CVE-2021-35268
In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode is loaded in the function ntfs_inode_real_open, a heap buffer overflow
CVSS
7.8
Alto
EPSS
0.5%
p38
KEV
—
Exploit Today
11
0-100
Publicado: 7 sept 2021 · Última mod.: 9 jul 2026 · CWE-787 · CWE-20
0.4%EPSS · 30 días0.5%
2026-06-302026-07-17
In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode is loaded in the function ntfs_inode_real_open, a heap buffer overflow can occur allowing for code execution and escalation of privileges.
- www.openwall.comhttp://www.openwall.com/lists/oss-security/2021/08/30/1
- github.comhttps://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
- lists.debian.orghttps://lists.debian.org/debian-lts-announce/2021/11/msg00013.html
- lists.fedoraproject.orghttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/766ISTT3KCARKFUIQT7N6WV6T63XOKG3/
- lists.fedoraproject.orghttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HSEKTKHO5HFZHWZNJNBJZA56472KRUZI/
- security.gentoo.orghttps://security.gentoo.org/glsa/202301-01
- www.debian.orghttps://www.debian.org/security/2021/dsa-4971
- www.openwall.comhttp://www.openwall.com/lists/oss-security/2021/08/30/1
- github.comhttps://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
- lists.debian.orghttps://lists.debian.org/debian-lts-announce/2021/11/msg00013.html
- lists.fedoraproject.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/766ISTT3KCARKFUIQT7N6WV6T63XOKG3/
- lists.fedoraproject.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSEKTKHO5HFZHWZNJNBJZA56472KRUZI/
- security.gentoo.orghttps://security.gentoo.org/glsa/202301-01
- www.debian.orghttps://www.debian.org/security/2021/dsa-4971
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2026-341978.8 ALT99.9%
KEV—80Apache ActiveMQ Improper Input Validation Vulnerability4dCVE-2026-125699.8 CRÍ66.0%
KEV—70PTC Windchill and FlexPLM Improper Input Validation Vulnerability18dCVE-2026-435007.8 ALT99.8%
——30In the Linux kernel, the following vulnerability has been resolved:
rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
The DATA-packet handler in rxrpc_input_call_event() and the RESPONSE
handler in rxrpc_verify_response() copy the skb to a linear one before
calling into the security ops only when skb_cloned() is true. An skb
that is not cloned but still carries externally-owned paged fragments
(e.g. SKBFL_SHARED_FRAG set by splice() into a UDP socket via
__ip_append_data, or a chained skb_has_frag_list()) falls through to
the in-place decryption path, which binds the frag pages directly into
the AEAD/skcipher SGL via skb_to_sgvec().
Extend the gate to also unshare when skb_has_frag_list() or
skb_has_shared_frag() is true. This catches the splice-loopback vector
and other externally-shared frag sources while preserving the
zero-copy fast path for skbs whose frags are kernel-private (e.g. NIC
page_pool RX, GRO). The OOM/trace handling already in place is reused.4dCVE-2018-250327.5 ALT98.8%
——30zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.4dCVE-2025-154678.8 ALT98.7%
——30Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with
maliciously crafted AEAD parameters can trigger a stack buffer overflow.
Impact summary: A stack buffer overflow may lead to a crash, causing Denial
of Service, or potentially remote code execution.
When parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as
AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is
copied into a fixed-size stack buffer without verifying that its length fits
the destination. An attacker can supply a crafted CMS message with an
oversized IV, causing a stack-based out-of-bounds write before any
authentication or tag verification occurs.
Applications and services that parse untrusted CMS or PKCS#7 content using
AEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.
Because the overflow occurs prior to authentication, no valid key material
is required to trigger it. While exploitability to remote code execution
depends on platform and toolchain mitigations, the stack-based write
primitive represents a severe risk.
The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this
issue, as the CMS implementation is outside the OpenSSL FIPS module
boundary.
OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.
OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.4dCVE-2025-607877.2 ALT97.0%
——29MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name. Unsanitized user input is written to Motion configuration files, allowing remote authenticated attackers with admin access to achieve code execution when Motion is restarted.14d