This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Fedoraproject First view 2017-03-23
Product Fedora Last view 2022-04-18
Version 33 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:fedoraproject:fedora

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
5.3 2022-04-18 CVE-2021-42782

Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library.

5.3 2022-04-18 CVE-2021-42781

Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library.

5.3 2022-04-18 CVE-2021-42780

A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.

5.3 2022-04-18 CVE-2021-42779

A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid.

5.3 2022-04-18 CVE-2021-42778

A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo.

7.4 2022-03-23 CVE-2021-3618

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

6.5 2022-03-16 CVE-2021-20257

An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

6.5 2022-03-10 CVE-2021-3733

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.

5.5 2022-03-04 CVE-2021-3744

A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.

7.5 2022-03-04 CVE-2021-3737

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.

8.8 2022-03-04 CVE-2021-3656

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape.

8.8 2022-02-18 CVE-2020-25722

Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise.

7.2 2022-02-18 CVE-2020-25719

A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.

8.1 2022-02-18 CVE-2020-25717

A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.

5.9 2022-02-18 CVE-2016-2124

A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.

7.8 2022-02-16 CVE-2021-3578

A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. This could be plausibly exploited for remote code execution on the client.

7.8 2022-02-16 CVE-2021-3551

A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This flaw allows a local attacker to retrieve the file to obtain the admin password and gain admin privileges to the Dogtag CA manager. The highest threat from this vulnerability is to confidentiality.

4.3 2021-12-23 CVE-2021-3622

A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the _get_children() function, leading to a stack overflow. The highest threat from this vulnerability is to system availability.

5.6 2021-11-23 CVE-2021-3672

A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.

9.8 2021-11-19 CVE-2021-44026

Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params.

6.1 2021-11-19 CVE-2021-44025

Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in handling an attachment's filename extension when displaying a MIME type warning message.

7.2 2021-11-15 CVE-2021-42386

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function

7.2 2021-11-15 CVE-2021-42385

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function

7.2 2021-11-15 CVE-2021-42384

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function

7.2 2021-11-15 CVE-2021-42383

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
16% (151) CWE-416 Use After Free
14% (129) CWE-787 Out-of-bounds Write
5% (52) CWE-125 Out-of-bounds Read
3% (34) CWE-476 NULL Pointer Dereference
3% (34) CWE-190 Integer Overflow or Wraparound
3% (33) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
3% (32) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
3% (29) CWE-502 Deserialization of Untrusted Data
3% (29) CWE-20 Improper Input Validation
2% (23) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
2% (19) CWE-770 Allocation of Resources Without Limits or Throttling
1% (18) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
1% (16) CWE-434 Unrestricted Upload of File with Dangerous Type
1% (14) CWE-617 Reachable Assertion
1% (13) CWE-269 Improper Privilege Management
1% (12) CWE-362 Race Condition
1% (12) CWE-122 Heap-based Buffer Overflow
1% (12) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
1% (11) CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggli...
1% (11) CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory L...
1% (11) CWE-295 Certificate Issues
1% (11) CWE-287 Improper Authentication
1% (10) CWE-203 Information Exposure Through Discrepancy
0% (9) CWE-415 Double Free
0% (9) CWE-200 Information Exposure

