This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Fedoraproject First view 2008-05-02
Product Fedora Last view 2020-10-10
Version Type Os
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:* 270
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:* 202
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:* 190
cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:* 184
cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:* 174
cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:* 157
cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:* 155
cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:* 104
cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:* 102
cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:* 91
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* 86
cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:* 66
cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:* 59
cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:* 47
cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:* 37
cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:* 30
cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:* 23
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* 18
cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:* 16
cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:* 16
cpe:2.3:o:fedoraproject:fedora:26:*:*:*:*:*:*:* 14
cpe:2.3:o:fedoraproject:fedora:*:*:*:*:*:*:*:* 12
cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:* 9
cpe:2.3:o:fedoraproject:fedora:27:*:*:*:*:*:*:* 9
cpe:2.3:o:fedoraproject:fedora:-:*:*:*:*:*:*:* 9
cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:* 8
cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:* 2
cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:* 2

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
6.1 2020-10-10 CVE-2020-26934

phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.

7.5 2020-10-06 CVE-2020-25613

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.

5.3 2020-10-02 CVE-2020-7070

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information.

6.5 2020-10-02 CVE-2020-7069

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data.

8.6 2020-09-30 CVE-2020-26159

In Oniguruma 6.9.5_rev1, an attacker able to supply a regular expression for compilation may be able to overflow a buffer by one byte in concat_opt_exact_str in src/regcomp.c .

9.8 2020-09-30 CVE-2020-26154

url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header.

7.2 2020-09-27 CVE-2020-26116

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.

4.7 2020-09-23 CVE-2020-25604

An issue was discovered in Xen through 4.14.x. There is a race condition when migrating timers between x86 HVM vCPUs. When migrating timers of x86 HVM guests between its vCPUs, the locking model used allows for a second vCPU of the same guest (also operating on the timers) to release a lock that it didn't acquire. The most likely effect of the issue is a hang or crash of the hypervisor, i.e., a Denial of Service (DoS). All versions of Xen are affected. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only x86 HVM guests can leverage the vulnerability. x86 PV and PVH cannot leverage the vulnerability. Only guests with more than one vCPU can exploit the vulnerability.

5.5 2020-09-23 CVE-2020-25601

An issue was discovered in Xen through 4.14.x. There is a lack of preemption in evtchn_reset() / evtchn_destroy(). In particular, the FIFO event channel model allows guests to have a large number of event channels active at a time. Closing all of these (when resetting all event channels or when cleaning up after the guest) may take extended periods of time. So far, there was no arrangement for preemption at suitable intervals, allowing a CPU to spend an almost unbounded amount of time in the processing of these operations. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system. All Xen versions are vulnerable in principle. Whether versions 4.3 and older are vulnerable depends on underlying hardware characteristics.

5.5 2020-09-23 CVE-2020-25600

An issue was discovered in Xen through 4.14.x. Out of bounds event channels are available to 32-bit x86 domains. The so called 2-level event channel model imposes different limits on the number of usable event channels for 32-bit x86 domains vs 64-bit or Arm (either bitness) ones. 32-bit x86 domains can use only 1023 channels, due to limited space in their shared (between guest and Xen) information structure, whereas all other domains can use up to 4095 in this model. The recording of the respective limit during domain initialization, however, has occurred at a time where domains are still deemed to be 64-bit ones, prior to actually honoring respective domain properties. At the point domains get recognized as 32-bit ones, the limit didn't get updated accordingly. Due to this misbehavior in Xen, 32-bit domains (including Domain 0) servicing other domains may observe event channel allocations to succeed when they should really fail. Subsequent use of such event channels would then possibly lead to corruption of other parts of the shared info structure. An unprivileged guest may cause another domain, in particular Domain 0, to misbehave. This may lead to a Denial of Service (DoS) for the entire system. All Xen versions from 4.4 onwards are vulnerable. Xen versions 4.3 and earlier are not vulnerable. Only x86 32-bit domains servicing other domains are vulnerable. Arm systems, as well as x86 64-bit domains, are not vulnerable.

