{"vulnerability": "CVE-2021-3859", "sightings": [{"uuid": "23e67827-d96b-466f-8f2d-531c20dc814e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38598", "type": "seen", "source": "https://t.me/cibsecurity/27673", "content": "\u203c CVE-2021-38598 \u203c\n\nOpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the linuxbridge driver with ebtables-nft is used on a Netfilter-based platform. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the hardware addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-23T12:22:42.000000Z"}, {"uuid": "6d1987d2-7d71-4715-ba94-dac1a14a9e6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38593", "type": "seen", "source": "https://t.me/cibsecurity/27210", "content": "\u203c CVE-2021-38593 \u203c\n\nQt 5.0.0 through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-12T07:39:14.000000Z"}, {"uuid": "c4b94454-4fb5-498f-9e38-4fa7d5accc98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38597", "type": "seen", "source": "https://t.me/cibsecurity/27233", "content": "\u203c CVE-2021-38597 \u203c\n\nwolfSSL before 4.8.1 incorrectly skips OCSP verification in certain situations of irrelevant response data that contains the NoCheck extension.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-12T18:39:58.000000Z"}, {"uuid": "bb264c98-0f23-4544-9875-4221c7f70772", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38591", "type": "seen", "source": "https://t.me/cibsecurity/27209", "content": "\u203c CVE-2021-38591 \u203c\n\nAn issue was discovered on LG mobile devices with Android OS P and Q software for mt6762/mt6765/mt6883. Attackers can change some of the NvRAM content by leveraging the misconfiguration of a debug command. The LG ID is LVE-SMP-210005 (August 2021).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-12T07:39:13.000000Z"}, {"uuid": "8b33ade2-e3a6-4dfc-bbcd-8c26e10e67bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-3859", "type": "seen", "source": "https://t.me/arpsyndicate/3142", "content": "#ExploitObserverAlert\n\nCVE-2021-3859\n\nDESCRIPTION: Exploit Observer has 8 entries in 4 file formats related to CVE-2021-3859. A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.\n\nFIRST-EPSS: 0.003750000\nNVD-IS: 3.6\nNVD-ES: 3.9", "creation_timestamp": "2024-01-28T01:00:15.000000Z"}, {"uuid": "e14c05fb-448c-49a7-827c-d9234ed336d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-3859", "type": "seen", "source": "https://t.me/cibsecurity/48888", "content": "\u203c CVE-2021-3859 \u203c\n\nA flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-26T20:30:13.000000Z"}, {"uuid": "eec1e3a3-6928-4a16-909e-319751e00ae7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38592", "type": "seen", "source": "https://t.me/cibsecurity/27208", "content": "\u203c CVE-2021-38592 \u203c\n\nWasm3 0.5.0 has a heap-based buffer overflow in op_Const64 (called from EvaluateExpression and m3_LoadModule).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-12T07:39:12.000000Z"}, {"uuid": "a8782345-12a5-4b31-a329-952c9cda9181", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38599", "type": "seen", "source": "https://t.me/cibsecurity/27246", "content": "\u203c CVE-2021-38599 \u203c\n\nWAL-G before 1.1, when a non-libsodium build (e.g., one of the official binary releases published as GitHub Releases) is used, silently ignores the libsodium encryption key and uploads cleartext backups. This is arguably a Principle of Least Surprise violation because \"the user likely wanted to encrypt all file activity.\"\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-12T20:39:04.000000Z"}]}