This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Fedoraproject First view 2018-11-16
Product Fedora Last view 2021-09-06
Version 34 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:fedoraproject:fedora

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.8 2021-09-06 CVE-2021-3770

vim is vulnerable to Heap-based Buffer Overflow

7 2021-09-03 CVE-2021-40490

A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13.

8.8 2021-09-03 CVE-2021-30624

Chromium: CVE-2021-30624 Use after free in Autofill

8.8 2021-09-03 CVE-2021-30623

Chromium: CVE-2021-30623 Use after free in Bookmarks

8.8 2021-09-03 CVE-2021-30622

Chromium: CVE-2021-30622 Use after free in WebApp Installs

6.5 2021-09-03 CVE-2021-30621

Chromium: CVE-2021-30621 UI Spoofing in Autofill

8.8 2021-09-03 CVE-2021-30620

Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink

6.5 2021-09-03 CVE-2021-30619

Chromium: CVE-2021-30619 UI Spoofing in Autofill

8.8 2021-09-03 CVE-2021-30618

Chromium: CVE-2021-30618 Inappropriate implementation in DevTools

6.5 2021-09-03 CVE-2021-30617

Chromium: CVE-2021-30617 Policy bypass in Blink

8.8 2021-09-03 CVE-2021-30616

Chromium: CVE-2021-30616 Use after free in Media

6.5 2021-09-03 CVE-2021-30615

Chromium: CVE-2021-30615 Cross-origin data leak in Navigation

8.8 2021-09-03 CVE-2021-30614

Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip

8.8 2021-09-03 CVE-2021-30613

Chromium: CVE-2021-30613 Use after free in Base internals

8.8 2021-09-03 CVE-2021-30610

Chromium: CVE-2021-30610 Use after free in Extensions API

8.8 2021-09-03 CVE-2021-30609

Chromium: CVE-2021-30609 Use after free in Sign-In

8.8 2021-09-03 CVE-2021-30608

Chromium: CVE-2021-30608 Use after free in Web Share

8.8 2021-09-03 CVE-2021-30607

Chromium: CVE-2021-30607 Use after free in Permissions

8.8 2021-09-03 CVE-2021-30606

Chromium: CVE-2021-30606 Use after free in Blink

3.1 2021-08-31 CVE-2021-39164

Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership (list of members, with their display names) of a room if they know the ID of the room. The vulnerability is limited to rooms with `shared` history visibility. Furthermore, the unauthorised user must be using an account on a vulnerable homeserver that is in the room. Server administrators should upgrade to 1.41.1 or later in order to receive the patch. One workaround is available. Administrators of servers that use a reverse proxy could, with potentially unacceptable loss of functionality, block the endpoints: `/_matrix/client/r0/rooms/{room_id}/members` with `at` query parameter, and `/_matrix/client/unstable/rooms/{room_id}/members` with `at` query parameter.

3.1 2021-08-31 CVE-2021-39163

Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the name, avatar, topic and number of members of a room if they know the ID of the room. This vulnerability is limited to homeservers where the vulnerable homeserver is in the room and untrusted users are permitted to create groups (communities). By default, only homeserver administrators can create groups. However, homeserver administrators can already access this information in the database or using the admin API. As a result, only homeservers where the configuration setting `enable_group_creation` has been set to `true` are impacted. Server administrators should upgrade to 1.41.1 or higher to patch the vulnerability. There are two potential workarounds. Server administrators can set `enable_group_creation` to `false` in their homeserver configuration (this is the default value) to prevent creation of groups by non-administrators. Administrators that are using a reverse proxy could, with partial loss of group functionality, block the endpoints `/_matrix/client/r0/groups/{group_id}/rooms` and `/_matrix/client/unstable/groups/{group_id}/rooms`.

5.3 2021-08-30 CVE-2021-34434

In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked.

8.1 2021-08-27 CVE-2021-40153

squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination.

4.9 2021-08-27 CVE-2021-28700

xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. Unfortunately, the memory limit from them is not set. This allow a domain to allocate memory beyond what an administrator originally configured.