5.5 2020-09-23 CVE-2020-25598

An issue was discovered in Xen 4.14.x. There is a missing unlock in the XENMEM_acquire_resource error path. The RCU (Read, Copy, Update) mechanism is a synchronisation primitive. A buggy error path in the XENMEM_acquire_resource exits without releasing an RCU reference, which is conceptually similar to forgetting to unlock a spinlock. A buggy or malicious HVM stubdomain can cause an RCU reference to be leaked. This causes subsequent administration operations, (e.g., CPU offline) to livelock, resulting in a host Denial of Service. The buggy codepath has been present since Xen 4.12. Xen 4.14 and later are vulnerable to the DoS. The side effects are believed to be benign on Xen 4.12 and 4.13, but patches are provided nevertheless. The vulnerability can generally only be exploited by x86 HVM VMs, as these are generally the only type of VM that have a Qemu stubdomain. x86 PV and PVH domains, as well as ARM VMs, typically don't use a stubdomain. Only VMs using HVM stubdomains can exploit the vulnerability. VMs using PV stubdomains, or with emulators running in dom0, cannot exploit the vulnerability.

5.5 2020-09-23 CVE-2020-25596

An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a #GP fault, and incorrectly delivers it twice to the guest. This causes the guest kernel to observe a kernel-privilege #GP fault (typically fatal) rather than a user-privilege #GP fault (usually converted into SIGSEGV/etc.). Malicious or buggy userspace can crash the guest kernel, resulting in a VM Denial of Service. All versions of Xen from 3.2 onwards are vulnerable. Only x86 systems are vulnerable. ARM platforms are not vulnerable. Only x86 systems that support the SYSENTER instruction in 64bit mode are vulnerable. This is believed to be Intel, Centaur, and Shanghai CPUs. AMD and Hygon CPUs are not believed to be vulnerable. Only x86 PV guests can exploit the vulnerability. x86 PVH / HVM guests cannot exploit the vulnerability.

7.8 2020-09-23 CVE-2020-25595

An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register data. Code paths in Xen's MSI handling have been identified that act on unsanitized values read back from device hardware registers. While devices strictly compliant with PCI specifications shouldn't be able to affect these registers, experience shows that it's very common for devices to have out-of-spec "backdoor" operations that can affect the result of these reads. A not fully trusted guest may be able to crash Xen, leading to a Denial of Service (DoS) for the entire system. Privilege escalation and information leaks cannot be excluded. All versions of Xen supporting PCI passthrough are affected. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only guests with passed through PCI devices may be able to leverage the vulnerability. Only systems passing through devices with out-of-spec ("backdoor") functionality can cause issues. Experience shows that such out-of-spec functionality is common; unless you have reason to believe that your device does not have such functionality, it's better to assume that it does.

6.3 2020-09-21 CVE-2020-6569

Integer overflow in WebUSB in Google Chrome prior to 85.0.4183.83 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

6.5 2020-09-21 CVE-2020-6566

Insufficient policy enforcement in media in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5 2020-09-21 CVE-2020-6564

Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of a permission dialog via a crafted HTML page.

6.5 2020-09-21 CVE-2020-6561

Inappropriate implementation in Content Security Policy in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5 2020-09-21 CVE-2020-6560

Insufficient policy enforcement in autofill in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

8.8 2020-09-21 CVE-2020-6559

Use after free in presentation API in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

6.5 2020-09-04 CVE-2020-24977

GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.

7.5 2020-09-04 CVE-2020-24659

An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure.

3.3 2020-09-02 CVE-2020-24654

In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.

6.5 2020-09-02 CVE-2020-15811

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches.

5 2020-08-31 CVE-2020-14364

An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.

6 2020-08-24 CVE-2020-14367

A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged access to create a symlink with the default PID file name pointing to any destination file in the system, resulting in data loss and a denial of service due to the path traversal.

