This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Fedoraproject First view 2017-03-23
Product Fedora Last view 2021-05-26
Version 32 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:fedoraproject:fedora

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
5.5 2021-05-26 CVE-2021-20178

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.

5.5 2021-05-26 CVE-2020-25673

A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system.

7.8 2021-05-26 CVE-2020-25671

A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to privilege escalations.

7.8 2021-05-26 CVE-2020-25670

A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations.

7.5 2021-05-25 CVE-2020-25672

A memory leak vulnerability was found in Linux kernel in llcp_sock_connect

5.7 2021-05-20 CVE-2021-3426

There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.

5.5 2021-05-19 CVE-2021-3421

A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha.

5.3 2021-05-18 CVE-2021-3531

A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of availability.

6.5 2021-05-17 CVE-2021-3524

A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. In addition, the prior bug fix for CVE-2020-10753 did not account for the use of \r as a header separator, thus a new flaw has been created.

7.5 2021-05-13 CVE-2021-32920

Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood of SSL/TLS renegotiation requests.

7.5 2021-05-13 CVE-2021-32919

An issue was discovered in Prosody before 0.11.9. The undocumented dialback_without_dialback option in mod_dialback enables an experimental feature for server-to-server authentication. It does not correctly authenticate remote server certificates, allowing a remote server to impersonate another server (when this option is enabled).

5.3 2021-05-13 CVE-2021-32917

An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the local server, allowing unrestricted use of the server's bandwidth.

5.5 2021-05-13 CVE-2020-27824

A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability.

7.8 2021-05-13 CVE-2020-27823

A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

6.5 2021-05-13 CVE-2020-25713

A malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common.

7.5 2021-05-12 CVE-2021-20277

A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability.

7.5 2021-05-12 CVE-2020-27840

A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to system availability.

7.8 2021-05-11 CVE-2021-32606

In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/isotp.c allows privilege escalation to root by leveraging a use-after-free. (This does not affect earlier versions that lack CAN ISOTP SF_BROADCAST support.)

7.8 2021-05-11 CVE-2021-31204

.NET and Visual Studio Elevation of Privilege Vulnerability

5.5 2021-05-06 CVE-2021-31829

kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not protecting the BPF stack area against speculative loads. Also, the BPF stack can contain uninitialized data that might represent sensitive information previously operated on by the kernel.

9.8 2021-05-05 CVE-2021-31800

Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to achieve arbitrary code execution by replacing /etc/shadow or an SSH authorized key.

6.8 2021-05-05 CVE-2021-20254

A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity.

8.8 2021-04-30 CVE-2021-21232

Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8 2021-04-30 CVE-2021-21231

Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8 2021-04-30 CVE-2021-21230

Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
13% (63) CWE-787 Out-of-bounds Write
13% (63) CWE-416 Use After Free
6% (33) CWE-125 Out-of-bounds Read
4% (19) CWE-476 NULL Pointer Dereference
3% (18) CWE-20 Improper Input Validation
3% (16) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
3% (15) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
2% (14) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
2% (14) CWE-200 Information Exposure
2% (13) CWE-190 Integer Overflow or Wraparound
2% (12) CWE-617 Reachable Assertion
2% (10) CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory L...
2% (10) CWE-362 Race Condition
1% (9) CWE-122 Heap-based Buffer Overflow
1% (8) CWE-770 Allocation of Resources Without Limits or Throttling
1% (8) CWE-295 Certificate Issues
1% (8) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
1% (7) CWE-276 Incorrect Default Permissions
1% (7) CWE-269 Improper Privilege Management
1% (7) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
1% (6) CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggli...
1% (6) CWE-287 Improper Authentication
1% (6) CWE-59 Improper Link Resolution Before File Access ('Link Following')
1% (5) CWE-346 Origin Validation Error
1% (5) CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('...

