This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Fedoraproject First view 2014-05-21
Product Fedora Last view 2020-02-20
Version 22 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:fedoraproject:fedora

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.5 2020-02-20 CVE-2015-4411

The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service (worker resource consumption) via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410.

7.5 2020-02-20 CVE-2015-4410

The Moped::BSON::ObjecId.legal? method in rubygem-moped before commit dd5a7c14b5d2e466f7875d079af71ad19774609b allows remote attackers to cause a denial of service (worker resource consumption) or perform a cross-site scripting (XSS) attack via a crafted string.

3.3 2020-02-06 CVE-2016-1544

nghttp2 before 1.7.1 allows remote attackers to cause a denial of service (memory exhaustion).

3.5 2020-01-31 CVE-2015-6815

The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.

6.5 2020-01-23 CVE-2015-5745

Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message.

6.5 2020-01-23 CVE-2015-5278

The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.

6.5 2020-01-23 CVE-2015-5239

Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.

6.1 2019-11-21 CVE-2015-2793

Cross-site scripting (XSS) vulnerability in templates/openid-selector.tmpl in ikiwiki before 3.20150329 allows remote attackers to inject arbitrary web script or HTML via the openid_identifier parameter in a verify action to ikiwiki.cgi.

7.5 2017-12-29 CVE-2015-8008

The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token.

7.5 2017-12-29 CVE-2014-8119

The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions.

5.5 2017-12-29 CVE-2014-4978

The rs_filter_graph function in librawstudio/rs-filter.c in rawstudio might allow local users to truncate arbitrary files via a symlink attack on (1) /tmp/rs-filter-graph.png or (2) /tmp/rs-filter-graph.

9.8 2017-10-18 CVE-2015-5740

The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers.

9.8 2017-10-18 CVE-2015-5739

The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" instead of "Content-Length."

9.8 2017-10-16 CVE-2015-7687

Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving req_ca_vrfy_smtp and req_ca_vrfy_mta.

3.1 2017-09-26 CVE-2015-5070

The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.4 and 1.13.x before 1.13.1, when a case-insensitive filesystem is used, allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5069.

4.3 2017-09-26 CVE-2015-5069

The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML.

7.8 2017-09-25 CVE-2015-5704

scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands.

8.8 2017-09-20 CVE-2015-5607

Cross-site request forgery in the REST API in IPython 2 and 3.

5.9 2017-09-19 CVE-2015-3420

The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures.

7.5 2017-09-19 CVE-2015-1854

389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call.

7.5 2017-09-06 CVE-2015-5705

Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename.

5.3 2017-08-24 CVE-2015-5146

ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet.

7.5 2017-08-11 CVE-2015-1783

The prefix variable in the get_or_define_ns function in Lasso before commit 6d854cef4211cdcdbc7446c978f23ab859847cdd allows remote attackers to cause a denial of service (uninitialized memory access and application crash) via unspecified vectors.

9.8 2017-08-09 CVE-2015-6816

ganglia-web before 3.7.1 allows remote attackers to bypass authentication.

7.5 2017-07-21 CVE-2015-5300

The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
17% (30) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
16% (29) CWE-200 Information Exposure
13% (23) CWE-20 Improper Input Validation
7% (13) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
6% (11) CWE-189 Numeric Errors
5% (9) CWE-399 Resource Management Errors
5% (9) CWE-264 Permissions, Privileges, and Access Controls
4% (7) CWE-284 Access Control (Authorization) Issues
2% (5) CWE-59 Improper Link Resolution Before File Access ('Link Following')
2% (4) CWE-254 Security Features
1% (3) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
1% (3) CWE-77 Improper Sanitization of Special Elements used in a Command ('Comma...
1% (2) CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggli...
1% (2) CWE-352 Cross-Site Request Forgery (CSRF)
1% (2) CWE-287 Improper Authentication
1% (2) CWE-190 Integer Overflow or Wraparound
1% (2) CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('...
1% (2) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
1% (2) CWE-19 Data Handling
1% (2) CWE-17 Code
0% (1) CWE-704 Incorrect Type Conversion or Cast
0% (1) CWE-416 Use After Free
0% (1) CWE-384 Session Fixation
0% (1) CWE-362 Race Condition
0% (1) CWE-361 Time and State

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0202 Citrix XenServer Information Disclosure Vulnerability
Severity: Category I - VMSKEY: V0061343
2015-A-0199 Multiple Vulnerabilities in Apple Mac OS X
Severity: Category I - VMSKEY: V0061337
2014-B-0060 Multiple Vulnerabilities in Google Chrome
Severity: Category I - VMSKEY: V0050897

