This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Fedoraproject First view 2017-03-09
Product Fedora Last view 2020-09-04
Version 31 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:fedoraproject:fedora

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
6.5 2020-09-04 CVE-2020-24977

GNOME project libxml2 v2.9.10 and earlier have a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 8e7c20a1 (20910-GITv2.9.10-103-g8e7c20a1).

6.5 2020-09-02 CVE-2020-15811

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches.

5 2020-08-31 CVE-2020-14364

An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.

3.3 2020-08-03 CVE-2020-16116

In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal.

3.5 2020-07-27 CVE-2020-15103

In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length arguments to a `memcpy`) This has been fixed in 2.2.0. As a workaround, stop using command line arguments /gfx, /gfx-h264 and /network:auto

5.9 2020-07-17 CVE-2020-14928

evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."

10 2020-07-14 CVE-2020-13753

The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal's input buffer, similar to CVE-2017-5226.

7.5 2020-07-07 CVE-2020-10745

A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP. This flaw allows a remote attacker could to cause the Samba server to consume excessive CPU use, resulting in a denial of service. This highest threat from this vulnerability is to system availability.

6.5 2020-07-07 CVE-2020-10730

A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability.

7.5 2020-07-06 CVE-2020-14303

A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash.

6.5 2020-07-06 CVE-2020-10760

A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A Samba LDAP user could use this flaw to crash samba.

7.5 2020-07-02 CVE-2020-15503

LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength.

8.8 2020-06-30 CVE-2020-15049

An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or an uncommon shell whitespace character prefix to the length field-value.

9.8 2020-06-30 CVE-2017-18922

It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.

8.1 2020-06-25 CVE-2020-11538

In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311.

6.5 2020-06-22 CVE-2020-4033

In FreeRDP before version 2.1.2, there is an out of bounds read in RLEDECOMPRESS. All FreeRDP based clients with sessions with color depth < 32 are affected. This is fixed in version 2.1.2.

4.3 2020-06-22 CVE-2020-4032

In FreeRDP before version 2.1.2, there is an integer casting vulnerability in update_recv_secondary_order. All clients with +glyph-cache /relax-order-checks are affected. This is fixed in version 2.1.2.

7.5 2020-06-22 CVE-2020-4031

In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject. All FreeRDP clients using compatibility mode with /relax-order-checks are affected. This is fixed in version 2.1.2.

6.5 2020-06-22 CVE-2020-4030

In FreeRDP before version 2.1.2, there is an out of bounds read in TrioParse. Logging might bypass string length checks due to an integer overflow. This is fixed in version 2.1.2.

5.9 2020-06-18 CVE-2020-14422

Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created.

7.5 2020-06-17 CVE-2019-20839

libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename.

7.5 2020-06-17 CVE-2018-21247

An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function.

5.5 2020-06-15 CVE-2020-0543

Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

3.1 2020-06-12 CVE-2020-4050

In affected versions of WordPress, misuse of the `set-screen-option` filter's return value allows arbitrary user meta fields to be saved. It does require an admin to install a plugin that would misuse the filter. Once installed, it can be leveraged by low privileged users. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).

7.1 2020-06-09 CVE-2020-9843

An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to a cross site scripting attack.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
16% (30) CWE-125 Out-of-bounds Read
10% (19) CWE-416 Use After Free
10% (18) CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory L...
7% (14) CWE-20 Improper Input Validation
5% (10) CWE-787 Out-of-bounds Write
4% (8) CWE-200 Information Exposure
3% (7) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
3% (6) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
2% (5) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
2% (4) CWE-476 NULL Pointer Dereference
2% (4) CWE-190 Integer Overflow or Wraparound
2% (4) CWE-94 Failure to Control Generation of Code ('Code Injection')
2% (4) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
1% (3) CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggli...
1% (3) CWE-362 Race Condition
1% (3) CWE-287 Improper Authentication
1% (3) CWE-269 Improper Privilege Management
1% (2) CWE-776 Unrestricted Recursive Entity References in DTDs ('XML Bomb')
1% (2) CWE-346 Origin Validation Error
1% (2) CWE-327 Use of a Broken or Risky Cryptographic Algorithm
1% (2) CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')
1% (2) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
0% (1) CWE-770 Allocation of Resources Without Limits or Throttling
0% (1) CWE-755 Improper Handling of Exceptional Conditions
0% (1) CWE-682 Incorrect Calculation

Snort® IPS/IDS

Date Description
2020-07-07 Apache Tomcat FileStore directory traversal attempt
RuleID : 54162 - Type : SERVER-WEBAPP - Revision : 1
2020-04-25 Horde Groupware Webmail data import PHP code injection attempt
RuleID : 53506 - Type : SERVER-WEBAPP - Revision : 1
2020-04-25 Horde Groupware Webmail data import PHP code injection attempt
RuleID : 53505 - Type : SERVER-WEBAPP - Revision : 3

Nessus® Vulnerability Scanner

id Description
2018-01-16 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4088.nasl - Type: ACT_GATHER_INFO
2017-09-19 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-3418-1.nasl - Type: ACT_GATHER_INFO
2017-09-18 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201709-08.nasl - Type: ACT_GATHER_INFO
2017-09-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-1024.nasl - Type: ACT_GATHER_INFO
2017-09-07 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2381-1.nasl - Type: ACT_GATHER_INFO