CWE : Common Weakness Enumeration

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
11% (117) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
10% (106) CWE-20 Improper Input Validation
6% (72) CWE-200 Information Exposure
6% (69) CWE-125 Out-of-bounds Read
6% (64) CWE-787 Out-of-bounds Write
4% (52) CWE-416 Use After Free
3% (38) CWE-476 NULL Pointer Dereference
3% (38) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
3% (35) CWE-190 Integer Overflow or Wraparound
2% (30) CWE-264 Permissions, Privileges, and Access Controls
2% (27) CWE-189 Numeric Errors
1% (21) CWE-284 Access Control (Authorization) Issues
1% (20) CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory L...
1% (20) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
1% (19) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
1% (18) CWE-59 Improper Link Resolution Before File Access ('Link Following')
1% (17) CWE-269 Improper Privilege Management
1% (16) CWE-399 Resource Management Errors
1% (16) CWE-362 Race Condition
1% (16) CWE-287 Improper Authentication
1% (12) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
1% (11) CWE-310 Cryptographic Issues
0% (9) CWE-327 Use of a Broken or Risky Cryptographic Algorithm
0% (9) CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('...
0% (8) CWE-415 Double Free

Oval Markup Language : Definitions

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
OvalID Name
oval:org.mitre.oval:def:7816 DSA-1565 linux-2.6 -- several vulnerabilities
oval:org.mitre.oval:def:19757 DSA-1565-1 linux-2.6 - several vulnerabilities
oval:org.mitre.oval:def:11843 Race condition in the directory notification subsystem (dnotify) in Linux ker...
oval:org.mitre.oval:def:12473 HP-UX Apache-based Web Server, Local Information Disclosure, Increase of Priv...
oval:org.mitre.oval:def:10270 The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache AP...
oval:org.mitre.oval:def:9766 The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, doe...
oval:org.mitre.oval:def:8598 VMware kernel execve function vulnerability
oval:org.mitre.oval:def:11412 Service Console update for COS kernel
oval:org.mitre.oval:def:21973 ELSA-2009:1243: Oracle Linux 5.x.4 kernel security and bug fix update (Import...
oval:org.mitre.oval:def:29153 RHSA-2009:1243 -- Red Hat Enterprise Linux 5.4 kernel security and bug fix up...
oval:org.mitre.oval:def:13793 USN-835-1 -- neon, neon27 vulnerabilities
oval:org.mitre.oval:def:11721 neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle ...
oval:org.mitre.oval:def:22944 ELSA-2009:1452: neon security update (Moderate)
oval:org.mitre.oval:def:29270 RHSA-2009:1452 -- neon security update (Moderate)
oval:org.mitre.oval:def:9363 The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to...
oval:org.mitre.oval:def:8662 Apache mod_proxy_ftp Module Insufficient Input Validation Access Restriction ...
oval:org.mitre.oval:def:13296 USN-860-1 -- apache2 vulnerabilities
oval:org.mitre.oval:def:7557 Linux Kernel 2.4 and 2.6 Local Information Disclosure Vulnerability
oval:org.mitre.oval:def:10395 The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in...
oval:org.mitre.oval:def:7359 Linux Kernel 64-bit Kernel Register Memory Leak Local Information Disclosure ...
oval:org.mitre.oval:def:10823 arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 p...
oval:org.mitre.oval:def:9921 net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local user...
oval:org.mitre.oval:def:7937 DSA-1928 linux-2.6.24 -- privilege escalation/denial of service/sensitive mem...
oval:org.mitre.oval:def:6895 Linux Kernel 'unix_stream_connect()' Local Denial of Service Vulnerability
oval:org.mitre.oval:def:13735 DSA-1929-1 linux-2.6 -- privilege escalation/denial of service/sensitive memo...

