This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Fedoraproject First view 2017-03-23
Product Fedora Last view 2021-06-08
Version 33 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:fedoraproject:fedora

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
6.5 2021-06-08 CVE-2021-31807

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent.

5.5 2021-06-08 CVE-2021-26260

An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215.

5.5 2021-06-08 CVE-2021-23215

An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.

8.8 2021-06-08 CVE-2021-23169

A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions before 3.0.1. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR.

5.3 2021-06-07 CVE-2021-33896

Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal (only for creation of new files) via URI-encoded path separators.

8.8 2021-06-02 CVE-2021-32625

Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer (on 32-bit systems ONLY) can be exploited using the `STRALGO LCS` command to corrupt the heap and potentially result with remote code execution. This is a result of an incomplete fix for CVE-2021-29477 which only addresses the problem on 64-bit systems but fails to do that for 32-bit. 64-bit systems are not affected. The problem is fixed in version 6.2.4 and 6.0.14. An additional workaround to mitigate the problem without patching the `redis-server` executable is to use ACL configuration to prevent clients from using the `STRALGO LCS` command.

5.5 2021-06-02 CVE-2021-28678

An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data.

7.5 2021-06-02 CVE-2021-28677

An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use this to perform a DoS of Pillow in the open phase, before an image was accepted for opening.

7.5 2021-06-02 CVE-2021-28676

An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load.

5.5 2021-06-02 CVE-2021-28675

An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load.

9.1 2021-06-02 CVE-2021-25288

An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i.

9.1 2021-06-02 CVE-2021-25287

An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la.

6.7 2021-05-28 CVE-2021-20292

There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel.

8.8 2021-05-28 CVE-2021-20240

A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is loaded. An attacker may cause applications to crash or could potentially execute code on the victim system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

3.3 2021-05-28 CVE-2021-20239

A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. This flaw allows an attacker with a local account to leak information about kernel internal addresses. The highest threat from this vulnerability is to confidentiality.

9.8 2021-05-28 CVE-2021-20236

A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

6 2021-05-28 CVE-2020-35504

A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

7.5 2021-05-28 CVE-2020-25710

A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.

7.8 2021-05-27 CVE-2021-33200

kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit.

5.5 2021-05-27 CVE-2021-30501

An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0. The flow allows attackers to cause a denial of service (abort) via a crafted file.

7.8 2021-05-27 CVE-2021-30500

Null pointer dereference was found in upx PackLinuxElf::canUnpack() in p_lx_elf.cpp,in version UPX 4.0.0. That allow attackers to execute arbitrary code and cause a denial of service via a crafted file.

8.5 2021-05-27 CVE-2021-30465

runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.

5.5 2021-05-26 CVE-2021-30471

A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp can lead to a stack overflow.

5.5 2021-05-26 CVE-2021-30470

A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() and PdfTokenizer::ReadDataType() functions can lead to a stack overflow.

5.5 2021-05-26 CVE-2021-30469

A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
15% (70) CWE-416 Use After Free
9% (42) CWE-787 Out-of-bounds Write
6% (31) CWE-125 Out-of-bounds Read
4% (23) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
4% (19) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
3% (18) CWE-476 NULL Pointer Dereference
3% (18) CWE-20 Improper Input Validation
3% (17) CWE-190 Integer Overflow or Wraparound
2% (13) CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory L...
2% (13) CWE-200 Information Exposure
2% (13) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
2% (12) CWE-617 Reachable Assertion
2% (10) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
2% (10) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
1% (8) CWE-770 Allocation of Resources Without Limits or Throttling
1% (8) CWE-362 Race Condition
1% (8) CWE-122 Heap-based Buffer Overflow
1% (7) CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggli...
1% (7) CWE-295 Certificate Issues
1% (7) CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')
1% (6) CWE-269 Improper Privilege Management
0% (4) CWE-732 Incorrect Permission Assignment for Critical Resource
0% (4) CWE-674 Uncontrolled Recursion
0% (4) CWE-358 Improperly Implemented Security Check for Standard
0% (4) CWE-287 Improper Authentication

