{"vulnerability": "CVE-2021-3653", "sightings": [{"uuid": "62786b93-8654-41e3-aff2-8a7981f0deac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-36538", "type": "seen", "source": "https://t.me/cibsecurity/57495", "content": "\u203c CVE-2021-36538 \u203c\n\nCross Site Scripting (XSS) vulnerability in Gurock TestRail before 7.1.2 allows remote authenticated attackers to run arbitrary code via the reference field in milestones or description fields in reports.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-03T20:25:48.000000Z"}, {"uuid": "235c7630-a8c2-4ecb-8034-ebbd856d3459", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-36535", "type": "seen", "source": "https://t.me/cibsecurity/57481", "content": "\u203c CVE-2021-36535 \u203c\n\nBuffer Overflow vulnerability in Cesanta mJS 1.26 allows remote attackers to cause a denial of service via crafted .js file to mjs_set_errorf.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-03T20:21:01.000000Z"}, {"uuid": "5016f9bd-d649-42ca-8851-805f24ef74b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-36532", "type": "seen", "source": "https://t.me/cibsecurity/57473", "content": "\u203c CVE-2021-36532 \u203c\n\nRace condition vulnerability discovered in portfolioCMS 1.0 allows remote attackers to run arbitrary code via fileExt parameter to localhost/admin/uploads.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-03T20:20:49.000000Z"}, {"uuid": "05f47f5d-6d1a-4723-bcc7-428a64953878", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-36538", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8878", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-36538\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Cross Site Scripting (XSS) vulnerability in Gurock TestRail before 7.1.2 allows remote authenticated attackers to run arbitrary code via the reference field in milestones or description fields in reports.\n\ud83d\udccf Published: 2023-02-03T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-26T16:20:39.444Z\n\ud83d\udd17 References:\n1. https://gist.github.com/miglen/b09498b4b9fe1be58973bd474af125ab", "creation_timestamp": "2025-03-26T16:25:08.000000Z"}, {"uuid": "6d3fdeac-68bd-4367-9d2d-8ce4d53740e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-36535", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8912", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-36535\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Buffer Overflow vulnerability in Cesanta mJS 1.26 allows remote attackers to cause a denial of service via crafted .js file to mjs_set_errorf.\n\ud83d\udccf Published: 2023-02-03T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-26T16:21:34.580Z\n\ud83d\udd17 References:\n1. https://github.com/cesanta/mjs/issues/175", "creation_timestamp": "2025-03-26T17:25:42.000000Z"}, {"uuid": "c79c4422-2a6f-4d60-b7c4-269abee18115", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-36531", "type": "seen", "source": "https://t.me/cibsecurity/27953", "content": "\u203c CVE-2021-36531 \u203c\n\nngiflib 0.4 has a heap overflow in GetByte() at ngiflib.c:70 in NGIFLIB_NO_FILE mode, GetByte() reads memory buffer without checking the boundary.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-27T20:28:15.000000Z"}, {"uuid": "0062b93f-da35-4e92-b6e6-823470afaca7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-36530", "type": "seen", "source": "https://t.me/cibsecurity/27952", "content": "\u203c CVE-2021-36530 \u203c\n\nngiflib 0.4 has a heap overflow in GetByteStr() at ngiflib.c:108 in NGIFLIB_NO_FILE mode, GetByteStr() copy memory buffer without checking the boundary.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-27T20:28:14.000000Z"}, {"uuid": "639ddcef-c9dd-47b7-8596-335ea99dfb48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-3653", "type": "seen", "source": "https://t.me/cibsecurity/29689", "content": "\u203c CVE-2021-3653 \u203c\n\nA flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the \"int_ctl\" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. This flaw affects Linux kernel versions prior to 5.14-rc7.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-30T00:37:16.000000Z"}]}