SAINT Exploits

Description Link
Red Hat DHCP client NetworkManager integration script command injection More info here

Open Source Vulnerability Database (OSVDB)

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
77832 Parallels Plesk Panel Billing System TLS Renegotiation Handshakes MiTM Plaint...
75622 Blue Coat Director TLS Renegotiation Handshakes MiTM Plaintext Data Injection
74335 Hitachi Web Server TLS Renegotiation Handshakes MiTM Plaintext Data Injection
74150 Drupal Comment Attachment Access Restriction Bypass
73984 libpng png_rgb_to_gray Function PNG File Handling Overflow
73983 libpng pngerror.c png_err Function NULL Argument PNG File Handling DoS
73982 libpng pngrutil.c png_handle_sCAL Function PNG File Handling Memory Corruptio...
73748 udisks mount(8) Command Arbitrary Kernel Module Loading
73686 libcurl http_negotiate.c Curl_input_negotiate Function GSSAPI Credential Dele...
73493 libpng pngerror.c png_format_buffer() Off-by-one PNG Image Handling Remote DoS
73449 Linux Kernel net/dccp/options.c dccp_parse_options Function DCCP Packet Remot...
73328 cURL GSSAPI Client Credential Remote Disclosure
73246 Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
73245 Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
72991 abcm2ps Multiple Unspecified Issues
72660 MySQL GUI Tools Administrator / Query Browser Command Line Credentials Local ...
71961 Oracle Fusion Middleware Oracle WebLogic Server TLS Renegotiation Handshakes ...
71951 Oracle Multiple Products Oracle Security Service TLS Renegotiation Handshakes...
70620 mGuard TLS Renegotiation Handshakes MiTM Plaintext Data Injection
70518 Asterisk main/utils.c ast_uri_encode() Function Caller ID Information Overflow
70265 Linux Kernel kernel/exit.c do_exit Function KERNEL_DS get_fs Value Handling L...
70227 Linux Kernel on 64-bit Controller Area Network net/can/bcm.c bcm_connect Func...
70105 Google Chrome CSS Token Sequence Out-of-bounds Read Remote DoS
70055 Oracle Supply Chain Transportation Management TLS Renegotiation Handshakes Mi...
69673 Google Chrome XPath Handling Double-free Remote DoS

ExploitDB Exploits

id Description
32998 Heartbleed OpenSSL - Information Leak Exploit (2) - DTLS Support
32791 Heartbleed OpenSSL - Information Leak Exploit (1)
32764 OpenSSL 1.0.1f TLS Heartbeat Extension - Memory Disclosure (Multiple SSL/TLS ...
32745 OpenSSL TLS Heartbeat Extension - Memory Disclosure
27778 Samba nttrans Reply - Integer Overflow Vulnerability
22406 Konqueror 4.7.3 Memory Corruption
15704 Linux Kernel <= 2.6.37 - Local Privilege Escalation
15344 Linux Kernel VIDIOCSMICROCODE IOCTL Local Memory Overwrite Vulnerability
14814 Linux Kernel < 2.6.36-rc1 CAN BCM Privilege Escalation Exploit
14422 libpng <= 1.4.2 Denial of Service Vulnerability
10579 TLS Renegotiation Vulnerability PoC Exploit

