This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Fedoraproject First view 2017-03-23
Product Fedora Last view 2021-04-07
Version 32 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:fedoraproject:fedora

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
5.5 2021-04-07 CVE-2021-30178

An issue was discovered in the Linux kernel through 5.11.11. synic_get in arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to the SynIC Hyper-V context, aka CID-919f4ebc5987.

7.5 2021-04-06 CVE-2021-29424

The Net::Netmask module before 2.0000 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.

6.5 2021-04-02 CVE-2021-1801

This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy.

6.5 2021-04-02 CVE-2021-1799

A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on arbitrary servers.

8.8 2021-04-02 CVE-2021-1789

A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution.

6.5 2021-04-02 CVE-2021-1765

This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy.

3.3 2021-04-02 CVE-2020-29623

"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing history.

5.5 2021-03-30 CVE-2021-29650

An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.

5.5 2021-03-30 CVE-2021-29649

An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak, related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c, aka CID-f60a85cad677.

5.5 2021-03-30 CVE-2021-29648

An issue was discovered in the Linux kernel before 5.11.11. The BPF subsystem does not properly consider that resolved_ids and resolved_sizes are intentionally uninitialized in the vmlinux BPF Type Format (BTF), which can cause a system crash upon an unexpected access attempt (in map_create in kernel/bpf/syscall.c or check_btf_info in kernel/bpf/verifier.c), aka CID-350a5c4dd245.

5.5 2021-03-30 CVE-2021-29647

An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624.

5.5 2021-03-30 CVE-2021-29646

An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_retrieve_key in net/tipc/node.c does not properly validate certain data sizes, aka CID-0217ed2848e8.

6.7 2021-03-22 CVE-2021-28972

In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\0' termination, aka CID-cc7a0bb058b8.

5.5 2021-03-22 CVE-2021-28971

In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6.

4.7 2021-03-22 CVE-2021-28964

A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc.

7.8 2021-03-20 CVE-2021-28952

An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c0a0f. (This has been fixed in 5.12-rc4.)

5.5 2021-03-20 CVE-2021-28951

An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (deadlock) because exit may be waiting to park a SQPOLL thread, but concurrently that SQPOLL thread is waiting for a signal to start, aka CID-3ebba796fa25.

6 2021-03-20 CVE-2020-27171

An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d.

4.7 2021-03-20 CVE-2020-27170

An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit.

9.8 2021-03-19 CVE-2021-28834

Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated.

5.5 2021-03-19 CVE-2021-27906

A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.

5.5 2021-03-19 CVE-2021-27807

A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.

7.8 2021-03-15 CVE-2021-28375

An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue to CVE-2019-2308.

4.3 2021-03-15 CVE-2021-20283

The web service responsible for fetching other users' enrolled courses did not validate that the requesting user had permission to view that information in each course in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.

5.3 2021-03-15 CVE-2021-20282

When creating a user account, it was possible to verify the account without having access to the verification email link/secret in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
12% (47) CWE-416 Use After Free
11% (41) CWE-787 Out-of-bounds Write
5% (21) CWE-125 Out-of-bounds Read
4% (18) CWE-200 Information Exposure
4% (16) CWE-476 NULL Pointer Dereference
4% (15) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
4% (15) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
3% (13) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
3% (13) CWE-20 Improper Input Validation
2% (11) CWE-617 Reachable Assertion
2% (8) CWE-362 Race Condition
2% (8) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
2% (8) CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')
1% (7) CWE-276 Incorrect Default Permissions
1% (7) CWE-122 Heap-based Buffer Overflow
1% (7) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
1% (6) CWE-770 Allocation of Resources Without Limits or Throttling
1% (6) CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggli...
1% (6) CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory L...
1% (6) CWE-327 Use of a Broken or Risky Cryptographic Algorithm
1% (6) CWE-295 Certificate Issues
1% (6) CWE-269 Improper Privilege Management
1% (5) CWE-287 Improper Authentication
1% (5) CWE-190 Integer Overflow or Wraparound
1% (5) CWE-59 Improper Link Resolution Before File Access ('Link Following')

