{"vulnerability": "CVE-2021-2025", "sightings": [{"uuid": "cba816d3-4b78-4cb5-8c1c-e9bf8f017183", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-20257", "type": "seen", "source": "https://t.me/cibsecurity/39039", "content": "\u203c CVE-2021-20257 \u203c\n\nAn infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-16T17:20:44.000000Z"}, {"uuid": "9df12578-980f-47d3-b916-d76305e9d04e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-20253", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/2105", "content": "#exploit\n1. CVE-2023-26269:\nMisconfigured JMX in Apache James\nhttps://github.com/mbadanoiu/CVE-2023-26269\n\n2. CVE-2023-34468:\nRCE via DB Components in Apache NiFi\nhttps://github.com/mbadanoiu/CVE-2023-34468\n\n3. CVE-2021-20253:\nPrivilege Escalation via Job Isolation Escape in Ansible Tower\nhttps://github.com/mbadanoiu/CVE-2021-20253", "creation_timestamp": "2024-08-16T08:52:58.000000Z"}, {"uuid": "91a2850e-8adb-45b4-a350-65aacc1849b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-20253", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/2109", "content": "https://github.com/mbadanoiu/CVE-2021-20253\nPrivilege Escalation via Job Isolation Escape in Ansible Tower\n#github", "creation_timestamp": "2024-08-16T08:52:59.000000Z"}, {"uuid": "538db1ad-40be-4489-8922-e4b9f102dad1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2021-20255", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "255959dc-2745-4188-ba90-33df42247e2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-20253", "type": "published-proof-of-concept", "source": "https://t.me/WARLOCK_DARK_ARMY_OFFICIALS/3598", "content": "https://github.com/mbadanoiu/CVE-2021-20253\nPrivilege Escalation via Job Isolation Escape in Ansible Tower\n#github", "creation_timestamp": "2023-11-26T06:03:23.000000Z"}, {"uuid": "195c13ed-0cfe-4844-b90d-c86be106b66d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-20257", "type": "published-proof-of-concept", "source": "https://t.me/BABATATASASA/5977", "content": "|       CVE-2021-3569   2.1     https://vulners.com/cve/CVE-2021-3569\n|       CVE-2021-3527   2.1     https://vulners.com/cve/CVE-2021-3527                               |       CVE-2021-3446   2.1     https://vulners.com/cve/CVE-2021-3446                               |       CVE-2021-3416   2.1     https://vulners.com/cve/CVE-2021-3416                               |       CVE-2021-20320  2.1     https://vulners.com/cve/CVE-2021-20320\n|       CVE-2021-20297  2.1     https://vulners.com/cve/CVE-2021-20297                              |       CVE-2021-20257  2.1     https://vulners.com/cve/CVE-2021-20257                              |       CVE-2021-20239  2.1     https://vulners.com/cve/CVE-2021-20239                              |       CVE-2021-20221  2.1     https://vulners.com/cve/CVE-2021-20221\n|       CVE-2020-25743  2.1     https://vulners.com/cve/CVE-2020-25743\n|       CVE-2020-12458  2.1     https://vulners.com/cve/CVE-2020-12458\n|       CVE-2020-10756  2.1     https://vulners.com/cve/CVE-2020-10756\n|       CVE-2019-18391  2.1     https://vulners.com/cve/CVE-2019-18391\n|       CVE-2019-14826  2.1     https://vulners.com/cve/CVE-2019-14826\n|       CVE-2019-13313  2.1     https://vulners.com/cve/CVE-2019-13313                              |       CVE-2019-12067  2.1     https://vulners.com/cve/CVE-2019-12067                              |       CVE-2019-11884  2.1     https://vulners.com/cve/CVE-2019-11884                              |       CVE-2019-11833  2.1     https://vulners.com/cve/CVE-2019-11833                              |       CVE-2019-11135  2.1     https://vulners.com/cve/CVE-2019-11135                              |       CVE-2019-10183  2.1     https://vulners.com/cve/CVE-2019-10183                              |       CVE-2018-16878  2.1     https://vulners.com/cve/CVE-2018-16878                              |       CVE-2004-0554   2.1     https://vulners.com/cve/CVE-2004-0554                               |       1AC912AC-B7DA-5F88-B22A-12B17E5D1D5C    2.1       https://vulners.com/githubexploit/1AC912AC-B7DA-5F88-B22A-12B17E5D1D5C    *EXPLOIT*\n|       CVE-2023-1289   1.9     https://vulners.com/cve/CVE-2023-1289\n|       CVE-2022-25310  1.9     https://vulners.com/cve/CVE-2022-25310                              |       CVE-2022-25309  1.9     https://vulners.com/cve/CVE-2022-25309                              |       CVE-2021-4217   1.9     https://vulners.com/cve/CVE-2021-4217                               |       CVE-2021-3753   1.9     https://vulners.com/cve/CVE-2021-3753                               |       CVE-2021-3602   1.9     