Fedoraproject Fedora vulnerabilities

CVE-2021-40839 [HIGH] CWE-835 CVE-2021-40839: The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding (such as v The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding (such as via ;\x2f\x7f), enabling a remote attack that consumes CPU and memory.

CVE-2021-21897 [HIGH] CWE-191 CVE-2021-21897: A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsof A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0. A specially-crafted .dxf file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2021-21996 [HIGH] CVE-2021-21996: An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and s An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion.

CVE-2021-40346 [HIGH] CWE-190 CVE-2021-40346: An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to per An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs.

CVE-2021-28701 [HIGH] CWE-362 CVE-2021-28701: Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pa Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest switches (back) from v2 to v1. Freeing such pages requires that the hypervi

CVE-2021-22004 [MEDIUM] CWE-362 CVE-2021-22004: An issue was discovered in SaltStack Salt before 3003.3. The salt minion installer will accept and u An issue was discovered in SaltStack Salt before 3003.3. The salt minion installer will accept and use a minion config file at C:\salt\conf if that file is in place before the installer is run. This allows for a malicious actor to subvert the proper behaviour of the given minion software.

CVE-2021-33285 [HIGH] CWE-787 CVE-2021-33285: In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap buffer overflow can occur allowing for memory disclosure or denial of service. The vulnerability is caused by an out-of-bound buffer access which can be triggered by mounting a crafted ntfs partition. The root cause is

CVE-2021-35269 [HIGH] CWE-787 CVE-2021-35269: NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute from the MFT is setup in the f NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute from the MFT is setup in the function ntfs_attr_setup_flag, a heap buffer overflow can occur allowing for code execution and escalation of privileges.

CVE-2021-35267 [HIGH] CWE-787 CVE-2021-35267: NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the M NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the MFT and MFTMirror allowing for code execution or escalation of privileges when setuid-root.

CVE-2021-39254 [HIGH] CWE-190 CVE-2021-39254: A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overfl A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow in the function ntfs_attr_record_resize, in NTFS-3G < 2021.8.22.

CVE-2021-39252 [HIGH] CWE-125 CVE-2021-39252: A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup in NTFS-3G < 2021.8.22. A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup in NTFS-3G < 2021.8.22.

CVE-2021-39251 [HIGH] CWE-476 CVE-2021-39251: A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 202 A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 2021.8.22.

CVE-2021-35266 [HIGH] CWE-787 CVE-2021-35266: In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS image a heap buffer overflow can occur resulting in memory disclosure, denial of service and even code execution.

CVE-2021-33289 [HIGH] CWE-787 CVE-2021-33289: In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution.

CVE-2021-33287 [HIGH] CWE-787 CVE-2021-33287: In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function ntf In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function ntfs_attr_pread_i, a heap buffer overflow can occur and allow for writing to arbitrary memory or denial of service of the application.

CVE-2021-35268 [HIGH] CWE-787 CVE-2021-35268: In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode is loaded in the function ntfs_ In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode is loaded in the function ntfs_inode_real_open, a heap buffer overflow can occur allowing for code execution and escalation of privileges.

CVE-2021-39253 [HIGH] CWE-125 CVE-2021-39253: A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G < 2021.8.22 A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G < 2021.8.22.

CVE-2020-19752 [HIGH] CWE-476 CVE-2020-19752: The find_color_or_error function in gifsicle 1.92 contains a NULL pointer dereference. The find_color_or_error function in gifsicle 1.92 contains a NULL pointer dereference.

CVE-2021-40530 [MEDIUM] CWE-327 CVE-2021-40530: The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interac The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration att

CVE-2021-40529 [MEDIUM] CWE-327 CVE-2021-40529: The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allow The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exp