This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Fedoraproject First view 2017-03-09
Product Fedora Last view 2020-12-08
Version 31 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:fedoraproject:fedora

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
3.3 2020-12-08 CVE-2020-27818

A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability.
7.5 2020-11-06 CVE-2020-28196

MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.
6.5 2020-11-03 CVE-2020-6557

Inappropriate implementation in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
8.8 2020-11-03 CVE-2020-16003

Use after free in printing in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8 2020-11-03 CVE-2020-16002

Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
8.8 2020-11-03 CVE-2020-16001

Use after free in media in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8 2020-11-03 CVE-2020-16000

Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
6.5 2020-11-03 CVE-2020-15999

Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8 2020-11-03 CVE-2020-15992

Insufficient policy enforcement in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.
8.8 2020-11-03 CVE-2020-15991

Use after free in password manager in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
8.8 2020-11-03 CVE-2020-15990

Use after free in autofill in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
5.5 2020-11-03 CVE-2020-15989

Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
8.8 2020-11-03 CVE-2020-15987

Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC stream.
6.5 2020-11-03 CVE-2020-15986

Integer overflow in media in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
6.5 2020-11-03 CVE-2020-15985

Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to spoof security UI via a crafted HTML page.
7.8 2020-11-03 CVE-2020-15983

Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0.4240.75 allowed a local attacker to bypass content security policy via a crafted HTML page.
6.5 2020-11-03 CVE-2020-15982

Inappropriate implementation in cache in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
6.5 2020-11-03 CVE-2020-15981

Out of bounds read in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
8.8 2020-11-03 CVE-2020-15979

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8 2020-11-03 CVE-2020-15975

Integer overflow in SwiftShader in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8 2020-11-03 CVE-2020-15974

Integer overflow in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.
6.5 2020-11-03 CVE-2020-15973

Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension.
8.8 2020-11-03 CVE-2020-15972

Use after free in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8 2020-11-03 CVE-2020-15971

Use after free in printing in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
8.8 2020-11-03 CVE-2020-15970

Use after free in NFC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
15% (74) CWE-787 Out-of-bounds Write
11% (56) CWE-125 Out-of-bounds Read
10% (48) CWE-416 Use After Free
4% (23) CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory L...
3% (15) CWE-190 Integer Overflow or Wraparound
2% (14) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
2% (13) CWE-362 Race Condition
2% (13) CWE-20 Improper Input Validation
2% (12) CWE-476 NULL Pointer Dereference
2% (12) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
1% (9) CWE-502 Deserialization of Untrusted Data
1% (9) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
1% (9) CWE-276 Incorrect Default Permissions
1% (9) CWE-203 Information Exposure Through Discrepancy
1% (9) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
1% (8) CWE-674 Uncontrolled Recursion
1% (8) CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggli...
1% (8) CWE-200 Information Exposure
1% (7) CWE-78 Improper Sanitization of Special Elements used in an OS Command ('O...
1% (6) CWE-295 Certificate Issues
1% (5) CWE-732 Incorrect Permission Assignment for Critical Resource
1% (5) CWE-327 Use of a Broken or Risky Cryptographic Algorithm
1% (5) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
0% (4) CWE-770 Allocation of Resources Without Limits or Throttling
0% (4) CWE-755 Improper Handling of Exceptional Conditions

