This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Fedoraproject First view 2015-06-17
Product Fedora Last view 2019-11-06
Version 24 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:fedoraproject:fedora

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
6.1 2019-11-06 CVE-2016-1000037

Pagure: XSS possible in file attachment endpoint

9.8 2019-11-04 CVE-2015-8980

The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code.

7.5 2017-12-05 CVE-2016-1254

Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor.

8.8 2017-08-23 CVE-2017-11610

The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups.

5.5 2017-08-02 CVE-2015-5203

Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

5.5 2017-07-25 CVE-2015-5221

Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

7.5 2017-06-27 CVE-2016-6342

elog 3.1.1 allows remote attackers to post data as any username in the logbook.

7.5 2017-06-13 CVE-2016-5391

libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart).

7.5 2017-06-13 CVE-2016-3704

Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords.

5.5 2017-06-13 CVE-2016-3696

The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key.

5.5 2017-06-08 CVE-2016-3095

server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local users to read the generated private key.

9.8 2017-06-06 CVE-2016-9961

game-music-emu before 0.6.1 mishandles unspecified integer values.

5.5 2017-06-06 CVE-2016-9960

game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash).

8.8 2017-06-01 CVE-2017-8386

git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.

9.8 2017-05-23 CVE-2016-5178

Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors.

8.8 2017-05-23 CVE-2016-5177

Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors.

9.8 2017-04-21 CVE-2016-2173

org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code.

7.8 2017-04-14 CVE-2016-6299

The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file.

5.5 2017-03-28 CVE-2016-8884

The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690.

7.5 2017-03-27 CVE-2016-9243

HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size.

5.5 2017-03-23 CVE-2016-8887

The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference).

5.9 2017-03-23 CVE-2016-6225

xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6394.

5.5 2017-03-15 CVE-2017-5849

tiffttopnm in netpbm 10.47.63 does not properly use the libtiff TIFFRGBAImageGet function, which allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted tiff image file, related to transposing width and height values.

7.5 2017-03-03 CVE-2016-7972

The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors.

7.5 2017-03-03 CVE-2016-7970

Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors.

CWE : Common Weakness Enumeration

%idName
15% (17) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
14% (16) CWE-20 Improper Input Validation
9% (10) CWE-284 Access Control (Authorization) Issues
8% (9) CWE-190 Integer Overflow or Wraparound
7% (8) CWE-200 Information Exposure
6% (7) CWE-787 Out-of-bounds Write
6% (7) CWE-125 Out-of-bounds Read
4% (5) CWE-476 NULL Pointer Dereference
3% (4) CWE-264 Permissions, Privileges, and Access Controls
3% (4) CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('...
2% (3) CWE-416 Use After Free
2% (3) CWE-399 Resource Management Errors
2% (3) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
1% (2) CWE-415 Double Free
1% (2) CWE-369 Divide By Zero
0% (1) CWE-798 Use of Hard-coded Credentials
0% (1) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
0% (1) CWE-326 Inadequate Encryption Strength
0% (1) CWE-310 Cryptographic Issues
0% (1) CWE-276 Incorrect Default Permissions
0% (1) CWE-275 Permission Issues
0% (1) CWE-255 Credentials Management
0% (1) CWE-189 Numeric Errors
0% (1) CWE-134 Uncontrolled Format String
0% (1) CWE-59 Improper Link Resolution Before File Access ('Link Following')

Snort® IPS/IDS

Date Description
2017-11-07 Supervisord remote code execution attempt
RuleID : 44483 - Type : SERVER-OTHER - Revision : 2
2016-07-28 HttpOxy CGI application vulnerability potential man-in-the-middle attempt
RuleID : 39737-community - Type : SERVER-WEBAPP - Revision : 2
2016-08-31 HttpOxy CGI application vulnerability potential man-in-the-middle attempt
RuleID : 39737 - Type : SERVER-WEBAPP - Revision : 2
2016-03-24 7zip HFS+ handling heap buffer overflow attempt
RuleID : 38324 - Type : FILE-OTHER - Revision : 5
2016-03-24 7zip HFS+ handling heap buffer overflow attempt
RuleID : 38323 - Type : FILE-OTHER - Revision : 5

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-924da855e1.nasl - Type: ACT_GATHER_INFO
2018-12-01 Name: The remote Debian host is missing a security update.
File: debian_DLA-1599.nasl - Type: ACT_GATHER_INFO
2018-11-23 Name: The remote Debian host is missing a security update.
File: debian_DLA-1583.nasl - Type: ACT_GATHER_INFO
2018-11-21 Name: The remote EulerOS Virtualization host is missing multiple security updates.
File: EulerOS_SA-2018-1377.nasl - Type: ACT_GATHER_INFO
2018-11-07 Name: The remote Debian host is missing a security update.
File: debian_DLA-1568.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2016-0013.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0003.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0009.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0026.nasl - Type: ACT_GATHER_INFO
2018-06-29 Name: The remote Debian host is missing a security update.
File: debian_DLA-1403.nasl - Type: ACT_GATHER_INFO
2018-06-28 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1168.nasl - Type: ACT_GATHER_INFO
2018-04-10 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201804-10.nasl - Type: ACT_GATHER_INFO
2018-03-21 Name: The remote Fedora host is missing a security update.
File: fedora_2018-4fb7cdd27f.nasl - Type: ACT_GATHER_INFO
2017-12-28 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL73705133.nasl - Type: ACT_GATHER_INFO
2017-11-03 Name: The remote host is missing a macOS or Mac OS X security update that fixes mul...
File: macosx_SecUpd2017-004.nasl - Type: ACT_GATHER_INFO
2017-11-02 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4013.nasl - Type: ACT_GATHER_INFO
2017-10-04 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_6ed5c5e3a84011e7b5afa4badb2f4699.nasl - Type: ACT_GATHER_INFO
2017-10-04 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-3437-1.nasl - Type: ACT_GATHER_INFO
2017-10-03 Name: The remote host is missing a macOS update that fixes multiple security vulner...
File: macos_10_13.nasl - Type: ACT_GATHER_INFO
2017-09-19 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2522-1.nasl - Type: ACT_GATHER_INFO
2017-09-18 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201709-06.nasl - Type: ACT_GATHER_INFO
2017-09-11 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2017-251-01.nasl - Type: ACT_GATHER_INFO
2017-09-08 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1163.nasl - Type: ACT_GATHER_INFO
2017-09-08 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1164.nasl - Type: ACT_GATHER_INFO
2017-09-08 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1187.nasl - Type: ACT_GATHER_INFO