This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Fedoraproject First view 2015-01-21
Product Fedora Last view 2020-02-19
Version 23 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:fedoraproject:fedora

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
8.8 2020-02-19 CVE-2015-7747

Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) allows user-assisted remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted audio file, as demonstrated by sixteen-stereo-to-eight-mono.c.

3.3 2020-02-06 CVE-2016-1544

nghttp2 before 1.7.1 allows remote attackers to cause a denial of service (memory exhaustion).

3.5 2020-01-31 CVE-2015-6815

The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.

6.5 2020-01-23 CVE-2015-5745

Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message.

6.5 2020-01-23 CVE-2015-5278

The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.

6.5 2020-01-23 CVE-2015-5239

Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.

2.5 2019-11-27 CVE-2016-4980

A password generation weakness exists in xquest through 2016-06-13.

6.1 2019-11-27 CVE-2016-1000110

The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.

7.5 2017-12-29 CVE-2015-8008

The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token.

9.8 2017-10-16 CVE-2015-7687

Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving req_ca_vrfy_smtp and req_ca_vrfy_mta.

5.3 2017-08-24 CVE-2015-5146

ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet.

8.8 2017-08-22 CVE-2015-5258

Cross-site request forgery (CSRF) vulnerability in springframework-social before 1.1.3.

9.8 2017-08-09 CVE-2015-6816

ganglia-web before 3.7.1 allows remote attackers to bypass authentication.

5.5 2017-08-02 CVE-2015-5203

Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

5.5 2017-07-25 CVE-2015-5221

Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

7.5 2017-07-21 CVE-2015-5219

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.

7.5 2017-07-21 CVE-2015-5195

ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation.

7.5 2017-06-13 CVE-2016-5391

libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart).

9.8 2017-04-21 CVE-2016-2173

org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code.

8.1 2017-04-21 CVE-2016-0721

Session fixation vulnerability in pcsd in pcs before 0.9.157.

8.8 2017-04-21 CVE-2016-0720

Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149.

7.8 2017-04-14 CVE-2016-6299

The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file.

7.7 2017-04-13 CVE-2015-8567

Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).

5.3 2017-04-13 CVE-2015-1839

modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.

5.3 2017-04-13 CVE-2015-1838

modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
17% (27) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
12% (20) CWE-20 Improper Input Validation
10% (17) CWE-200 Information Exposure
6% (10) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
5% (9) CWE-284 Access Control (Authorization) Issues
5% (8) CWE-189 Numeric Errors
3% (6) CWE-264 Permissions, Privileges, and Access Controls
3% (5) CWE-476 NULL Pointer Dereference
3% (5) CWE-399 Resource Management Errors
2% (4) CWE-254 Security Features
2% (4) CWE-190 Integer Overflow or Wraparound
2% (4) CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('...
1% (3) CWE-416 Use After Free
1% (3) CWE-125 Out-of-bounds Read
1% (3) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
1% (3) CWE-19 Data Handling
1% (2) CWE-787 Out-of-bounds Write
1% (2) CWE-415 Double Free
1% (2) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
1% (2) CWE-369 Divide By Zero
1% (2) CWE-352 Cross-Site Request Forgery (CSRF)
1% (2) CWE-310 Cryptographic Issues
1% (2) CWE-59 Improper Link Resolution Before File Access ('Link Following')
0% (1) CWE-704 Incorrect Type Conversion or Cast
0% (1) CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