SAINT Exploits

Description Link
netkit telnetd nextitem vulnerability More info here

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2021-02-02 Grafana Labs Grafana denial of service attempt
RuleID : 56822 - Type : SERVER-WEBAPP - Revision : 3
2020-12-10 Microsoft Windows malicious Netlogon NetrServerAuthenticate3 request attempt
RuleID : 56290 - Type : OS-WINDOWS - Revision : 6
2020-12-08 PyYAML Python object serialization attempt
RuleID : 56224 - Type : POLICY-OTHER - Revision : 1
2020-12-08 PyYAML Python object serialization attempt
RuleID : 56223 - Type : POLICY-OTHER - Revision : 1
2020-12-01 Google Chrome PNG in TTF parsing heap overflow attempt
RuleID : 56133 - Type : BROWSER-CHROME - Revision : 2
2020-12-01 Google Chrome PNG in TTF parsing heap overflow attempt
RuleID : 56132 - Type : BROWSER-CHROME - Revision : 2
2020-12-01 Google Chrome PNG in TTF parsing heap overflow attempt
RuleID : 56131 - Type : BROWSER-CHROME - Revision : 2
2020-12-01 Google Chrome PNG in TTF parsing heap overflow attempt
RuleID : 56130 - Type : BROWSER-CHROME - Revision : 2
2020-10-22 Microsoft Windows NetrServerReqChallenge RPC transport sign and seal disablin...
RuleID : 55802 - Type : OS-WINDOWS - Revision : 1
2020-10-20 Microsoft Windows Netlogon crafted NetrServerAuthenticate elevation of privil...
RuleID : 55704 - Type : OS-WINDOWS - Revision : 2
2020-10-20 Microsoft Windows Netlogon crafted NetrServerReqChallenge elevation of privil...
RuleID : 55703 - Type : OS-WINDOWS - Revision : 2
2020-09-02 Google Chrome ReadableStream out of bounds read attempt
RuleID : 54623 - Type : BROWSER-CHROME - Revision : 1
2020-09-02 Google Chrome ReadableStream out of bounds read attempt
RuleID : 54622 - Type : BROWSER-CHROME - Revision : 1
2020-07-29 netkit-telnet server memory corruption attempt
RuleID : 54389 - Type : PROTOCOL-TELNET - Revision : 1
2020-07-07 Apache Tomcat FileStore directory traversal attempt
RuleID : 54162 - Type : SERVER-WEBAPP - Revision : 1
2020-04-25 Horde Groupware Webmail data import PHP code injection attempt
RuleID : 53506 - Type : SERVER-WEBAPP - Revision : 1
2020-04-25 Horde Groupware Webmail data import PHP code injection attempt
RuleID : 53505 - Type : SERVER-WEBAPP - Revision : 3
2020-03-31 Google Chrome V8 Turbofan Array pop type confusion attempt
RuleID : 53343 - Type : BROWSER-CHROME - Revision : 1
2020-03-31 Google Chrome V8 Turbofan Array pop type confusion attempt
RuleID : 53342 - Type : BROWSER-CHROME - Revision : 1
2020-02-26 Apache Tomcat AJP connector arbitrary file access attempt
RuleID : 53341-community - Type : SERVER-APACHE - Revision : 2
2020-03-31 Apache Tomcat AJP connector arbitrary file access attempt
RuleID : 53341 - Type : SERVER-APACHE - Revision : 2
2020-03-19 RabbitMQ X-Reason HTTP header denial-of-service attempt
RuleID : 53109 - Type : SERVER-OTHER - Revision : 1
2020-12-05 TRUFFLEHUNTER TALOS-2020-0985 attack attempt
RuleID : 53045 - Type : SERVER-WEBAPP - Revision : 1
2020-12-05 TRUFFLEHUNTER TALOS-2020-0984 attack attempt
RuleID : 53044 - Type : SERVER-WEBAPP - Revision : 1
2020-12-05 TRUFFLEHUNTER TALOS-2019-0973 attack attempt
RuleID : 52571 - Type : FILE-OTHER - Revision : 1

Nessus® Vulnerability Scanner

id Description
2019-01-08 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2019-1005.nasl - Type: ACT_GATHER_INFO
2018-12-28 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1444.nasl - Type: ACT_GATHER_INFO
2018-12-17 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-3050.nasl - Type: ACT_GATHER_INFO
2018-12-10 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1120.nasl - Type: ACT_GATHER_INFO
2018-10-31 Name: The remote Debian host is missing a security update.
File: debian_DLA-1560.nasl - Type: ACT_GATHER_INFO
2018-01-16 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4088.nasl - Type: ACT_GATHER_INFO
2017-09-19 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-3418-1.nasl - Type: ACT_GATHER_INFO
2017-09-18 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201709-08.nasl - Type: ACT_GATHER_INFO
2017-09-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-1024.nasl - Type: ACT_GATHER_INFO
2017-09-07 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2381-1.nasl - Type: ACT_GATHER_INFO