OpenVAS Exploits

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2014-10-16 Name : POODLE SSLv3 Protocol CBC ciphers Information Disclosure Vulnerability
File : nvt/gb_poodel_sslv3_info_disc_vuln.nasl
2013-09-18 Name : Debian Security Advisory DSA 2439-1 (libpng - buffer overflow)
File : nvt/deb_2439_1.nasl
2012-12-24 Name : LibreOffice Graphic Object Loading Buffer Overflow Vulnerability (Mac OS X)
File : nvt/gb_libreoffice_graphic_object_bof_vuln_macosx.nasl
2012-12-24 Name : LibreOffice Graphic Object Loading Buffer Overflow Vulnerability (Windows)
File : nvt/gb_libreoffice_graphic_object_bof_vuln_win.nasl
2012-12-24 Name : OpenOffice Multiple Buffer Overflow Vulnerabilities - Dec12 (Windows)
File : nvt/gb_openoffice_mult_bof_vuln_dec12_win.nasl
2012-12-18 Name : Fedora Update for kernel FEDORA-2012-20240
File : nvt/gb_fedora_2012_20240_kernel_fc16.nasl
2012-12-13 Name : SuSE Update for update openSUSE-SU-2012:0466-1 (update)
File : nvt/gb_suse_2012_0466_1.nasl
2012-12-10 Name : Fedora Update for gnome-system-log FEDORA-2012-18659
File : nvt/gb_fedora_2012_18659_gnome-system-log_fc17.nasl
2012-11-29 Name : Fedora Update for kernel FEDORA-2012-18691
File : nvt/gb_fedora_2012_18691_kernel_fc16.nasl
2012-11-09 Name : CentOS Update for kernel CESA-2012:1426 centos6
File : nvt/gb_CESA-2012_1426_kernel_centos6.nasl
2012-11-09 Name : RedHat Update for kernel RHSA-2012:1426-01
File : nvt/gb_RHSA-2012_1426-01_kernel.nasl
2012-11-06 Name : Fedora Update for xlockmore FEDORA-2012-16485
File : nvt/gb_fedora_2012_16485_xlockmore_fc17.nasl
2012-11-06 Name : Fedora Update for xlockmore FEDORA-2012-16490
File : nvt/gb_fedora_2012_16490_xlockmore_fc16.nasl
2012-11-06 Name : Fedora Update for kernel FEDORA-2012-17479
File : nvt/gb_fedora_2012_17479_kernel_fc16.nasl
2012-11-02 Name : Fedora Update for dokuwiki FEDORA-2012-16605
File : nvt/gb_fedora_2012_16605_dokuwiki_fc16.nasl
2012-11-02 Name : Fedora Update for dokuwiki FEDORA-2012-16614
File : nvt/gb_fedora_2012_16614_dokuwiki_fc17.nasl
2012-10-22 Name : FreeBSD Ports: xlockmore, ja-xlockmore
File : nvt/freebsd_xlockmore.nasl
2012-10-19 Name : Fedora Update for mom FEDORA-2012-15496
File : nvt/gb_fedora_2012_15496_mom_fc17.nasl
2012-10-16 Name : Fedora Update for dracut FEDORA-2012-14953
File : nvt/gb_fedora_2012_14953_dracut_fc17.nasl
2012-10-16 Name : Fedora Update for dracut FEDORA-2012-14959
File : nvt/gb_fedora_2012_14959_dracut_fc16.nasl
2012-10-09 Name : Fedora Update for phpldapadmin FEDORA-2012-14344
File : nvt/gb_fedora_2012_14344_phpldapadmin_fc17.nasl
2012-10-09 Name : Fedora Update for phpldapadmin FEDORA-2012-14363
File : nvt/gb_fedora_2012_14363_phpldapadmin_fc16.nasl
2012-09-27 Name : Fedora Update for guacamole-common-js FEDORA-2012-14097
File : nvt/gb_fedora_2012_14097_guacamole-common-js_fc16.nasl
2012-09-27 Name : Fedora Update for guacamole-common FEDORA-2012-14097
File : nvt/gb_fedora_2012_14097_guacamole-common_fc16.nasl
2012-09-27 Name : Fedora Update for guacamole-ext FEDORA-2012-14097
File : nvt/gb_fedora_2012_14097_guacamole-ext_fc16.nasl

Information Assurance Vulnerability Management (IAVM)