Snort® IPS/IDS

Date Description
2021-01-28 TRUFFLEHUNTER TALOS-2021-1226 attack attempt
RuleID : 56995 - Type : FILE-OTHER - Revision : 1
2021-01-28 TRUFFLEHUNTER TALOS-2021-1226 attack attempt
RuleID : 56994 - Type : FILE-OTHER - Revision : 1
2021-02-02 Grafana Labs Grafana denial of service attempt
RuleID : 56822 - Type : SERVER-WEBAPP - Revision : 3
2020-12-23 TRUFFLEHUNTER TALOS-2020-1215 attack attempt
RuleID : 56724 - Type : FILE-OTHER - Revision : 1
2020-12-23 TRUFFLEHUNTER TALOS-2020-1215 attack attempt
RuleID : 56723 - Type : FILE-OTHER - Revision : 1
2020-12-08 TRUFFLEHUNTER TALOS-2020-1195 attack attempt
RuleID : 56382 - Type : BROWSER-WEBKIT - Revision : 1
2020-12-08 TRUFFLEHUNTER TALOS-2020-1195 attack attempt
RuleID : 56381 - Type : BROWSER-WEBKIT - Revision : 1
2020-12-08 TRUFFLEHUNTER TALOS-2020-1195 attack attempt
RuleID : 56380 - Type : BROWSER-WEBKIT - Revision : 1
2020-12-08 TRUFFLEHUNTER TALOS-2020-1195 attack attempt
RuleID : 56379 - Type : BROWSER-WEBKIT - Revision : 1
2020-12-10 Microsoft Windows malicious Netlogon NetrServerAuthenticate3 request attempt
RuleID : 56290 - Type : OS-WINDOWS - Revision : 6
2020-12-08 PyYAML Python object serialization attempt
RuleID : 56224 - Type : POLICY-OTHER - Revision : 1
2020-12-08 PyYAML Python object serialization attempt
RuleID : 56223 - Type : POLICY-OTHER - Revision : 1
2020-10-22 Microsoft Windows NetrServerReqChallenge RPC transport sign and seal disablin...
RuleID : 55802 - Type : OS-WINDOWS - Revision : 1
2020-10-20 Microsoft Windows Netlogon crafted NetrServerAuthenticate elevation of privil...
RuleID : 55704 - Type : OS-WINDOWS - Revision : 2
2020-10-20 Microsoft Windows Netlogon crafted NetrServerReqChallenge elevation of privil...
RuleID : 55703 - Type : OS-WINDOWS - Revision : 2
2020-07-07 Apache Tomcat FileStore directory traversal attempt
RuleID : 54162 - Type : SERVER-WEBAPP - Revision : 1

Nessus® Vulnerability Scanner

id Description
2019-01-08 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2019-1005.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-6a378e32c3.nasl - Type: ACT_GATHER_INFO
2018-12-28 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1444.nasl - Type: ACT_GATHER_INFO
2018-12-28 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1417.nasl - Type: ACT_GATHER_INFO
2018-12-17 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-3050.nasl - Type: ACT_GATHER_INFO
2018-12-10 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1120.nasl - Type: ACT_GATHER_INFO
2018-12-10 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1389.nasl - Type: ACT_GATHER_INFO
2018-11-23 Name: The remote Debian host is missing a security update.
File: debian_DLA-1583.nasl - Type: ACT_GATHER_INFO
2018-11-16 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-3253.nasl - Type: ACT_GATHER_INFO
2018-10-31 Name: The remote Debian host is missing a security update.
File: debian_DLA-1560.nasl - Type: ACT_GATHER_INFO
2018-05-16 Name: The remote Fedora host is missing a security update.
File: fedora_2018-46f48df07d.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-15819d2c37.nasl - Type: ACT_GATHER_INFO
2017-09-20 Name: The remote Fedora host is missing a security update.
File: fedora_2017-769793738f.nasl - Type: ACT_GATHER_INFO
2017-07-26 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-844.nasl - Type: ACT_GATHER_INFO
2017-07-21 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-1916-1.nasl - Type: ACT_GATHER_INFO
2017-07-20 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-1901-1.nasl - Type: ACT_GATHER_INFO
2017-04-06 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-0946-1.nasl - Type: ACT_GATHER_INFO
2017-01-11 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-70.nasl - Type: ACT_GATHER_INFO
2017-01-10 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-0084-1.nasl - Type: ACT_GATHER_INFO