This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Fedoraproject First view 2018-06-18
Product Fedora Last view 2021-02-06
Version 29 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:fedoraproject:fedora

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
5.9 2021-02-06 CVE-2020-14312

A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. In particular, the option `local-service` is not enabled. Running dnsmasq in this manner may inadvertently make it an open resolver accessible from any address on the internet. This flaw allows an attacker to conduct a Distributed Denial of Service (DDoS) against other systems.

9.8 2019-11-16 CVE-2019-19010

Eval injection in the Math plugin of Limnoria (before 2019.11.09) and Supybot (through 2018-05-09) allows remote unprivileged attackers to disclose information or possibly have unspecified other impact via the calc and icalc IRC commands.

8.8 2019-11-15 CVE-2019-14869

A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands.

4.9 2019-11-06 CVE-2019-14847

A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue.

5.4 2019-11-06 CVE-2019-14833

A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for password complexity. This configuration can fail to verify password complexity when non-ASCII characters are used in the password, which could lead to weak passwords being set for samba users, making it vulnerable to dictionary attacks.

6.5 2019-11-06 CVE-2019-10218

A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user.

9.8 2019-10-21 CVE-2019-18218

cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).

7.5 2019-10-03 CVE-2019-15166

lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.

7.5 2019-10-03 CVE-2018-16451

The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN.

7.5 2019-10-03 CVE-2018-16230

The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).

7.5 2019-10-03 CVE-2018-16229

The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().

7.5 2019-10-03 CVE-2018-16228

The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().

7.5 2019-10-03 CVE-2018-16227

The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.

7.5 2019-10-03 CVE-2018-14882

The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.

7.5 2019-10-03 CVE-2018-14881

The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART).

7.5 2019-10-03 CVE-2018-14880

The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().

7 2019-10-03 CVE-2018-14879

The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().

7.5 2019-10-03 CVE-2018-14470

The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().

7.5 2019-10-03 CVE-2018-14469

The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().

7.5 2019-10-03 CVE-2018-14468

The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().

7.5 2019-10-03 CVE-2018-14467

The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP).

7.5 2019-10-03 CVE-2018-14466

The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert().

7.5 2019-10-03 CVE-2018-14465

The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().

7.5 2019-10-03 CVE-2018-14464

The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs().

7.5 2019-10-03 CVE-2018-14463

The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print().

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
23% (41) CWE-125 Out-of-bounds Read
10% (19) CWE-787 Out-of-bounds Write
6% (12) CWE-476 NULL Pointer Dereference
6% (11) CWE-416 Use After Free
6% (11) CWE-20 Improper Input Validation
5% (9) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
2% (5) CWE-287 Improper Authentication
2% (5) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
2% (4) CWE-502 Deserialization of Untrusted Data
2% (4) CWE-362 Race Condition
1% (3) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
1% (3) CWE-346 Origin Validation Error
1% (3) CWE-190 Integer Overflow or Wraparound
1% (3) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
1% (2) CWE-770 Allocation of Resources Without Limits or Throttling
1% (2) CWE-674 Uncontrolled Recursion
1% (2) CWE-617 Reachable Assertion
1% (2) CWE-611 Information Leak Through XML External Entity File Disclosure
1% (2) CWE-330 Use of Insufficiently Random Values
1% (2) CWE-327 Use of a Broken or Risky Cryptographic Algorithm
1% (2) CWE-269 Improper Privilege Management
1% (2) CWE-200 Information Exposure
1% (2) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
0% (1) CWE-776 Unrestricted Recursive Entity References in DTDs ('XML Bomb')
0% (1) CWE-755 Improper Handling of Exceptional Conditions

Snort® IPS/IDS

Date Description
2019-12-03 PostgreSQL SCRAM authentication stack buffer overflow attempt
RuleID : 52039 - Type : SERVER-OTHER - Revision : 1
2019-12-03 PostgreSQL SCRAM authentication stack buffer overflow attempt
RuleID : 52038 - Type : SERVER-OTHER - Revision : 1
2019-07-23 TYPO3 PharStreamWrapper Package directory traversal attempt
RuleID : 50491 - Type : SERVER-WEBAPP - Revision : 1
2019-07-23 TYPO3 PharStreamWrapper Package directory traversal attempt
RuleID : 50490 - Type : SERVER-WEBAPP - Revision : 1
2019-03-19 Multiple products runc arbitrary code execution attempt
RuleID : 49195 - Type : SERVER-OTHER - Revision : 2
2019-03-05 Ghostscript PostScript remote code execution attempt
RuleID : 49086 - Type : FILE-OTHER - Revision : 1
2019-03-05 Ghostscript PostScript remote code execution attempt
RuleID : 49085 - Type : FILE-OTHER - Revision : 1

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-16 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_383931ba181811e992ea448a5b29e8a9.nasl - Type: ACT_GATHER_INFO
2019-01-10 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2019-1140.nasl - Type: ACT_GATHER_INFO
2019-01-07 Name: The remote Fedora host is missing a security update.
File: fedora_2018-5f91054677.nasl - Type: ACT_GATHER_INFO
2019-01-07 Name: The remote Fedora host is missing a security update.
File: fedora_2018-166b220ff1.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-f6b7df660d.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-ca03363d57.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-c3a2174314.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-9dbe983805.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-99ff4c8f80.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-87f2ace20d.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-7eae87ec86.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-060302dc83.nasl - Type: ACT_GATHER_INFO
2018-12-28 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4360.nasl - Type: ACT_GATHER_INFO
2018-12-24 Name: The remote Debian host is missing a security update.
File: debian_DLA-1612.nasl - Type: ACT_GATHER_INFO
2018-12-07 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1108.nasl - Type: ACT_GATHER_INFO
2018-12-01 Name: The remote Debian host is missing a security update.
File: debian_DLA-1601.nasl - Type: ACT_GATHER_INFO
2018-11-30 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4347.nasl - Type: ACT_GATHER_INFO
2018-11-16 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-3041.nasl - Type: ACT_GATHER_INFO
2018-10-17 Name: The remote Debian host is missing a security update.
File: debian_DLA-1547.nasl - Type: ACT_GATHER_INFO
2018-10-01 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4307.nasl - Type: ACT_GATHER_INFO
2018-09-28 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4306.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: The remote Debian host is missing a security update.
File: debian_DLA-1520.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: The remote Debian host is missing a security update.
File: debian_DLA-1519.nasl - Type: ACT_GATHER_INFO
2018-08-31 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-2_0-0086.nasl - Type: ACT_GATHER_INFO
2018-08-31 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-1_0-0178.nasl - Type: ACT_GATHER_INFO