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2015-A-0202 Citrix XenServer Information Disclosure Vulnerability
Severity: Category I - VMSKEY: V0061343
2015-A-0199 Multiple Vulnerabilities in Apple Mac OS X
Severity: Category I - VMSKEY: V0061337
2015-A-0154 Multiple Vulnerabilities in Oracle Fusion Middleware
Severity: Category I - VMSKEY: V0061081
2015-A-0113 Multiple Vulnerabilities in Juniper Networks CTPOS
Severity: Category I - VMSKEY: V0060737
2015-B-0012 Multiple Vulnerabilities in VMware ESXi 5.0
Severity: Category I - VMSKEY: V0058517
2015-B-0013 Multiple Vulnerabilities in VMware ESXi 5.1
Severity: Category I - VMSKEY: V0058515
2015-B-0014 Multiple Vulnerabilities in VMware ESXi 5.5
Severity: Category I - VMSKEY: V0058513
2014-A-0172 Multiple Vulnerabilities in Red Hat JBoss Enterprise Application Platform
Severity: Category I - VMSKEY: V0057381
2014-B-0103 Multiple Vulnerabilities in VMware Horizon View Client
Severity: Category I - VMSKEY: V0053509
2014-B-0102 Multiple Vulnerabilities in VMware vCenter Converter Standalone 5.5
Severity: Category I - VMSKEY: V0053507
2014-B-0101 Multiple Vulnerabilities in VMware vCenter Converter Standalone 5.1
Severity: Category I - VMSKEY: V0053505
2014-A-0115 Multiple Vulnerabilities in VMware Horizon View
Severity: Category I - VMSKEY: V0053501
2014-B-0097 Multiple Vulnerabilities in VMware ESXi 5.0
Severity: Category I - VMSKEY: V0053319
2014-A-0103 Multiple Vulnerabilities in Oracle E-Business
Severity: Category I - VMSKEY: V0053195
2014-B-0095 Multiple Vulnerabilities in Splunk
Severity: Category I - VMSKEY: V0053177
2014-A-0111 Multiple Vulnerabilities in VMware Workstation
Severity: Category I - VMSKEY: V0053179
2014-A-0110 Multiple Vulnerabilities in VMware Player
Severity: Category I - VMSKEY: V0053181
2014-A-0109 Multiple Vulnerabilities in VMware Fusion
Severity: Category I - VMSKEY: V0053183
2014-A-0100 Multiple Vulnerabilities in McAfee VirusScan Enterprise for Linux
Severity: Category I - VMSKEY: V0053201
2014-A-0099 Multiple Vulnerabilities in McAfee Email Gateway
Severity: Category I - VMSKEY: V0053203
2014-B-0088 Multiple Vulnerabilities in VMware ESXi 5.5
Severity: Category I - VMSKEY: V0052911
2014-B-0089 Multiple Vulnerabilities in VMware ESXi 5.1
Severity: Category I - VMSKEY: V0052909
2014-B-0091 Multiple Vulnerabilities in VMware vCenter Update Manager 5.5
Severity: Category I - VMSKEY: V0052907
2014-B-0084 HP Onboard Administrator Information Disclosure Vulnerability
Severity: Category I - VMSKEY: V0052901
2014-B-0085 Multiple Vulnerabilities in HP System Management Homepage (SMH)
Severity: Category I - VMSKEY: V0052899

