This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Fedoraproject First view 2017-03-23
Product Fedora Last view 2021-12-23
Version 33 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:fedoraproject:fedora

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
4.3 2021-12-23 CVE-2021-3622

A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the _get_children() function, leading to a stack overflow. The highest threat from this vulnerability is to system availability.

5.6 2021-11-23 CVE-2021-3672

A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.

9.8 2021-11-19 CVE-2021-44026

Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params.

6.1 2021-11-19 CVE-2021-44025

Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in handling an attachment's filename extension when displaying a MIME type warning message.

7.2 2021-11-15 CVE-2021-42386

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function

7.2 2021-11-15 CVE-2021-42385

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function

7.2 2021-11-15 CVE-2021-42384

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function

7.2 2021-11-15 CVE-2021-42383

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function

7.2 2021-11-15 CVE-2021-42382

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function

7.2 2021-11-15 CVE-2021-42381

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function

7.2 2021-11-15 CVE-2021-42380

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function

7.2 2021-11-15 CVE-2021-42379

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function

7.2 2021-11-15 CVE-2021-42378

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function

9.8 2021-11-15 CVE-2021-42377

An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input.

5.5 2021-11-15 CVE-2021-42376

A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input.

5.5 2021-11-15 CVE-2021-42375

An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input.

5.3 2021-11-15 CVE-2021-42374

An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that

5.5 2021-11-15 CVE-2021-42373

A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given

7.8 2021-11-05 CVE-2021-3928

vim is vulnerable to Use of Uninitialized Variable

7.8 2021-11-05 CVE-2021-3927

vim is vulnerable to Heap-based Buffer Overflow

6.5 2021-11-03 CVE-2021-27836

An issue was discoverered in in function xls_getWorkSheet in xls.c in libxls 1.6.2, allows attackers to cause a denial of service, via a crafted XLS file.

4.7 2021-11-03 CVE-2020-27820

A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if "unbind" the driver).

8.8 2021-11-02 CVE-2021-37979

heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 allowed a remote attacker who convinced a user to browse to a malicious website to potentially exploit heap corruption via a crafted HTML page.

8.8 2021-11-02 CVE-2021-37978

Heap buffer overflow in Blink in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8 2021-11-02 CVE-2021-37977

Use after free in Garbage Collection in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
17% (149) CWE-416 Use After Free
13% (113) CWE-787 Out-of-bounds Write
5% (49) CWE-125 Out-of-bounds Read
3% (32) CWE-476 NULL Pointer Dereference
3% (31) CWE-190 Integer Overflow or Wraparound
3% (28) CWE-502 Deserialization of Untrusted Data
3% (28) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
3% (28) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
3% (27) CWE-20 Improper Input Validation
2% (22) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
2% (18) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
1% (16) CWE-770 Allocation of Resources Without Limits or Throttling
1% (16) CWE-434 Unrestricted Upload of File with Dangerous Type
1% (13) CWE-617 Reachable Assertion
1% (13) CWE-122 Heap-based Buffer Overflow
1% (12) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
1% (11) CWE-362 Race Condition
1% (11) CWE-269 Improper Privilege Management
1% (10) CWE-295 Certificate Issues
1% (10) CWE-200 Information Exposure
1% (9) CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggli...
1% (9) CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory L...
1% (9) CWE-203 Information Exposure Through Discrepancy
0% (8) CWE-668 Exposure of Resource to Wrong Sphere
0% (8) CWE-287 Improper Authentication

