This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Fedoraproject First view 2018-06-18
Product Fedora Last view 2019-11-16
Version 29 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:fedoraproject:fedora

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
9.8 2019-11-16 CVE-2019-19010

Eval injection in the Math plugin of Limnoria (before 2019.11.09) and Supybot (through 2018-05-09) allows remote unprivileged attackers to disclose information or possibly have unspecified other impact via the calc and icalc IRC commands.

8.8 2019-11-15 CVE-2019-14869

A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands.

4.9 2019-11-06 CVE-2019-14847

A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue.

5.4 2019-11-06 CVE-2019-14833

A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for password complexity. This configuration can fail to verify password complexity when non-ASCII characters are used in the password, which could lead to weak passwords being set for samba users, making it vulnerable to dictionary attacks.

6.5 2019-11-06 CVE-2019-10218

A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user.

7.5 2019-10-03 CVE-2019-15166

lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.

7.5 2019-10-03 CVE-2018-16451

The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN.

7.5 2019-10-03 CVE-2018-16230

The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).

7.5 2019-10-03 CVE-2018-16229

The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().

7.5 2019-10-03 CVE-2018-16228

The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().

7.5 2019-10-03 CVE-2018-16227

The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.

7.5 2019-10-03 CVE-2018-14882

The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.

7.5 2019-10-03 CVE-2018-14881

The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART).

7.5 2019-10-03 CVE-2018-14880

The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().

7 2019-10-03 CVE-2018-14879

The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().

7.5 2019-10-03 CVE-2018-14470

The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().

7.5 2019-10-03 CVE-2018-14469

The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().

7.5 2019-10-03 CVE-2018-14468

The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().

7.5 2019-10-03 CVE-2018-14467

The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP).

7.5 2019-10-03 CVE-2018-14466

The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert().

7.5 2019-10-03 CVE-2018-14465

The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().

7.5 2019-10-03 CVE-2018-14464

The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs().

7.5 2019-10-03 CVE-2018-14463

The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print().

7.5 2019-10-03 CVE-2018-14462

The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().

7.5 2019-10-03 CVE-2018-14461

The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
21% (35) CWE-125 Out-of-bounds Read
11% (18) CWE-20 Improper Input Validation
9% (16) CWE-787 Out-of-bounds Write
7% (12) CWE-476 NULL Pointer Dereference
6% (11) CWE-416 Use After Free
6% (10) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
3% (5) CWE-287 Improper Authentication
2% (4) CWE-362 Race Condition
2% (4) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
1% (3) CWE-502 Deserialization of Untrusted Data
1% (3) CWE-190 Integer Overflow or Wraparound
1% (2) CWE-770 Allocation of Resources Without Limits or Throttling
1% (2) CWE-617 Reachable Assertion
1% (2) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
1% (2) CWE-346 Origin Validation Error
1% (2) CWE-327 Use of a Broken or Risky Cryptographic Algorithm
1% (2) CWE-320 Key Management Errors
1% (2) CWE-269 Improper Privilege Management
1% (2) CWE-200 Information Exposure
1% (2) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
0% (1) CWE-776 Unrestricted Recursive Entity References in DTDs ('XML Bomb')
0% (1) CWE-755 Improper Handling of Exceptional Conditions
0% (1) CWE-754 Improper Check for Unusual or Exceptional Conditions
0% (1) CWE-732 Incorrect Permission Assignment for Critical Resource
0% (1) CWE-706 Use of Incorrectly-Resolved Name or Reference

Snort® IPS/IDS

Date Description
2019-12-03 PostgreSQL SCRAM authentication stack buffer overflow attempt
RuleID : 52039 - Type : SERVER-OTHER - Revision : 1
2019-12-03 PostgreSQL SCRAM authentication stack buffer overflow attempt
RuleID : 52038 - Type : SERVER-OTHER - Revision : 1
2019-03-19 Multiple products runc arbitrary code execution attempt
RuleID : 49195 - Type : SERVER-OTHER - Revision : 2
2019-03-05 Ghostscript PostScript remote code execution attempt
RuleID : 49086 - Type : FILE-OTHER - Revision : 1
2019-03-05 Ghostscript PostScript remote code execution attempt
RuleID : 49085 - Type : FILE-OTHER - Revision : 1

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-16 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_383931ba181811e992ea448a5b29e8a9.nasl - Type: ACT_GATHER_INFO
2019-01-10 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2019-1140.nasl - Type: ACT_GATHER_INFO
2019-01-07 Name: The remote Fedora host is missing a security update.
File: fedora_2018-5f91054677.nasl - Type: ACT_GATHER_INFO
2019-01-07 Name: The remote Fedora host is missing a security update.
File: fedora_2018-166b220ff1.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-f6b7df660d.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-ca03363d57.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-c3a2174314.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-9dbe983805.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-99ff4c8f80.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-87f2ace20d.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-7eae87ec86.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-060302dc83.nasl - Type: ACT_GATHER_INFO
2018-12-28 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4360.nasl - Type: ACT_GATHER_INFO
2018-12-24 Name: The remote Debian host is missing a security update.
File: debian_DLA-1612.nasl - Type: ACT_GATHER_INFO
2018-12-07 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1108.nasl - Type: ACT_GATHER_INFO
2018-12-01 Name: The remote Debian host is missing a security update.
File: debian_DLA-1601.nasl - Type: ACT_GATHER_INFO
2018-11-30 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4347.nasl - Type: ACT_GATHER_INFO
2018-11-16 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-3041.nasl - Type: ACT_GATHER_INFO
2018-10-01 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4307.nasl - Type: ACT_GATHER_INFO
2018-09-28 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4306.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: The remote Debian host is missing a security update.
File: debian_DLA-1520.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: The remote Debian host is missing a security update.
File: debian_DLA-1519.nasl - Type: ACT_GATHER_INFO
2018-08-31 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-2_0-0086.nasl - Type: ACT_GATHER_INFO
2018-08-31 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-1_0-0178.nasl - Type: ACT_GATHER_INFO
2018-08-16 Name: The remote Fedora host is missing a security update.
File: fedora_2018-875afebb87.nasl - Type: ACT_GATHER_INFO