Vulnerabilities > Fedoraproject
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-07 | CVE-2021-39254 | Integer Overflow or Wraparound vulnerability in multiple products A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow in the function ntfs_attr_record_resize, in NTFS-3G < 2021.8.22. | 7.8 |
| 2021-09-07 | CVE-2021-33285 | Out-of-bounds Write vulnerability in multiple products In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap buffer overflow can occur allowing for memory disclosure or denial of service. | 7.8 |
| 2021-09-07 | CVE-2021-33289 | Out-of-bounds Write vulnerability in multiple products In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution. | 7.8 |
| 2021-09-07 | CVE-2021-35268 | Out-of-bounds Write vulnerability in multiple products In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode is loaded in the function ntfs_inode_real_open, a heap buffer overflow can occur allowing for code execution and escalation of privileges. | 7.8 |
| 2021-09-07 | CVE-2021-35269 | Out-of-bounds Write vulnerability in multiple products NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute from the MFT is setup in the function ntfs_attr_setup_flag, a heap buffer overflow can occur allowing for code execution and escalation of privileges. | 7.8 |
| 2021-09-06 | CVE-2021-40529 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. | 5.9 |
| 2021-09-06 | CVE-2021-40530 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. | 5.9 |
| 2021-09-06 | CVE-2021-3770 | Heap-based Buffer Overflow vulnerability in multiple products vim is vulnerable to Heap-based Buffer Overflow | 7.8 |
| 2021-09-03 | CVE-2021-30606 | Use After Free vulnerability in multiple products Chromium: CVE-2021-30606 Use after free in Blink | 8.8 |
| 2021-09-03 | CVE-2021-30607 | Use After Free vulnerability in multiple products Chromium: CVE-2021-30607 Use after free in Permissions | 8.8 |