{"vulnerability": "CVE-2021-2189", "sightings": [{"uuid": "084ded6c-215e-48c7-88ef-d8dbedbec1f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-21895", "type": "seen", "source": "https://t.me/cibsecurity/34541", "content": "\u203c CVE-2021-21895 \u203c\n\nA directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to FsTFtp file overwrite. An attacker can make an authenticated HTTP request to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-22T22:23:44.000000Z"}, {"uuid": "e9d3c240-01d5-49e3-b78c-ccbaf456124e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-21899", "type": "seen", "source": "https://t.me/cibsecurity/32733", "content": "\u203c CVE-2021-21899 \u203c\n\nA code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-19T22:17:04.000000Z"}, {"uuid": "e0726eb6-d7a0-4266-9cd8-448626a43e51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-21898", "type": "seen", "source": "https://t.me/cibsecurity/32729", "content": "\u203c CVE-2021-21898 \u203c\n\nA code execution vulnerability exists in the dwgCompressor::decompress18() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-19T22:17:00.000000Z"}, {"uuid": "5b33e064-1b39-425e-90a6-1622c2b6ee47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-21892", "type": "seen", "source": "https://t.me/cibsecurity/34532", "content": "\u203c CVE-2021-21892 \u203c\n\nA stack-based buffer overflow vulnerability exists in the Web Manager FsUnmount functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-22T22:23:29.000000Z"}, {"uuid": "a44c277c-49d9-4451-b91d-19f029dc48b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-21897", "type": "seen", "source": "https://t.me/cibsecurity/28510", "content": "\u203c CVE-2021-21897 \u203c\n\nA code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0. A specially-crafted .dxf file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-08T20:45:40.000000Z"}, {"uuid": "cffcc92e-1c5e-49ce-8c4a-aa217d3bfa34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-21893", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/3935", "content": "#Threat_Research\n1. UaF vulnerabilities in Foxit PDF Reader (CVE-2021-21831, CVE-2021-21870, CVE-2021-21893)\nhttps://blog.talosintelligence.com/2021/07/vulnerability-spotlight-use-after-free.html\n2. Sunhillo SureLine Unauthenticated OS Command Injection (PoC for CVE-2021-36380)\nhttps://research.nccgroup.com/2021/07/26/technical-advisory-sunhillo-sureline-unauthenticated-os-command-injection-cve-2021-36380", "creation_timestamp": "2024-02-03T18:24:47.000000Z"}]}