https://vulners.com/cve/CVE-2021-3602                               |       CVE-2020-25656  1.9     https://vulners.com/cve/CVE-2020-25656                              |       CVE-2019-2634   1.9     https://vulners.com/cve/CVE-2019-2634                               |       CVE-2019-2535   1.9     https://vulners.com/cve/CVE-2019-2535                               |       CVE-2019-18660  1.9     https://vulners.com/cve/CVE-2019-18660\n|       PRION:CVE-2023-22024    1.7     https://vulners.com/prion/PRION:CVE-2023-22024\n|       CVE-2023-3161   1.7     https://vulners.com/cve/CVE-2023-3161\n|       CVE-2023-28328  1.7     https://vulners.com/cve/CVE-2023-28328\n|       CVE-2023-28327  1.7     https://vulners.com/cve/CVE-2023-28327\n|       CVE-2023-2700   1.7     https://vulners.com/cve/CVE-2023-2700\n|       CVE-2023-2602   1.7     https://vulners.com/cve/CVE-2023-2602\n|       CVE-2023-1981   1.7     https://vulners.com/cve/CVE-2023-1981\n|       CVE-2023-1095   1.7     https://vulners.com/cve/CVE-2023-1095                               |       CVE-2022-2153   1.7     https://vulners.com/cve/CVE-2022-2153\n|       CVE-2022-1263   1.7     https://vulners.com/cve/CVE-2022-1263", "creation_timestamp": "2023-11-15T16:53:03.000000Z"}, {"uuid": "59ddecc0-9170-4bff-8eef-e1d8e6fc337e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-20251", "type": "seen", "source": "https://t.me/cibsecurity/59544", "content": "\u203c CVE-2021-20251 \u203c\n\nA flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being successful if special conditions are met.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-07T02:13:37.000000Z"}, {"uuid": "05cb2f72-db6a-4eaf-8847-ab9f100e2ff0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-20253", "type": "seen", "source": "https://t.me/cibsecurity/24625", "content": "\u203c CVE-2021-20253 \u203c\n\nA flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape allowing an attacker to elevate the privilege from a low privileged user to the awx user from outside the isolated environment. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-03-09T20:51:48.000000Z"}, {"uuid": "f932ab4d-b2dd-44da-b15a-5e5e9141872d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-20255", "type": "seen", "source": "https://t.me/cibsecurity/24652", "content": "\u203c CVE-2021-20255 \u203c\n\nA stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-03-09T22:52:01.000000Z"}, {"uuid": "0efbfed3-5441-4e0c-9ba5-07cde2d303f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-20252", "type": "seen", "source": "https://t.me/cibsecurity/24050", "content": "\u203c CVE-2021-20252 \u203c\n\nA flaw was found in Red Hat 3scale API Management Platform 2. The 3scale backend does not perform preventive handling on user-requested date ranges in certain queries allowing a malicious authenticated user to submit a request with a sufficiently large date range to eventually yield an internal server error resulting in denial of service. The highest threat from this vulnerability is to system availability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-24T02:35:33.000000Z"}, {"uuid": "4d7db257-e8a1-4c31-9a52-0c64e4894544", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-20256", "type": "seen", "source": "https://t.me/cibsecurity/24047", "content": "\u203c CVE-2021-20256 \u203c\n\nA flaw was found in Red Hat Satellite. The BMC interface exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-24T02:35:27.000000Z"}, {"uuid": "27d61a62-ce1d-40de-bd10-88806c1ea179", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-2025", "type": "seen", "source": "https://t.me/cibsecurity/22413", "content": "\u203c CVE-2021-2025 \u203c\n\nVulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-20T18:40:51.000000Z"}, {"uuid": "a984f504-446d-460c-853d-162d1a0eed59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-20253", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/1584", "content": "https://github.com/mbadanoiu/CVE-2021-20253\nPrivilege Escalation via Job Isolation Escape in Ansible Tower\n#github", "creation_timestamp": "2023-11-26T06:00:26.000000Z"}, {"uuid": "c3e30d1c-a20d-4310-8528-cddc93ef64bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-20253", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9465", "content": "#exploit\n1. CVE-2023-26269:\nMisconfigured JMX in Apache James\nhttps://github.com/mbadanoiu/CVE-2023-26269\n\n2. CVE-2023-34468:\nRCE via DB Components in Apache NiFi\nhttps://github.com/mbadanoiu/CVE-2023-34468\n\n3. CVE-2021-20253:\nPrivilege Escalation via Job Isolation Escape in Ansible Tower\nhttps://github.com/mbadanoiu/CVE-2021-20253", "creation_timestamp": "2023-11-26T12:45:59.000000Z"}]}