Summary
Detail | |||
---|---|---|---|
Vendor | Fedoraproject | First view | 2017-03-09 |
Product | Fedora | Last view | 2020-12-08 |
Version | 31 | Type | Os |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:o:fedoraproject:fedora |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
3.3 | 2020-12-08 | CVE-2020-27818 | A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability. |
8.8 | 2020-11-03 | CVE-2020-16002 | Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. |
5.5 | 2020-11-03 | CVE-2020-15989 | Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. |
8.8 | 2020-11-03 | CVE-2020-15987 | Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC stream. |
6.5 | 2020-11-03 | CVE-2020-15986 | Integer overflow in media in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
6.5 | 2020-11-03 | CVE-2020-15985 | Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to spoof security UI via a crafted HTML page. |
7.8 | 2020-11-03 | CVE-2020-15983 | Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0.4240.75 allowed a local attacker to bypass content security policy via a crafted HTML page. |
6.5 | 2020-11-03 | CVE-2020-15982 | Inappropriate implementation in cache in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. |
6.5 | 2020-11-03 | CVE-2020-15981 | Out of bounds read in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. |
6.5 | 2020-11-03 | CVE-2020-15973 | Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension. |
8.8 | 2020-11-03 | CVE-2020-15972 | Use after free in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
8.8 | 2020-11-03 | CVE-2020-15971 | Use after free in printing in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. |
8.8 | 2020-11-03 | CVE-2020-15970 | Use after free in NFC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. |
8.8 | 2020-11-03 | CVE-2020-15969 | Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
8.8 | 2020-11-03 | CVE-2020-15968 | Use after free in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
8.8 | 2020-11-03 | CVE-2020-15967 | Use after free in payments in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. |
4.7 | 2020-10-22 | CVE-2020-27675 | An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5. |
9.8 | 2020-10-10 | CVE-2020-26935 | An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query. |
6.1 | 2020-10-10 | CVE-2020-26934 | phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link. |
5.3 | 2020-10-02 | CVE-2020-7070 | In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information. |
6.5 | 2020-10-02 | CVE-2020-7069 | In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data. |
8.6 | 2020-09-30 | CVE-2020-26159 | In Oniguruma 6.9.5_rev1, an attacker able to supply a regular expression for compilation may be able to overflow a buffer by one byte in concat_opt_exact_str in src/regcomp.c . |
6 | 2020-09-09 | CVE-2020-25211 | In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff. |
6.5 | 2020-09-04 | CVE-2020-24977 | GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e. |
6.5 | 2020-09-02 | CVE-2020-15811 | An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
15% (34) | CWE-125 | Out-of-bounds Read |
12% (27) | CWE-416 | Use After Free |
8% (18) | CWE-401 | Failure to Release Memory Before Removing Last Reference ('Memory L... |
5% (13) | CWE-20 | Improper Input Validation |
5% (12) | CWE-787 | Out-of-bounds Write |
4% (10) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
4% (9) | CWE-200 | Information Exposure |
3% (8) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
2% (6) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
2% (5) | CWE-476 | NULL Pointer Dereference |
2% (5) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
2% (5) | CWE-327 | Use of a Broken or Risky Cryptographic Algorithm |
2% (5) | CWE-190 | Integer Overflow or Wraparound |
1% (4) | CWE-362 | Race Condition |
1% (4) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
1% (4) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
1% (3) | CWE-444 | Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggli... |
1% (3) | CWE-287 | Improper Authentication |
1% (3) | CWE-74 | Failure to Sanitize Data into a Different Plane ('Injection') |
0% (2) | CWE-776 | Unrestricted Recursive Entity References in DTDs ('XML Bomb') |
0% (2) | CWE-770 | Allocation of Resources Without Limits or Throttling |
0% (2) | CWE-755 | Improper Handling of Exceptional Conditions |
0% (2) | CWE-732 | Incorrect Permission Assignment for Critical Resource |
0% (2) | CWE-346 | Origin Validation Error |
0% (2) | CWE-319 | Cleartext Transmission of Sensitive Information |
Snort® IPS/IDS
Date | Description |
---|---|
2020-12-08 | PyYAML Python object serialization attempt RuleID : 56224 - Type : POLICY-OTHER - Revision : 1 |
2020-12-08 | PyYAML Python object serialization attempt RuleID : 56223 - Type : POLICY-OTHER - Revision : 1 |
2020-07-07 | Apache Tomcat FileStore directory traversal attempt RuleID : 54162 - Type : SERVER-WEBAPP - Revision : 1 |
2020-04-25 | Horde Groupware Webmail data import PHP code injection attempt RuleID : 53506 - Type : SERVER-WEBAPP - Revision : 1 |
2020-04-25 | Horde Groupware Webmail data import PHP code injection attempt RuleID : 53505 - Type : SERVER-WEBAPP - Revision : 3 |
2020-03-19 | RabbitMQ X-Reason HTTP header denial-of-service attempt RuleID : 53109 - Type : SERVER-OTHER - Revision : 1 |
2020-12-05 | TRUFFLEHUNTER TALOS-2019-0973 attack attempt RuleID : 52571 - Type : FILE-OTHER - Revision : 1 |
2020-12-05 | TRUFFLEHUNTER TALOS-2019-0973 attack attempt RuleID : 52570 - Type : FILE-OTHER - Revision : 1 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2019-01-08 | Name: The remote EulerOS host is missing a security update. File: EulerOS_SA-2019-1005.nasl - Type: ACT_GATHER_INFO |
2018-12-28 | Name: The remote EulerOS host is missing a security update. File: EulerOS_SA-2018-1444.nasl - Type: ACT_GATHER_INFO |
2018-12-17 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2018-3050.nasl - Type: ACT_GATHER_INFO |
2018-12-10 | Name: The remote Amazon Linux 2 host is missing a security update. File: al2_ALAS-2018-1120.nasl - Type: ACT_GATHER_INFO |
2018-10-31 | Name: The remote Debian host is missing a security update. File: debian_DLA-1560.nasl - Type: ACT_GATHER_INFO |
2018-01-16 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4088.nasl - Type: ACT_GATHER_INFO |
2017-09-19 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-3418-1.nasl - Type: ACT_GATHER_INFO |
2017-09-18 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201709-08.nasl - Type: ACT_GATHER_INFO |
2017-09-13 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2017-1024.nasl - Type: ACT_GATHER_INFO |
2017-09-07 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2017-2381-1.nasl - Type: ACT_GATHER_INFO |