Snort® IPS/IDS

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2020-10-22 Microsoft Windows NetrServerReqChallenge RPC transport sign and seal disablin...
RuleID : 55802 - Type : OS-WINDOWS - Revision : 1
2020-10-20 Microsoft Windows Netlogon crafted NetrServerAuthenticate elevation of privil...
RuleID : 55704 - Type : OS-WINDOWS - Revision : 2
2020-10-20 Microsoft Windows Netlogon crafted NetrServerReqChallenge elevation of privil...
RuleID : 55703 - Type : OS-WINDOWS - Revision : 2
2020-07-07 Apache Tomcat FileStore directory traversal attempt
RuleID : 54162 - Type : SERVER-WEBAPP - Revision : 1
2020-05-05 Google Chrome desktopMediaPickerController use after free attempt
RuleID : 53534 - Type : BROWSER-CHROME - Revision : 1
2020-05-05 Google Chrome desktopMediaPickerController use after free attempt
RuleID : 53533 - Type : BROWSER-CHROME - Revision : 1
2020-04-25 Horde Groupware Webmail data import PHP code injection attempt
RuleID : 53506 - Type : SERVER-WEBAPP - Revision : 1
2020-04-25 Horde Groupware Webmail data import PHP code injection attempt
RuleID : 53505 - Type : SERVER-WEBAPP - Revision : 3
2020-03-19 RabbitMQ X-Reason HTTP header denial-of-service attempt
RuleID : 53109 - Type : SERVER-OTHER - Revision : 1
2020-02-25 OpenSSL anonymous ECDH denial of service attempt
RuleID : 52626 - Type : SERVER-OTHER - Revision : 1
2020-02-25 OpenSSL anonymous ECDH denial of service attempt
RuleID : 52625 - Type : SERVER-OTHER - Revision : 1
2020-02-04 dnsmasq crafted OPT record denial of service attempt
RuleID : 52524 - Type : PROTOCOL-DNS - Revision : 1
2020-01-21 OpenSSL SSL ChangeCipherSpec man-in-the-middle attempt
RuleID : 52487 - Type : SERVER-OTHER - Revision : 1
2019-12-24 Mutiple products libpng extra row heap overflow attempt
RuleID : 52307 - Type : FILE-IMAGE - Revision : 1
2019-12-24 Mutiple products libpng extra row heap overflow attempt
RuleID : 52306 - Type : FILE-IMAGE - Revision : 1
2019-12-03 PostgreSQL SCRAM authentication stack buffer overflow attempt
RuleID : 52039 - Type : SERVER-OTHER - Revision : 1
2019-12-03 PostgreSQL SCRAM authentication stack buffer overflow attempt
RuleID : 52038 - Type : SERVER-OTHER - Revision : 1
2019-10-25 Red Hat NetworkManager DHCP client command injection attempt
RuleID : 52022-community - Type : OS-LINUX - Revision : 1
2019-11-26 Red Hat NetworkManager DHCP client command injection attempt
RuleID : 52022 - Type : OS-LINUX - Revision : 1
2019-11-26 LibreOffice office document arbitrary script execution attempt
RuleID : 52000 - Type : FILE-OTHER - Revision : 1
2019-11-26 LibreOffice office document arbitrary script execution attempt
RuleID : 51999 - Type : FILE-OTHER - Revision : 1
2019-11-21 Jenkins CLI arbitrary Java object deserialization attempt
RuleID : 51961 - Type : SERVER-WEBAPP - Revision : 2
2019-09-24 Ruby on Rails render file directory traversal attempt
RuleID : 51261 - Type : SERVER-WEBAPP - Revision : 1
2019-09-24 Ruby on Rails render file directory traversal attempt
RuleID : 51260 - Type : SERVER-WEBAPP - Revision : 1
2019-07-25 Ruby on Rails Active Storage deserialization remote code execution attempt
RuleID : 50504 - Type : SERVER-WEBAPP - Revision : 1

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-18 Name: The remote Debian host is missing a security update.
File: debian_DLA-1635.nasl - Type: ACT_GATHER_INFO
2019-01-16 Name: The remote Fedora host is missing a security update.
File: fedora_2019-e6ca5847c7.nasl - Type: ACT_GATHER_INFO
2019-01-16 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_383931ba181811e992ea448a5b29e8a9.nasl - Type: ACT_GATHER_INFO
2019-01-11 Name: The remote Fedora host is missing a security update.
File: fedora_2019-a7b53ed5a3.nasl - Type: ACT_GATHER_INFO
2019-01-10 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2019-1140.nasl - Type: ACT_GATHER_INFO
2019-01-10 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4363.nasl - Type: ACT_GATHER_INFO
2019-01-08 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2019-1005.nasl - Type: ACT_GATHER_INFO
2019-01-08 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2019-1006.nasl - Type: ACT_GATHER_INFO
2019-01-07 Name: The remote Debian host is missing a security update.
File: debian_DLA-1629.nasl - Type: ACT_GATHER_INFO
2019-01-07 Name: The remote Fedora host is missing a security update.
File: fedora_2018-166b220ff1.nasl - Type: ACT_GATHER_INFO
2019-01-07 Name: The remote Fedora host is missing a security update.
File: fedora_2018-5f91054677.nasl - Type: ACT_GATHER_INFO
2019-01-07 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_3e41c1a610bc11e9bd85fcaa147e860e.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-060302dc83.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-23ca7a6798.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-25674bb48e.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-2bf852f063.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-4544e8dbc8.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-49d6e4bc3f.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-5ed8fb9efa.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-66547a8c14.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-6edf04d9d6.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-71fd5db181.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-7689556ab2.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-7eae87ec86.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-84a1f77d89.nasl - Type: ACT_GATHER_INFO