Snort® IPS/IDS

Date Description
2018-05-15 Apache ActiveMQ JMS ObjectMessage deserialization attempt
RuleID : 46304 - Type : SERVER-OTHER - Revision : 2
2017-04-12 PowerDNS name compression pointer loop denial of service attempt
RuleID : 41905 - Type : PROTOCOL-DNS - Revision : 1
2017-04-12 PowerDNS name compression pointer loop denial of service attempt
RuleID : 41904 - Type : PROTOCOL-DNS - Revision : 1
2017-04-12 PowerDNS name compression pointer loop denial of service attempt
RuleID : 41903 - Type : PROTOCOL-DNS - Revision : 1
2017-04-12 cURL and libcurl set-cookie remote code execution attempt
RuleID : 41853 - Type : OS-LINUX - Revision : 4
2017-04-12 PowerDNS name compression pointer loop denial of service attempt
RuleID : 41852 - Type : PROTOCOL-DNS - Revision : 2
2015-10-09 Libgraphite context item handling arbitrary code execution attempt
RuleID : 36388 - Type : FILE-OTHER - Revision : 3
2015-10-09 Libgraphite context item handling arbitrary code execution attempt
RuleID : 36387 - Type : FILE-OTHER - Revision : 3
2015-10-09 SIL LibGraphite BracketPairStack out of bounds access exploit attempt
RuleID : 36386 - Type : FILE-OTHER - Revision : 3
2015-10-09 SIL LibGraphite BracketPairStack out of bounds access exploit attempt
RuleID : 36385 - Type : FILE-OTHER - Revision : 3
2015-09-29 Libgraphite empty feature list denial of service attempt
RuleID : 36228 - Type : FILE-OTHER - Revision : 4
2015-09-29 Libgraphite empty feature list denial of service attempt
RuleID : 36227 - Type : FILE-OTHER - Revision : 4
2015-09-29 Libgraphite empty feature list denial of service attempt
RuleID : 36226 - Type : FILE-OTHER - Revision : 5
2015-09-29 Libgraphite empty feature list denial of service attempt
RuleID : 36225 - Type : FILE-OTHER - Revision : 5
2015-09-29 libgraphite TTF opcode handling out of bounds read attempt
RuleID : 36217 - Type : FILE-OTHER - Revision : 3
2015-09-29 libgraphite TTF opcode handling out of bounds read attempt
RuleID : 36216 - Type : FILE-OTHER - Revision : 3
2015-09-29 Libgraphite LocaLookup out-of-bounds read attempt
RuleID : 36213 - Type : FILE-OTHER - Revision : 6
2015-09-29 Libgraphite LocaLookup out-of-bounds read attempt
RuleID : 36212 - Type : FILE-OTHER - Revision : 6
2015-06-17 PHP zip_cdir_new function integer overflow file download attempt
RuleID : 34376 - Type : SERVER-OTHER - Revision : 3
2015-06-17 PHP zip_cdir_new function integer overflow file download attempt
RuleID : 34375 - Type : SERVER-OTHER - Revision : 3
2015-06-17 PHP zip_cdir_new function integer overflow file download attempt
RuleID : 34374 - Type : SERVER-OTHER - Revision : 3
2015-06-17 PHP zip_cdir_new function integer overflow file download attempt
RuleID : 34373 - Type : SERVER-OTHER - Revision : 3
2015-05-28 PHP zip_cdir_new function integer overflow file upload attempt
RuleID : 34239 - Type : SERVER-OTHER - Revision : 4
2015-05-28 PHP zip_cdir_new function integer overflow file upload attempt
RuleID : 34238 - Type : SERVER-OTHER - Revision : 4
2015-04-14 Eclipse Foundation Jetty HttpParser information disclosure attempt
RuleID : 33813 - Type : SERVER-WEBAPP - Revision : 3

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-12-01 Name: The remote Debian host is missing a security update.
File: debian_DLA-1599.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2016-0011.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2016-0013.nasl - Type: ACT_GATHER_INFO
2018-07-16 Name: The remote Debian host is missing a security update.
File: debian_DLA-1428.nasl - Type: ACT_GATHER_INFO
2018-06-28 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1167.nasl - Type: ACT_GATHER_INFO
2018-01-03 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL17114.nasl - Type: ACT_GATHER_INFO
2017-10-20 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_b95e5674b4d611e7b8950cc47a494882.nasl - Type: ACT_GATHER_INFO
2017-10-18 Name: The remote host is affected by multiple vulnerabilities.
File: oracle_bi_publisher_oct_2017_cpu.nasl - Type: ACT_GATHER_INFO
2017-09-19 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2522-1.nasl - Type: ACT_GATHER_INFO
2017-09-08 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1171.nasl - Type: ACT_GATHER_INFO
2017-09-08 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1172.nasl - Type: ACT_GATHER_INFO
2017-09-06 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-1010.nasl - Type: ACT_GATHER_INFO
2017-09-05 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-994.nasl - Type: ACT_GATHER_INFO
2017-08-25 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2017-1860.nasl - Type: ACT_GATHER_INFO
2017-08-22 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20170801_libtasn1_on_SL7_x.nasl - Type: ACT_GATHER_INFO
2017-08-09 Name: The remote AIX host has a version of NTP installed that is affected by multip...
File: aix_ntp_v3_advisory4.nasl - Type: ACT_GATHER_INFO
2017-08-09 Name: The remote AIX host has a version of NTP installed that is affected by multip...
File: aix_ntp_v4_advisory4.nasl - Type: ACT_GATHER_INFO
2017-08-09 Name: The remote AIX host has a version of NTP installed that is affected by a data...
File: aix_ntp_v4_advisory5.nasl - Type: ACT_GATHER_INFO
2017-08-09 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-1860.nasl - Type: ACT_GATHER_INFO
2017-08-03 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-1860.nasl - Type: ACT_GATHER_INFO
2017-07-31 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2017-209-01.nasl - Type: ACT_GATHER_INFO
2017-06-21 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201706-18.nasl - Type: ACT_GATHER_INFO
2017-05-12 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL43267483.nasl - Type: ACT_GATHER_INFO
2017-05-01 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2016-1004.nasl - Type: ACT_GATHER_INFO
2017-05-01 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2016-1005.nasl - Type: ACT_GATHER_INFO