5.5 2021-08-27 CVE-2021-28699

inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant status. That is, when operating in this mode, a guest has two tables. As a result, guests also need to be able to retrieve the addresses that the new status tracking table can be accessed through. For 32-bit guests on x86, translation of requests has to occur because the interface structure layouts commonly differ between 32- and 64-bit. The translation of the request to obtain the frame numbers of the grant status table involves translating the resulting array of frame numbers. Since the space used to carry out the translation is limited, the translation layer tells the core function the capacity of the array within translation space. Unfortunately the core function then only enforces array bounds to be below 8 times the specified value, and would write past the available space if enough frame numbers needed storing.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
18% (51) CWE-416 Use After Free
7% (20) CWE-787 Out-of-bounds Write
6% (17) CWE-125 Out-of-bounds Read
5% (14) CWE-476 NULL Pointer Dereference
4% (11) CWE-20 Improper Input Validation
3% (10) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
3% (10) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
3% (9) CWE-200 Information Exposure
3% (9) CWE-190 Integer Overflow or Wraparound
3% (9) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
2% (8) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
1% (5) CWE-415 Double Free
1% (5) CWE-362 Race Condition
1% (5) CWE-295 Certificate Issues
1% (5) CWE-290 Authentication Bypass by Spoofing
1% (5) CWE-287 Improper Authentication
1% (5) CWE-203 Information Exposure Through Discrepancy
1% (5) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
1% (5) CWE-59 Improper Link Resolution Before File Access ('Link Following')
1% (4) CWE-617 Reachable Assertion
1% (3) CWE-732 Incorrect Permission Assignment for Critical Resource
1% (3) CWE-668 Exposure of Resource to Wrong Sphere
1% (3) CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory L...
1% (3) CWE-347 Improper Verification of Cryptographic Signature
1% (3) CWE-269 Improper Privilege Management

Snort® IPS/IDS

Date Description
2021-01-28 TRUFFLEHUNTER TALOS-2021-1226 attack attempt
RuleID : 56995 - Type : FILE-OTHER - Revision : 1
2021-01-28 TRUFFLEHUNTER TALOS-2021-1226 attack attempt
RuleID : 56994 - Type : FILE-OTHER - Revision : 1
2020-12-23 TRUFFLEHUNTER TALOS-2020-1215 attack attempt
RuleID : 56724 - Type : FILE-OTHER - Revision : 1
2020-12-23 TRUFFLEHUNTER TALOS-2020-1215 attack attempt
RuleID : 56723 - Type : FILE-OTHER - Revision : 1
2020-12-08 TRUFFLEHUNTER TALOS-2020-1187 attack attempt
RuleID : 56510 - Type : SERVER-OTHER - Revision : 1
2020-12-08 TRUFFLEHUNTER TALOS-2020-1187 attack attempt
RuleID : 56509 - Type : SERVER-WEBAPP - Revision : 1
2020-12-08 TRUFFLEHUNTER TALOS-2020-1186 attack attempt
RuleID : 56508 - Type : SERVER-OTHER - Revision : 1
2020-12-08 TRUFFLEHUNTER TALOS-2020-1186 attack attempt
RuleID : 56507 - Type : SERVER-WEBAPP - Revision : 1
2020-12-08 TRUFFLEHUNTER TALOS-2020-1188 attack attempt
RuleID : 56308 - Type : SERVER-OTHER - Revision : 1
2020-12-08 TRUFFLEHUNTER TALOS-2020-1188 attack attempt
RuleID : 56307 - Type : SERVER-WEBAPP - Revision : 1
2020-12-08 TRUFFLEHUNTER TALOS-2020-1189 attack attempt
RuleID : 56298 - Type : SERVER-OTHER - Revision : 1
2020-12-08 TRUFFLEHUNTER TALOS-2020-1189 attack attempt
RuleID : 56297 - Type : SERVER-WEBAPP - Revision : 1
2020-12-08 TRUFFLEHUNTER TALOS-2020-1185 attack attempt
RuleID : 56275 - Type : SERVER-OTHER - Revision : 1
2020-12-08 TRUFFLEHUNTER TALOS-2020-1185 attack attempt
RuleID : 56211 - Type : SERVER-WEBAPP - Revision : 2

Nessus® Vulnerability Scanner

id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-0f5e6e9957.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-18f3eff32b.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-a2e9bd6eae.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-f73869d61e.nasl - Type: ACT_GATHER_INFO
2018-12-10 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4351.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Fedora host is missing a security update.
File: fedora_2018-46b92c9064.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Fedora host is missing a security update.
File: fedora_2018-daee493feb.nasl - Type: ACT_GATHER_INFO
2018-11-26 Name: The remote Debian host is missing a security update.
File: debian_DLA-1591.nasl - Type: ACT_GATHER_INFO
2018-11-23 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_b036fabaedd811e8b3b700e04c1ea73d.nasl - Type: ACT_GATHER_INFO