Snort® IPS/IDS

Date Description
2018-05-15 Apache ActiveMQ JMS ObjectMessage deserialization attempt
RuleID : 46304 - Type : SERVER-OTHER - Revision : 2
2016-07-28 HttpOxy CGI application vulnerability potential man-in-the-middle attempt
RuleID : 39737-community - Type : SERVER-WEBAPP - Revision : 2
2016-08-31 HttpOxy CGI application vulnerability potential man-in-the-middle attempt
RuleID : 39737 - Type : SERVER-WEBAPP - Revision : 2
2016-03-24 7zip HFS+ handling heap buffer overflow attempt
RuleID : 38324 - Type : FILE-OTHER - Revision : 5
2016-03-24 7zip HFS+ handling heap buffer overflow attempt
RuleID : 38323 - Type : FILE-OTHER - Revision : 5
2015-10-09 Libgraphite context item handling arbitrary code execution attempt
RuleID : 36388 - Type : FILE-OTHER - Revision : 3
2015-10-09 Libgraphite context item handling arbitrary code execution attempt
RuleID : 36387 - Type : FILE-OTHER - Revision : 3
2015-10-09 SIL LibGraphite BracketPairStack out of bounds access exploit attempt
RuleID : 36386 - Type : FILE-OTHER - Revision : 3
2015-10-09 SIL LibGraphite BracketPairStack out of bounds access exploit attempt
RuleID : 36385 - Type : FILE-OTHER - Revision : 3
2015-09-29 Libgraphite empty feature list denial of service attempt
RuleID : 36228 - Type : FILE-OTHER - Revision : 4
2015-09-29 Libgraphite empty feature list denial of service attempt
RuleID : 36227 - Type : FILE-OTHER - Revision : 4
2015-09-29 Libgraphite empty feature list denial of service attempt
RuleID : 36226 - Type : FILE-OTHER - Revision : 5
2015-09-29 Libgraphite empty feature list denial of service attempt
RuleID : 36225 - Type : FILE-OTHER - Revision : 5
2015-09-29 libgraphite TTF opcode handling out of bounds read attempt
RuleID : 36217 - Type : FILE-OTHER - Revision : 3
2015-09-29 libgraphite TTF opcode handling out of bounds read attempt
RuleID : 36216 - Type : FILE-OTHER - Revision : 3
2015-09-29 Libgraphite LocaLookup out-of-bounds read attempt
RuleID : 36213 - Type : FILE-OTHER - Revision : 6
2015-09-29 Libgraphite LocaLookup out-of-bounds read attempt
RuleID : 36212 - Type : FILE-OTHER - Revision : 6

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-924da855e1.nasl - Type: ACT_GATHER_INFO
2018-12-01 Name: The remote Debian host is missing a security update.
File: debian_DLA-1599.nasl - Type: ACT_GATHER_INFO
2018-11-23 Name: The remote Debian host is missing a security update.
File: debian_DLA-1583.nasl - Type: ACT_GATHER_INFO
2018-11-07 Name: The remote Debian host is missing a security update.
File: debian_DLA-1568.nasl - Type: ACT_GATHER_INFO
2018-10-26 Name: The remote EulerOS Virtualization host is missing multiple security updates.
File: EulerOS_SA-2018-1344.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2016-0011.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2016-0012.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2016-0013.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0003.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0009.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0013.nasl - Type: ACT_GATHER_INFO
2018-06-29 Name: The remote Debian host is missing a security update.
File: debian_DLA-1403.nasl - Type: ACT_GATHER_INFO
2018-04-10 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201804-10.nasl - Type: ACT_GATHER_INFO
2018-03-21 Name: The remote Fedora host is missing a security update.
File: fedora_2018-4fb7cdd27f.nasl - Type: ACT_GATHER_INFO
2018-01-03 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL17114.nasl - Type: ACT_GATHER_INFO
2017-12-28 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL73705133.nasl - Type: ACT_GATHER_INFO
2017-12-26 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL31211252.nasl - Type: ACT_GATHER_INFO
2017-11-03 Name: The remote host is missing a macOS or Mac OS X security update that fixes mul...
File: macosx_SecUpd2017-004.nasl - Type: ACT_GATHER_INFO
2017-11-02 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4013.nasl - Type: ACT_GATHER_INFO
2017-10-18 Name: The remote host is affected by multiple vulnerabilities.
File: oracle_bi_publisher_oct_2017_cpu.nasl - Type: ACT_GATHER_INFO
2017-10-03 Name: The remote host is missing a macOS update that fixes multiple security vulner...
File: macos_10_13.nasl - Type: ACT_GATHER_INFO
2017-09-20 Name: The remote VMware ESXi 6.0 host is affected by multiple vulnerabilities.
File: vmware_esxi_6_0_build_5485776_remote.nasl - Type: ACT_GATHER_INFO
2017-09-19 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2522-1.nasl - Type: ACT_GATHER_INFO
2017-09-11 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1199.nasl - Type: ACT_GATHER_INFO
2017-09-11 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1200.nasl - Type: ACT_GATHER_INFO