Snort® IPS/IDS

Date Description
2021-01-28 TRUFFLEHUNTER TALOS-2021-1226 attack attempt
RuleID : 56995 - Type : FILE-OTHER - Revision : 1
2021-01-28 TRUFFLEHUNTER TALOS-2021-1226 attack attempt
RuleID : 56994 - Type : FILE-OTHER - Revision : 1
2021-02-02 Grafana Labs Grafana denial of service attempt
RuleID : 56822 - Type : SERVER-WEBAPP - Revision : 3
2020-12-23 TRUFFLEHUNTER TALOS-2020-1215 attack attempt
RuleID : 56724 - Type : FILE-OTHER - Revision : 1
2020-12-23 TRUFFLEHUNTER TALOS-2020-1215 attack attempt
RuleID : 56723 - Type : FILE-OTHER - Revision : 1
2020-12-08 TRUFFLEHUNTER TALOS-2020-1195 attack attempt
RuleID : 56382 - Type : BROWSER-WEBKIT - Revision : 1
2020-12-08 TRUFFLEHUNTER TALOS-2020-1195 attack attempt
RuleID : 56381 - Type : BROWSER-WEBKIT - Revision : 1
2020-12-08 TRUFFLEHUNTER TALOS-2020-1195 attack attempt
RuleID : 56380 - Type : BROWSER-WEBKIT - Revision : 1
2020-12-08 TRUFFLEHUNTER TALOS-2020-1195 attack attempt
RuleID : 56379 - Type : BROWSER-WEBKIT - Revision : 1
2020-12-10 Microsoft Windows malicious Netlogon NetrServerAuthenticate3 request attempt
RuleID : 56290 - Type : OS-WINDOWS - Revision : 6
2020-12-08 PyYAML Python object serialization attempt
RuleID : 56224 - Type : POLICY-OTHER - Revision : 1
2020-12-08 PyYAML Python object serialization attempt
RuleID : 56223 - Type : POLICY-OTHER - Revision : 1
2020-10-22 Microsoft Windows NetrServerReqChallenge RPC transport sign and seal disablin...
RuleID : 55802 - Type : OS-WINDOWS - Revision : 1
2020-10-20 Microsoft Windows Netlogon crafted NetrServerAuthenticate elevation of privil...
RuleID : 55704 - Type : OS-WINDOWS - Revision : 2
2020-10-20 Microsoft Windows Netlogon crafted NetrServerReqChallenge elevation of privil...
RuleID : 55703 - Type : OS-WINDOWS - Revision : 2
2020-07-07 Apache Tomcat FileStore directory traversal attempt
RuleID : 54162 - Type : SERVER-WEBAPP - Revision : 1

Nessus® Vulnerability Scanner

id Description
2019-01-08 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2019-1005.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-6a378e32c3.nasl - Type: ACT_GATHER_INFO
2018-12-28 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1444.nasl - Type: ACT_GATHER_INFO
2018-12-28 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1417.nasl - Type: ACT_GATHER_INFO
2018-12-17 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-3050.nasl - Type: ACT_GATHER_INFO
2018-12-10 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1120.nasl - Type: ACT_GATHER_INFO
2018-12-10 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1389.nasl - Type: ACT_GATHER_INFO
2018-11-23 Name: The remote Debian host is missing a security update.
File: debian_DLA-1583.nasl - Type: ACT_GATHER_INFO
2018-11-16 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-3253.nasl - Type: ACT_GATHER_INFO
2018-10-31 Name: The remote Debian host is missing a security update.
File: debian_DLA-1560.nasl - Type: ACT_GATHER_INFO
2018-05-16 Name: The remote Fedora host is missing a security update.
File: fedora_2018-46f48df07d.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-15819d2c37.nasl - Type: ACT_GATHER_INFO
2017-09-20 Name: The remote Fedora host is missing a security update.
File: fedora_2017-769793738f.nasl - Type: ACT_GATHER_INFO
2017-07-26 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-844.nasl - Type: ACT_GATHER_INFO
2017-07-21 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-1916-1.nasl - Type: ACT_GATHER_INFO
2017-07-20 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-1901-1.nasl - Type: ACT_GATHER_INFO
2017-04-06 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-0946-1.nasl - Type: ACT_GATHER_INFO
2017-01-11 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-70.nasl - Type: ACT_GATHER_INFO
2017-01-10 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-0084-1.nasl - Type: ACT_GATHER_INFO