Snort® IPS/IDS

Date Description
2021-01-28 TRUFFLEHUNTER TALOS-2021-1226 attack attempt
RuleID : 56995 - Type : FILE-OTHER - Revision : 1
2021-01-28 TRUFFLEHUNTER TALOS-2021-1226 attack attempt
RuleID : 56994 - Type : FILE-OTHER - Revision : 1
2020-12-23 TRUFFLEHUNTER TALOS-2020-1215 attack attempt
RuleID : 56724 - Type : FILE-OTHER - Revision : 1
2020-12-23 TRUFFLEHUNTER TALOS-2020-1215 attack attempt
RuleID : 56723 - Type : FILE-OTHER - Revision : 1
2020-12-08 TRUFFLEHUNTER TALOS-2020-1187 attack attempt
RuleID : 56510 - Type : SERVER-OTHER - Revision : 1
2020-12-08 TRUFFLEHUNTER TALOS-2020-1187 attack attempt
RuleID : 56509 - Type : SERVER-WEBAPP - Revision : 1
2020-12-08 TRUFFLEHUNTER TALOS-2020-1186 attack attempt
RuleID : 56508 - Type : SERVER-OTHER - Revision : 1
2020-12-08 TRUFFLEHUNTER TALOS-2020-1186 attack attempt
RuleID : 56507 - Type : SERVER-WEBAPP - Revision : 1
2020-12-23 Google Chrome Blink Renderer MediaElementEventListener memory corruption attempt
RuleID : 56438 - Type : BROWSER-CHROME - Revision : 1
2020-12-23 Google Chrome Blink Renderer MediaElementEventListener memory corruption attempt
RuleID : 56437 - Type : BROWSER-CHROME - Revision : 1
2020-12-08 TRUFFLEHUNTER TALOS-2020-1188 attack attempt
RuleID : 56308 - Type : SERVER-OTHER - Revision : 1
2020-12-08 TRUFFLEHUNTER TALOS-2020-1188 attack attempt
RuleID : 56307 - Type : SERVER-WEBAPP - Revision : 1
2020-12-08 TRUFFLEHUNTER TALOS-2020-1189 attack attempt
RuleID : 56298 - Type : SERVER-OTHER - Revision : 1
2020-12-08 TRUFFLEHUNTER TALOS-2020-1189 attack attempt
RuleID : 56297 - Type : SERVER-WEBAPP - Revision : 1
2020-12-10 Microsoft Windows malicious Netlogon NetrServerAuthenticate3 request attempt
RuleID : 56290 - Type : OS-WINDOWS - Revision : 6
2020-12-08 TRUFFLEHUNTER TALOS-2020-1185 attack attempt
RuleID : 56275 - Type : SERVER-OTHER - Revision : 1
2020-12-08 PyYAML Python object serialization attempt
RuleID : 56224 - Type : POLICY-OTHER - Revision : 1
2020-12-08 PyYAML Python object serialization attempt
RuleID : 56223 - Type : POLICY-OTHER - Revision : 1
2020-12-08 TRUFFLEHUNTER TALOS-2020-1185 attack attempt
RuleID : 56211 - Type : SERVER-WEBAPP - Revision : 2
2020-10-22 Microsoft Windows NetrServerReqChallenge RPC transport sign and seal disablin...
RuleID : 55802 - Type : OS-WINDOWS - Revision : 1
2020-10-20 Microsoft Windows Netlogon crafted NetrServerAuthenticate elevation of privil...
RuleID : 55704 - Type : OS-WINDOWS - Revision : 2
2020-10-20 Microsoft Windows Netlogon crafted NetrServerReqChallenge elevation of privil...
RuleID : 55703 - Type : OS-WINDOWS - Revision : 2

Nessus® Vulnerability Scanner

id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-f73869d61e.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-a2e9bd6eae.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-6a378e32c3.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-18f3eff32b.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-0f5e6e9957.nasl - Type: ACT_GATHER_INFO
2018-12-28 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1417.nasl - Type: ACT_GATHER_INFO
2018-12-10 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4351.nasl - Type: ACT_GATHER_INFO
2018-12-10 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1389.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Fedora host is missing a security update.
File: fedora_2018-daee493feb.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Fedora host is missing a security update.
File: fedora_2018-46b92c9064.nasl - Type: ACT_GATHER_INFO
2018-11-26 Name: The remote Debian host is missing a security update.
File: debian_DLA-1591.nasl - Type: ACT_GATHER_INFO
2018-11-23 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_b036fabaedd811e8b3b700e04c1ea73d.nasl - Type: ACT_GATHER_INFO
2018-11-23 Name: The remote Debian host is missing a security update.
File: debian_DLA-1583.nasl - Type: ACT_GATHER_INFO
2018-11-16 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-3253.nasl - Type: ACT_GATHER_INFO
2018-05-16 Name: The remote Fedora host is missing a security update.
File: fedora_2018-46f48df07d.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-15819d2c37.nasl - Type: ACT_GATHER_INFO
2017-09-20 Name: The remote Fedora host is missing a security update.
File: fedora_2017-769793738f.nasl - Type: ACT_GATHER_INFO
2017-07-26 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-844.nasl - Type: ACT_GATHER_INFO
2017-07-21 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-1916-1.nasl - Type: ACT_GATHER_INFO
2017-07-20 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-1901-1.nasl - Type: ACT_GATHER_INFO
2017-04-06 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-0946-1.nasl - Type: ACT_GATHER_INFO
2017-01-11 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-70.nasl - Type: ACT_GATHER_INFO
2017-01-10 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-0084-1.nasl - Type: ACT_GATHER_INFO
2015-10-28 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_2a4a112a7c1b11e5bd770800275369e2.nasl - Type: ACT_GATHER_INFO