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2021-02-18 TRUFFLEHUNTER TALOS-2021-1238 attack attempt
RuleID : 57135 - Type : BROWSER-WEBKIT - Revision : 1
2021-02-18 TRUFFLEHUNTER TALOS-2021-1238 attack attempt
RuleID : 57134 - Type : BROWSER-WEBKIT - Revision : 1
2021-02-18 TRUFFLEHUNTER TALOS-2021-1229 attack attempt
RuleID : 57046 - Type : BROWSER-WEBKIT - Revision : 1
2021-02-18 TRUFFLEHUNTER TALOS-2021-1229 attack attempt
RuleID : 57045 - Type : BROWSER-WEBKIT - Revision : 1
2021-01-28 TRUFFLEHUNTER TALOS-2021-1226 attack attempt
RuleID : 56995 - Type : FILE-OTHER - Revision : 1
2021-01-28 TRUFFLEHUNTER TALOS-2021-1226 attack attempt
RuleID : 56994 - Type : FILE-OTHER - Revision : 1
2020-12-23 TRUFFLEHUNTER TALOS-2020-1215 attack attempt
RuleID : 56724 - Type : FILE-OTHER - Revision : 1
2020-12-23 TRUFFLEHUNTER TALOS-2020-1215 attack attempt
RuleID : 56723 - Type : FILE-OTHER - Revision : 1
2020-12-08 TRUFFLEHUNTER TALOS-2020-1187 attack attempt
RuleID : 56510 - Type : SERVER-OTHER - Revision : 1
2020-12-08 TRUFFLEHUNTER TALOS-2020-1187 attack attempt
RuleID : 56509 - Type : SERVER-WEBAPP - Revision : 1
2020-12-08 TRUFFLEHUNTER TALOS-2020-1186 attack attempt
RuleID : 56508 - Type : SERVER-OTHER - Revision : 1
2020-12-08 TRUFFLEHUNTER TALOS-2020-1186 attack attempt
RuleID : 56507 - Type : SERVER-WEBAPP - Revision : 1
2020-12-23 Google Chrome Blink Renderer MediaElementEventListener memory corruption attempt
RuleID : 56438 - Type : BROWSER-CHROME - Revision : 1
2020-12-23 Google Chrome Blink Renderer MediaElementEventListener memory corruption attempt
RuleID : 56437 - Type : BROWSER-CHROME - Revision : 1
2020-12-08 TRUFFLEHUNTER TALOS-2020-1188 attack attempt
RuleID : 56308 - Type : SERVER-OTHER - Revision : 1
2020-12-08 TRUFFLEHUNTER TALOS-2020-1188 attack attempt
RuleID : 56307 - Type : SERVER-WEBAPP - Revision : 1
2020-12-08 TRUFFLEHUNTER TALOS-2020-1189 attack attempt
RuleID : 56298 - Type : SERVER-OTHER - Revision : 1
2020-12-08 TRUFFLEHUNTER TALOS-2020-1189 attack attempt
RuleID : 56297 - Type : SERVER-WEBAPP - Revision : 1
2020-12-10 Microsoft Windows malicious Netlogon NetrServerAuthenticate3 request attempt
RuleID : 56290 - Type : OS-WINDOWS - Revision : 6
2020-12-08 TRUFFLEHUNTER TALOS-2020-1185 attack attempt
RuleID : 56275 - Type : SERVER-OTHER - Revision : 1
2020-12-08 PyYAML Python object serialization attempt
RuleID : 56224 - Type : POLICY-OTHER - Revision : 1
2020-12-08 PyYAML Python object serialization attempt
RuleID : 56223 - Type : POLICY-OTHER - Revision : 1
2020-12-08 TRUFFLEHUNTER TALOS-2020-1185 attack attempt
RuleID : 56211 - Type : SERVER-WEBAPP - Revision : 2
2020-11-19 Linux kernel af_packet tpacket_rcv integer overflow attempt
RuleID : 56052 - Type : OS-LINUX - Revision : 1
2020-11-19 Linux kernel af_packet tpacket_rcv integer overflow attempt
RuleID : 56051 - Type : OS-LINUX - Revision : 1

Nessus® Vulnerability Scanner

id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-f73869d61e.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-a2e9bd6eae.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-6a378e32c3.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-18f3eff32b.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-0f5e6e9957.nasl - Type: ACT_GATHER_INFO
2018-12-28 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1417.nasl - Type: ACT_GATHER_INFO
2018-12-10 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4351.nasl - Type: ACT_GATHER_INFO
2018-12-10 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1389.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Fedora host is missing a security update.
File: fedora_2018-daee493feb.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Fedora host is missing a security update.
File: fedora_2018-46b92c9064.nasl - Type: ACT_GATHER_INFO
2018-11-26 Name: The remote Debian host is missing a security update.
File: debian_DLA-1591.nasl - Type: ACT_GATHER_INFO
2018-11-23 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_b036fabaedd811e8b3b700e04c1ea73d.nasl - Type: ACT_GATHER_INFO
2018-11-23 Name: The remote Debian host is missing a security update.
File: debian_DLA-1583.nasl - Type: ACT_GATHER_INFO
2018-11-16 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-3253.nasl - Type: ACT_GATHER_INFO
2018-05-16 Name: The remote Fedora host is missing a security update.
File: fedora_2018-46f48df07d.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-15819d2c37.nasl - Type: ACT_GATHER_INFO
2017-09-20 Name: The remote Fedora host is missing a security update.
File: fedora_2017-769793738f.nasl - Type: ACT_GATHER_INFO
2017-07-26 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-844.nasl - Type: ACT_GATHER_INFO
2017-07-21 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-1916-1.nasl - Type: ACT_GATHER_INFO
2017-07-20 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-1901-1.nasl - Type: ACT_GATHER_INFO
2017-04-06 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-0946-1.nasl - Type: ACT_GATHER_INFO
2017-01-11 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-70.nasl - Type: ACT_GATHER_INFO
2017-01-10 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-0084-1.nasl - Type: ACT_GATHER_INFO
2015-10-28 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_2a4a112a7c1b11e5bd770800275369e2.nasl - Type: ACT_GATHER_INFO