This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Fedoraproject First view 2017-03-09
Product Fedora Last view 2020-12-08
Version 31 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:fedoraproject:fedora

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
3.3 2020-12-08 CVE-2020-27818

A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability.

8.8 2020-11-03 CVE-2020-16002

Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

5.5 2020-11-03 CVE-2020-15989

Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.

8.8 2020-11-03 CVE-2020-15987

Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC stream.

6.5 2020-11-03 CVE-2020-15986

Integer overflow in media in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

6.5 2020-11-03 CVE-2020-15985

Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to spoof security UI via a crafted HTML page.

7.8 2020-11-03 CVE-2020-15983

Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0.4240.75 allowed a local attacker to bypass content security policy via a crafted HTML page.

6.5 2020-11-03 CVE-2020-15982

Inappropriate implementation in cache in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

6.5 2020-11-03 CVE-2020-15981

Out of bounds read in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

6.5 2020-11-03 CVE-2020-15973

Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension.

8.8 2020-11-03 CVE-2020-15972

Use after free in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8 2020-11-03 CVE-2020-15971

Use after free in printing in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

8.8 2020-11-03 CVE-2020-15970

Use after free in NFC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

8.8 2020-11-03 CVE-2020-15969

Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8 2020-11-03 CVE-2020-15968

Use after free in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8 2020-11-03 CVE-2020-15967

Use after free in payments in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

4.7 2020-10-22 CVE-2020-27675

An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5.

9.8 2020-10-10 CVE-2020-26935

An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query.

6.1 2020-10-10 CVE-2020-26934

phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.

5.3 2020-10-02 CVE-2020-7070

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information.

6.5 2020-10-02 CVE-2020-7069

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data.

8.6 2020-09-30 CVE-2020-26159

In Oniguruma 6.9.5_rev1, an attacker able to supply a regular expression for compilation may be able to overflow a buffer by one byte in concat_opt_exact_str in src/regcomp.c .

6 2020-09-09 CVE-2020-25211

In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.

6.5 2020-09-04 CVE-2020-24977

GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.

6.5 2020-09-02 CVE-2020-15811

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
15% (34) CWE-125 Out-of-bounds Read
12% (27) CWE-416 Use After Free
8% (18) CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory L...
5% (13) CWE-20 Improper Input Validation
5% (12) CWE-787 Out-of-bounds Write
4% (10) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
4% (9) CWE-200 Information Exposure
3% (8) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
2% (6) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
2% (5) CWE-476 NULL Pointer Dereference
2% (5) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
2% (5) CWE-327 Use of a Broken or Risky Cryptographic Algorithm
2% (5) CWE-190 Integer Overflow or Wraparound
1% (4) CWE-362 Race Condition
1% (4) CWE-94 Failure to Control Generation of Code ('Code Injection')
1% (4) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
1% (3) CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggli...
1% (3) CWE-287 Improper Authentication
1% (3) CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')
0% (2) CWE-776 Unrestricted Recursive Entity References in DTDs ('XML Bomb')
0% (2) CWE-770 Allocation of Resources Without Limits or Throttling
0% (2) CWE-755 Improper Handling of Exceptional Conditions
0% (2) CWE-732 Incorrect Permission Assignment for Critical Resource
0% (2) CWE-346 Origin Validation Error
0% (2) CWE-319 Cleartext Transmission of Sensitive Information

Snort® IPS/IDS

Date Description
2020-12-08 PyYAML Python object serialization attempt
RuleID : 56224 - Type : POLICY-OTHER - Revision : 1
2020-12-08 PyYAML Python object serialization attempt
RuleID : 56223 - Type : POLICY-OTHER - Revision : 1
2020-07-07 Apache Tomcat FileStore directory traversal attempt
RuleID : 54162 - Type : SERVER-WEBAPP - Revision : 1
2020-04-25 Horde Groupware Webmail data import PHP code injection attempt
RuleID : 53506 - Type : SERVER-WEBAPP - Revision : 1
2020-04-25 Horde Groupware Webmail data import PHP code injection attempt
RuleID : 53505 - Type : SERVER-WEBAPP - Revision : 3
2020-03-19 RabbitMQ X-Reason HTTP header denial-of-service attempt
RuleID : 53109 - Type : SERVER-OTHER - Revision : 1
2020-12-05 TRUFFLEHUNTER TALOS-2019-0973 attack attempt
RuleID : 52571 - Type : FILE-OTHER - Revision : 1
2020-12-05 TRUFFLEHUNTER TALOS-2019-0973 attack attempt
RuleID : 52570 - Type : FILE-OTHER - Revision : 1

Nessus® Vulnerability Scanner

id Description
2019-01-08 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2019-1005.nasl - Type: ACT_GATHER_INFO
2018-12-28 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1444.nasl - Type: ACT_GATHER_INFO
2018-12-17 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-3050.nasl - Type: ACT_GATHER_INFO
2018-12-10 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1120.nasl - Type: ACT_GATHER_INFO
2018-10-31 Name: The remote Debian host is missing a security update.
File: debian_DLA-1560.nasl - Type: ACT_GATHER_INFO
2018-01-16 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4088.nasl - Type: ACT_GATHER_INFO
2017-09-19 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-3418-1.nasl - Type: ACT_GATHER_INFO
2017-09-18 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201709-08.nasl - Type: ACT_GATHER_INFO
2017-09-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-1024.nasl - Type: ACT_GATHER_INFO
2017-09-07 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2381-1.nasl - Type: ACT_GATHER_INFO