This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Fedoraproject First view 2019-08-01
Product Fedora Last view 2020-06-15
Version 31 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:fedoraproject:fedora

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
5.5 2020-06-15 CVE-2020-0543

Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

3.1 2020-06-12 CVE-2020-4050

In affected versions of WordPress, misuse of the `set-screen-option` filter's return value allows arbitrary user meta fields to be saved. It does require an admin to install a plugin that would misuse the filter. Once installed, it can be leveraged by low privileged users. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).

7.8 2020-06-09 CVE-2020-10757

A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.

4.3 2020-06-08 CVE-2020-10754

It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when creating a new profile. When a user connects to a network using this profile, the authentication does not happen and the connection is made insecurely.

8.6 2020-06-05 CVE-2020-10878

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.

8.2 2020-06-05 CVE-2020-10543

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.

8.2 2020-06-03 CVE-2020-13379

The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid URL objects could be used for DOS'ing Grafana via SegFault.

6.3 2020-05-14 CVE-2020-1945

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.

7.8 2020-05-11 CVE-2020-11866

libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows a use-after-free.

7.8 2020-05-11 CVE-2020-11865

libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows out-of-bounds memory access.

5.5 2020-05-11 CVE-2020-11864

libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 2 of 2).

5.5 2020-05-11 CVE-2020-11863

libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 1 of 2).

6.7 2020-05-09 CVE-2020-12770

An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.

7.5 2020-05-06 CVE-2020-10704

A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from this vulnerability is to system availability. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.

5.3 2020-05-04 CVE-2020-10700

A use-after-free flaw was found in the way samba AD DC LDAP servers, handled 'Paged Results' control is combined with the 'ASQ' control. A malicious user in a samba AD could use this flaw to cause denial of service. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.

7 2020-04-30 CVE-2020-12050

SQLiteODBC 0.9996, as packaged for certain Linux distributions as 0.9996-4, has a race condition leading to root privilege escalation because any user can replace a /tmp/sqliteodbc$$ file with new contents that cause loading of an arbitrary library.

7 2020-04-29 CVE-2020-11884

In the Linux kernel through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur.

9.8 2020-04-27 CVE-2019-18823

HTCondor up to and including stable series 8.8.6 and development series 8.9.4 has Incorrect Access Control. It is possible to use a different authentication method to submit a job than the administrator has specified. If the administrator has configured the READ or WRITE methods to include CLAIMTOBE, then it is possible to impersonate another user to the condor_schedd. (For example to submit or remove jobs)

6.5 2020-04-22 CVE-2020-1983

A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.

7.5 2020-04-21 CVE-2020-11008

Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where _some_ credential is leaked (but the attacker cannot control which one). Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are considered illegal as of the recently published Git versions can cause Git to send a "blank" pattern to helpers, missing hostname and protocol fields. Many helpers will interpret this as matching _any_ URL, and will return some unspecified stored password, leaking the password to an attacker's server. The vulnerability can be triggered by feeding a malicious URL to `git clone`. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The root of the problem is in Git itself, which should not be feeding blank input to helpers. However, the ability to exploit the vulnerability in practice depends on which helpers are in use. Credential helpers which are known to trigger the vulnerability: - Git's "store" helper - Git's "cache" helper - the "osxkeychain" helper that ships in Git's "contrib" directory Credential helpers which are known to be safe even with vulnerable versions of Git: - Git Credential Manager for Windows Any helper not in this list should be assumed to trigger the vulnerability.

8.8 2020-04-17 CVE-2020-11793

A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash).

5.3 2020-03-24 CVE-2020-9359

KDE Okular before 1.10.0 allows code execution via an action link in a PDF document.

9.8 2020-03-24 CVE-2020-1747

A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor.

8.8 2020-03-23 CVE-2020-6449

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8 2020-03-23 CVE-2020-6429

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
17% (23) CWE-125 Out-of-bounds Read
14% (20) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
11% (15) CWE-416 Use After Free
11% (15) CWE-20 Improper Input Validation
5% (7) CWE-200 Information Exposure
4% (6) CWE-787 Out-of-bounds Write
4% (6) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
2% (4) CWE-362 Race Condition
2% (4) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
2% (3) CWE-287 Improper Authentication
2% (3) CWE-269 Improper Privilege Management
2% (3) CWE-190 Integer Overflow or Wraparound
1% (2) CWE-476 NULL Pointer Dereference
1% (2) CWE-94 Failure to Control Generation of Code ('Code Injection')
0% (1) CWE-776 Unrestricted Recursive Entity References in DTDs ('XML Bomb')
0% (1) CWE-770 Allocation of Resources Without Limits or Throttling
0% (1) CWE-668 Exposure of Resource to Wrong Sphere
0% (1) CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
0% (1) CWE-532 Information Leak Through Log Files
0% (1) CWE-522 Insufficiently Protected Credentials
0% (1) CWE-521 Weak Password Requirements
0% (1) CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggli...
0% (1) CWE-369 Divide By Zero
0% (1) CWE-352 Cross-Site Request Forgery (CSRF)
0% (1) CWE-327 Use of a Broken or Risky Cryptographic Algorithm

Snort® IPS/IDS

Date Description
2020-04-25 Horde Groupware Webmail data import PHP code injection attempt
RuleID : 53506 - Type : SERVER-WEBAPP - Revision : 1
2020-04-25 Horde Groupware Webmail data import PHP code injection attempt
RuleID : 53505 - Type : SERVER-WEBAPP - Revision : 3