11-19 SSLv3 POODLE CBC padding brute force attempt
RuleID : 32204 - Type : SERVER-OTHER - Revision : 5

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-05-01 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2018-120-01.nasl - Type: ACT_GATHER_INFO
2018-01-03 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL17114.nasl - Type: ACT_GATHER_INFO
2017-12-07 Name: The remote host is potentially affected by an SSL/TLS vulnerability.
File: check_point_gaia_sk103683.nasl - Type: ACT_GATHER_INFO
2017-11-27 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-3492-1.nasl - Type: ACT_GATHER_INFO
2017-10-20 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_b95e5674b4d611e7b8950cc47a494882.nasl - Type: ACT_GATHER_INFO
2017-10-02 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201602-03.nasl - Type: ACT_GATHER_INFO
2017-09-08 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1171.nasl - Type: ACT_GATHER_INFO
2017-09-08 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1172.nasl - Type: ACT_GATHER_INFO
2017-09-08 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1179.nasl - Type: ACT_GATHER_INFO
2017-09-08 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1180.nasl - Type: ACT_GATHER_INFO
2017-08-31 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2300-1.nasl - Type: ACT_GATHER_INFO
2017-08-25 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2017-1860.nasl - Type: ACT_GATHER_INFO
2017-08-25 Name: The remote CentOS host is missing a security update.
File: centos_RHSA-2017-1871.nasl - Type: ACT_GATHER_INFO
2017-08-22 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20170801_libtasn1_on_SL7_x.nasl - Type: ACT_GATHER_INFO
2017-08-22 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20170801_tcpdump_on_SL7_x.nasl - Type: ACT_GATHER_INFO
2017-08-09 Name: The remote AIX host has a version of NTP installed that is affected by multip...
File: aix_ntp_v3_advisory4.nasl - Type: ACT_GATHER_INFO
2017-08-09 Name: The remote AIX host has a version of NTP installed that is affected by multip...
File: aix_ntp_v4_advisory4.nasl - Type: ACT_GATHER_INFO
2017-08-09 Name: The remote AIX host has a version of NTP installed that is affected by a data...
File: aix_ntp_v4_advisory5.nasl - Type: ACT_GATHER_INFO
2017-08-09 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-1860.nasl - Type: ACT_GATHER_INFO
2017-08-09 Name: The remote Oracle Linux host is missing a security update.
File: oraclelinux_ELSA-2017-1871.nasl - Type: ACT_GATHER_INFO
2017-08-03 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-1860.nasl - Type: ACT_GATHER_INFO
2017-08-03 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-1871.nasl - Type: ACT_GATHER_INFO
2017-07-31 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2017-209-01.nasl - Type: ACT_GATHER_INFO
2017-07-27 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-3367-1.nasl - Type: ACT_GATHER_INFO
2017-07-20 Name: The remote database server is affected by multiple vulnerabilities.
File: oracle_rdbms_cpu_jul_2017.nasl - Type: ACT_GATHER_INFO