Yuchen Zeng and Eduardo Vela discovered a buffer overflow in NTFS-3G, a
read-write NTFS driver for FUSE, due to incorrect validation of some of
the NTFS metadata. A local user can take advantage of this flaw for
local root privilege escalation.
Category Archives: Advisories
CVE-2021-39077 (security_guardium)
“IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215587.”
CVE-2021-36906
Multiple Insecure Direct Object References (IDOR) vulnerabilities in ExpressTech Quiz And Survey Master plugin <= 7.3.6 on WordPress.
CVE-2021-37823 (opencart)
OpenCart 3.0.3.7 allows users to obtain database information or read server files through SQL injection in the background.
CVE-2020-22819
MKCMS V6.2 has SQL injection via the /ucenter/active.php verify parameter.
CVE-2020-22820
MKCMS V6.2 has SQL injection via the /ucenter/repass.php name parameter.
CVE-2020-22818
USN-5713-1: Python vulnerability
Devin Jeanpierre discovered that Python incorrectly handled sockets when
the multiprocessing module was being used. A local attacker could possibly
use this issue to execute arbitrary code and escalate privileges.
USN-5712-1: SQLite vulnerability
It was discovered that SQLite did not properly handle large string
inputs in certain circumstances. An attacker could possibly use this
issue to cause a denial of service or arbitrary code execution.
USN-5711-2: NTFS-3G vulnerability
USN-5711-1 fixed a vulnerability in NTFS-3G. This update provides
the corresponding update for Ubuntu 14.04 ESM Ubuntu 16.04 ESM.
Original advisory details:
Yuchen Zeng and Eduardo Vela discovered that NTFS-3G incorrectly validated
certain NTFS metadata. A local attacker could possibly use this issue to
gain privileges.