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2021-02-18 TRUFFLEHUNTER TALOS-2021-1238 attack attempt
RuleID : 57135 - Type : BROWSER-WEBKIT - Revision : 1
2021-02-18 TRUFFLEHUNTER TALOS-2021-1238 attack attempt
RuleID : 57134 - Type : BROWSER-WEBKIT - Revision : 1
2021-02-18 TRUFFLEHUNTER TALOS-2021-1229 attack attempt
RuleID : 57046 - Type : BROWSER-WEBKIT - Revision : 1
2021-02-18 TRUFFLEHUNTER TALOS-2021-1229 attack attempt
RuleID : 57045 - Type : BROWSER-WEBKIT - Revision : 1
2021-01-28 TRUFFLEHUNTER TALOS-2021-1226 attack attempt
RuleID : 56995 - Type : FILE-OTHER - Revision : 1
2021-01-28 TRUFFLEHUNTER TALOS-2021-1226 attack attempt
RuleID : 56994 - Type : FILE-OTHER - Revision : 1
2020-12-23 TRUFFLEHUNTER TALOS-2020-1215 attack attempt
RuleID : 56724 - Type : FILE-OTHER - Revision : 1
2020-12-23 TRUFFLEHUNTER TALOS-2020-1215 attack attempt
RuleID : 56723 - Type : FILE-OTHER - Revision : 1
2020-12-08 TRUFFLEHUNTER TALOS-2020-1187 attack attempt
RuleID : 56510 - Type : SERVER-OTHER - Revision : 1
2020-12-08 TRUFFLEHUNTER TALOS-2020-1187 attack attempt
RuleID : 56509 - Type : SERVER-WEBAPP - Revision : 1
2020-12-08 TRUFFLEHUNTER TALOS-2020-1186 attack attempt
RuleID : 56508 - Type : SERVER-OTHER - Revision : 1
2020-12-08 TRUFFLEHUNTER TALOS-2020-1186 attack attempt
RuleID : 56507 - Type : SERVER-WEBAPP - Revision : 1
2020-12-23 Google Chrome Blink Renderer MediaElementEventListener memory corruption attempt
RuleID : 56438 - Type : BROWSER-CHROME - Revision : 1
2020-12-23 Google Chrome Blink Renderer MediaElementEventListener memory corruption attempt
RuleID : 56437 - Type : BROWSER-CHROME - Revision : 1
2020-12-08 TRUFFLEHUNTER TALOS-2020-1188 attack attempt
RuleID : 56308 - Type : SERVER-OTHER - Revision : 1
2020-12-08 TRUFFLEHUNTER TALOS-2020-1188 attack attempt
RuleID : 56307 - Type : SERVER-WEBAPP - Revision : 1
2020-12-08 TRUFFLEHUNTER TALOS-2020-1189 attack attempt
RuleID : 56298 - Type : SERVER-OTHER - Revision : 1
2020-12-08 TRUFFLEHUNTER TALOS-2020-1189 attack attempt
RuleID : 56297 - Type : SERVER-WEBAPP - Revision : 1
2020-12-10 Microsoft Windows malicious Netlogon NetrServerAuthenticate3 request attempt
RuleID : 56290 - Type : OS-WINDOWS - Revision : 6
2020-12-08 TRUFFLEHUNTER TALOS-2020-1185 attack attempt
RuleID : 56275 - Type : SERVER-OTHER - Revision : 1
2020-12-08 PyYAML Python object serialization attempt
RuleID : 56224 - Type : POLICY-OTHER - Revision : 1
2020-12-08 PyYAML Python object serialization attempt
RuleID : 56223 - Type : POLICY-OTHER - Revision : 1
2020-12-08 TRUFFLEHUNTER TALOS-2020-1185 attack attempt
RuleID : 56211 - Type : SERVER-WEBAPP - Revision : 2
2020-11-19 Linux kernel af_packet tpacket_rcv integer overflow attempt
RuleID : 56052 - Type : OS-LINUX - Revision : 1
2020-11-19 Linux kernel af_packet tpacket_rcv integer overflow attempt
RuleID : 56051 - Type : OS-LINUX - Revision : 1

Nessus® Vulnerability Scanner

id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-f73869d61e.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-a2e9bd6eae.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-6a378e32c3.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-18f3eff32b.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-0f5e6e9957.nasl - Type: ACT_GATHER_INFO
2018-12-28 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1417.nasl - Type: ACT_GATHER_INFO
2018-12-10 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4351.nasl - Type: ACT_GATHER_INFO
2018-12-10 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1389.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Fedora host is missing a security update.
File: fedora_2018-daee493feb.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Fedora host is missing a security update.
File: fedora_2018-46b92c9064.nasl - Type: ACT_GATHER_INFO
2018-11-26 Name: The remote Debian host is missing a security update.
File: debian_DLA-1591.nasl - Type: ACT_GATHER_INFO
2018-11-23 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_b036fabaedd811e8b3b700e04c1ea73d.nasl - Type: ACT_GATHER_INFO
2018-11-23 Name: The remote Debian host is missing a security update.
File: debian_DLA-1583.nasl - Type: ACT_GATHER_INFO
2018-11-16 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-3253.nasl - Type: ACT_GATHER_INFO
2018-05-16 Name: The remote Fedora host is missing a security update.
File: fedora_2018-46f48df07d.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-15819d2c37.nasl - Type: ACT_GATHER_INFO
2017-09-20 Name: The remote Fedora host is missing a security update.
File: fedora_2017-769793738f.nasl - Type: ACT_GATHER_INFO
2017-07-26 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-844.nasl - Type: ACT_GATHER_INFO
2017-07-21 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-1916-1.nasl - Type: ACT_GATHER_INFO
2017-07-20 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-1901-1.nasl - Type: ACT_GATHER_INFO
2017-04-06 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-0946-1.nasl - Type: ACT_GATHER_INFO
2017-01-11 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-70.nasl - Type: ACT_GATHER_INFO
2017-01-10 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-0084-1.nasl - Type: ACT_GATHER_INFO
2015-10-28 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_2a4a112a7c1b11e5bd770800275369e2.nasl - Type: ACT_GATHER_INFO