Summary
| Detail | |||
|---|---|---|---|
| Vendor | Fedoraproject | First view | 2017-03-09 |
| Product | Fedora | Last view | 2020-12-08 |
| Version | 31 | Type | Os |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:o:fedoraproject:fedora | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 3.3 | 2020-12-08 | CVE-2020-27818 | A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability. |
| 6.5 | 2020-11-03 | CVE-2020-6557 | Inappropriate implementation in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. |
| 8.8 | 2020-11-03 | CVE-2020-16003 | Use after free in printing in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| 8.8 | 2020-11-03 | CVE-2020-16002 | Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. |
| 8.8 | 2020-11-03 | CVE-2020-16001 | Use after free in media in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| 8.8 | 2020-11-03 | CVE-2020-16000 | Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| 6.5 | 2020-11-03 | CVE-2020-15999 | Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| 8.8 | 2020-11-03 | CVE-2020-15992 | Insufficient policy enforcement in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. |
| 8.8 | 2020-11-03 | CVE-2020-15991 | Use after free in password manager in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. |
| 8.8 | 2020-11-03 | CVE-2020-15990 | Use after free in autofill in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. |
| 5.5 | 2020-11-03 | CVE-2020-15989 | Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. |
| 8.8 | 2020-11-03 | CVE-2020-15987 | Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC stream. |
| 6.5 | 2020-11-03 | CVE-2020-15986 | Integer overflow in media in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| 6.5 | 2020-11-03 | CVE-2020-15985 | Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to spoof security UI via a crafted HTML page. |
| 7.8 | 2020-11-03 | CVE-2020-15983 | Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0.4240.75 allowed a local attacker to bypass content security policy via a crafted HTML page. |
| 6.5 | 2020-11-03 | CVE-2020-15982 | Inappropriate implementation in cache in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. |
| 6.5 | 2020-11-03 | CVE-2020-15981 | Out of bounds read in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. |
| 8.8 | 2020-11-03 | CVE-2020-15979 | Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| 8.8 | 2020-11-03 | CVE-2020-15975 | Integer overflow in SwiftShader in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| 8.8 | 2020-11-03 | CVE-2020-15974 | Integer overflow in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to bypass site isolation via a crafted HTML page. |
| 6.5 | 2020-11-03 | CVE-2020-15973 | Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension. |
| 8.8 | 2020-11-03 | CVE-2020-15972 | Use after free in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| 8.8 | 2020-11-03 | CVE-2020-15971 | Use after free in printing in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. |
| 8.8 | 2020-11-03 | CVE-2020-15970 | Use after free in NFC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. |
| 8.8 | 2020-11-03 | CVE-2020-15969 | Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 15% (53) | CWE-787 | Out-of-bounds Write |
| 11% (42) | CWE-125 | Out-of-bounds Read |
| 11% (39) | CWE-416 | Use After Free |
| 6% (22) | CWE-401 | Failure to Release Memory Before Removing Last Reference ('Memory L... |
| 3% (13) | CWE-190 | Integer Overflow or Wraparound |
| 3% (12) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 3% (11) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
| 3% (11) | CWE-20 | Improper Input Validation |
| 2% (9) | CWE-276 | Incorrect Default Permissions |
| 2% (8) | CWE-476 | NULL Pointer Dereference |
| 2% (8) | CWE-200 | Information Exposure |
| 1% (6) | CWE-502 | Deserialization of Untrusted Data |
| 1% (6) | CWE-444 | Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggli... |
| 1% (6) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
| 1% (6) | CWE-362 | Race Condition |
| 1% (5) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 1% (4) | CWE-674 | Uncontrolled Recursion |
| 1% (4) | CWE-327 | Use of a Broken or Risky Cryptographic Algorithm |
| 1% (4) | CWE-295 | Certificate Issues |
| 1% (4) | CWE-203 | Information Exposure Through Discrepancy |
| 1% (4) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 1% (4) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
| 0% (3) | CWE-770 | Allocation of Resources Without Limits or Throttling |
| 0% (3) | CWE-668 | Exposure of Resource to Wrong Sphere |
| 0% (3) | CWE-330 | Use of Insufficiently Random Values |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2021-02-02 | Grafana Labs Grafana denial of service attempt RuleID : 56822 - Type : SERVER-WEBAPP - Revision : 3 |
| 2020-12-08 | PyYAML Python object serialization attempt RuleID : 56224 - Type : POLICY-OTHER - Revision : 1 |
| 2020-12-08 | PyYAML Python object serialization attempt RuleID : 56223 - Type : POLICY-OTHER - Revision : 1 |
| 2020-12-01 | Google Chrome PNG in TTF parsing heap overflow attempt RuleID : 56133 - Type : BROWSER-CHROME - Revision : 2 |
| 2020-12-01 | Google Chrome PNG in TTF parsing heap overflow attempt RuleID : 56132 - Type : BROWSER-CHROME - Revision : 2 |
| 2020-12-01 | Google Chrome PNG in TTF parsing heap overflow attempt RuleID : 56131 - Type : BROWSER-CHROME - Revision : 2 |
| 2020-12-01 | Google Chrome PNG in TTF parsing heap overflow attempt RuleID : 56130 - Type : BROWSER-CHROME - Revision : 2 |
| 2020-07-07 | Apache Tomcat FileStore directory traversal attempt RuleID : 54162 - Type : SERVER-WEBAPP - Revision : 1 |
| 2020-04-25 | Horde Groupware Webmail data import PHP code injection attempt RuleID : 53506 - Type : SERVER-WEBAPP - Revision : 1 |
| 2020-04-25 | Horde Groupware Webmail data import PHP code injection attempt RuleID : 53505 - Type : SERVER-WEBAPP - Revision : 3 |
| 2020-03-19 | RabbitMQ X-Reason HTTP header denial-of-service attempt RuleID : 53109 - Type : SERVER-OTHER - Revision : 1 |
| 2020-12-05 | TRUFFLEHUNTER TALOS-2019-0973 attack attempt RuleID : 52571 - Type : FILE-OTHER - Revision : 1 |
| 2020-12-05 | TRUFFLEHUNTER TALOS-2019-0973 attack attempt RuleID : 52570 - Type : FILE-OTHER - Revision : 1 |
| 2019-11-26 | Eclipse Mosquitto MQTT SUBSCRIBE request topic parsing buffer overflow attempt RuleID : 52006 - Type : SERVER-OTHER - Revision : 1 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2019-01-08 | Name: The remote EulerOS host is missing a security update. File: EulerOS_SA-2019-1005.nasl - Type: ACT_GATHER_INFO |
| 2018-12-28 | Name: The remote EulerOS host is missing a security update. File: EulerOS_SA-2018-1444.nasl - Type: ACT_GATHER_INFO |
| 2018-12-17 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2018-3050.nasl - Type: ACT_GATHER_INFO |
| 2018-12-10 | Name: The remote Amazon Linux 2 host is missing a security update. File: al2_ALAS-2018-1120.nasl - Type: ACT_GATHER_INFO |
| 2018-10-31 | Name: The remote Debian host is missing a security update. File: debian_DLA-1560.nasl - Type: ACT_GATHER_INFO |
| 2018-01-16 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4088.nasl - Type: ACT_GATHER_INFO |
| 2017-09-19 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-3418-1.nasl - Type: ACT_GATHER_INFO |
| 2017-09-18 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201709-08.nasl - Type: ACT_GATHER_INFO |
| 2017-09-13 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2017-1024.nasl - Type: ACT_GATHER_INFO |
| 2017-09-07 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2017-2381-1.nasl - Type: ACT_GATHER_INFO |
