Vulnerabilities > Fedoraproject

DATE CVE VULNERABILITY TITLE RISK
2021-09-07 CVE-2021-33289 Out-of-bounds Write vulnerability in multiple products
In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution.
local
low complexity
tuxera debian fedoraproject CWE-787
7.8
2021-09-07 CVE-2021-35268 Out-of-bounds Write vulnerability in multiple products
In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode is loaded in the function ntfs_inode_real_open, a heap buffer overflow can occur allowing for code execution and escalation of privileges.
local
low complexity
tuxera debian fedoraproject CWE-787
7.8
2021-09-07 CVE-2021-35269 Out-of-bounds Write vulnerability in multiple products
NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute from the MFT is setup in the function ntfs_attr_setup_flag, a heap buffer overflow can occur allowing for code execution and escalation of privileges.
local
low complexity
tuxera debian fedoraproject CWE-787
7.8
2021-09-06 CVE-2021-40529 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.
network
high complexity
botan-project fedoraproject mozilla CWE-327
5.9
2021-09-06 CVE-2021-40530 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.
network
high complexity
cryptopp fedoraproject CWE-327
5.9
2021-09-06 CVE-2021-3770 Heap-based Buffer Overflow vulnerability in multiple products
vim is vulnerable to Heap-based Buffer Overflow
local
low complexity
vim fedoraproject netapp CWE-122
7.8
2021-09-03 CVE-2021-30606 Use After Free vulnerability in multiple products
Chromium: CVE-2021-30606 Use after free in Blink
network
low complexity
microsoft fedoraproject CWE-416
8.8
2021-09-03 CVE-2021-30607 Use After Free vulnerability in multiple products
Chromium: CVE-2021-30607 Use after free in Permissions
network
low complexity
fedoraproject microsoft CWE-416
8.8
2021-09-03 CVE-2021-30608 Use After Free vulnerability in multiple products
Chromium: CVE-2021-30608 Use after free in Web Share
network
low complexity
fedoraproject microsoft CWE-416
8.8
2021-09-03 CVE-2021-30609 Use After Free vulnerability in multiple products
Chromium: CVE-2021-30609 Use after free in Sign-In
network
low complexity
fedoraproject microsoft CWE-416
8.8