Fedoraproject: >> Fedora >> 33 Security Vulnerabilities
An issue was discovered in SaltStack Salt before 3003.3. The salt minion installer will accept and use a minion config file at C:\salt\conf if that file is in place before the installer is run. This allows for a malicious actor to subvert the proper behaviour of the given minion software.
CVSS Score
6.4
EPSS Score
0.001
Published
2021-09-08
Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest switches (back) from v2 to v1. Freeing such pages requires that the hypervisor enforce that no parallel request can result in the addition of a mapping of such a page to a guest. That enforcement was missing, allowing guests to retain access to pages that were freed and perhaps re-used for other purposes. Unfortunately, when XSA-379 was being prepared, this similar issue was not noticed.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-09-08
The find_color_or_error function in gifsicle 1.92 contains a NULL pointer dereference.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-09-07
In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function ntfs_attr_pread_i, a heap buffer overflow can occur and allow for writing to arbitrary memory or denial of service of the application.
CVSS Score
7.8
EPSS Score
0.0
Published
2021-09-07
In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS image a heap buffer overflow can occur resulting in memory disclosure, denial of service and even code execution.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-09-07
NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the MFT and MFTMirror allowing for code execution or escalation of privileges when setuid-root.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-09-07
A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 2021.8.22.
CVSS Score
7.8
EPSS Score
0.0
Published
2021-09-07
A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup in NTFS-3G < 2021.8.22.
CVSS Score
7.8
EPSS Score
0.0
Published
2021-09-07
A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G < 2021.8.22.
CVSS Score
7.8
EPSS Score
0.0
Published
2021-09-07
A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow in the function ntfs_attr_record_resize, in NTFS-3G < 2021.8.22.
CVSS Score
7.8
EPSS Score
0.0
Published
2021-09-07