{"vulnerability": "CVE-2021-4052", "sightings": [{"uuid": "e1f6b8ae-e032-4bec-805d-f73ab5964b4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40524", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3m2mzlel7dr27", "content": "", "creation_timestamp": "2025-10-07T21:02:43.534103Z"}, {"uuid": "020b200b-6ab1-4f2b-bf7a-72175ccdc57f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40520", "type": "seen", "source": "https://t.me/cibsecurity/32185", "content": "\u203c CVE-2021-40520 \u203c\n\nAirangel HSMX Gateway devices through 5.2.04 have Weak SSH Credentials.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-10T20:36:34.000000Z"}, {"uuid": "1eab5c3c-7b0f-4db4-aa05-7adb980d4aae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40521", "type": "seen", "source": "https://t.me/cibsecurity/32174", "content": "\u203c CVE-2021-40521 \u203c\n\nAirangel HSMX Gateway devices through 5.2.04 allow Remote Code Execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-10T18:36:52.000000Z"}, {"uuid": "b4633a8f-cb15-4c3c-a36d-54781b7fa9d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40524", "type": "seen", "source": "https://t.me/cibsecurity/28268", "content": "\u203c CVE-2021-40524 \u203c\n\nIn Pure-FTPd 1.0.49, an incorrect max_filesize quota mechanism in the server allows attackers to upload files of unbounded size, which may lead to denial of service or a server hang. This occurs because a certain greater-than-zero test does not anticipate an initial -1 value.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-05T22:39:46.000000Z"}, {"uuid": "9912c44b-ea40-44b0-828e-83892bd146aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40525", "type": "seen", "source": "https://t.me/cibsecurity/36971", "content": "\u203c CVE-2022-22931 \u203c\n\nFix of CVE-2021-40525 do not prepend delimiters upon valid directory validations. Affected implementations include: - maildir mailbox store - Sieve file repository This enables a user to access other users data stores (limited to user names being prefixed by the value of the username being used).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-07T22:35:25.000000Z"}, {"uuid": "e932fc6d-8b11-4cdb-b384-d88af81fa58e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40523", "type": "seen", "source": "https://t.me/cibsecurity/28270", "content": "\u203c CVE-2021-40523 \u203c\n\nIn Contiki 3.0, Telnet option negotiation is mishandled. During negotiation between a server and a client, the server may fail to give the WILL/WONT or DO/DONT response for DO and WILL commands because of improper handling of exception condition, which leads to property violations and denial of service. Specifically, a server sometimes sends no response, because a fixed buffer space is available for all responses and that space may have been exhausted.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-05T22:39:48.000000Z"}, {"uuid": "c0c2be8b-1acd-4209-a868-fcd9727f0fd3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-4052", "type": "seen", "source": "https://t.me/true_secator/2418", "content": "Google \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f Chrome, \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u0432 \u0432 \u043e\u0431\u0449\u0435\u0439 \u0441\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u0438 20 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439. \u041f\u0440\u0438 \u044d\u0442\u043e\u043c 16 \u0438\u0437 \u043d\u0438\u0445 \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0438\u043c\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u0430\u043c\u0438 \u043f\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0435 \u0432\u043e\u0437\u043d\u0430\u0433\u0440\u0430\u0436\u0434\u0435\u043d\u0438\u0439.\n \n\u0418\u0437 16 \u043e\u0448\u0438\u0431\u043e\u043a 15 \u0438\u043c\u0435\u044e\u0442 \u0432\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438, \u043f\u043e\u0447\u0442\u0438 \u0432\u0441\u0435 \u043e\u043d\u0438 \u044f\u0432\u0438\u043b\u0438\u0441\u044c \u0441\u0432\u043e\u0435\u0433\u043e \u0440\u043e\u0434\u0430 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u043e\u043c \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u0440\u0443\u0433\u0438\u0445 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432 \u0432 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430\u0445 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430.\n \n\u041d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0430\u044f \u0438\u0437 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u043a\u0430\u0441\u0430\u0435\u0442\u0441\u044f \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 \u0432\u0435\u0431-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439. CVE-2021-4052 \u0440\u0430\u0441\u043a\u0440\u044b\u043b \u0412\u044d\u0439 \u042e\u0430\u043d\u044c \u0438\u0437 MoyunSec VLab, \u0437\u0430\u0440\u0430\u0431\u043e\u0442\u0430\u0432 15 000 \u0434\u043e\u043b\u043b\u0430\u0440\u043e\u0432. \u0421\u043b\u0435\u0434\u0443\u044e\u0449\u0430\u044f CVE-2021-4053 \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0433\u043e \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 Chrome \u043f\u0440\u0438\u043d\u0435\u0441\u043b\u0430 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044e 10 000. \u0410 5000 \u0438 1000 \u0434\u043e\u043b\u043b\u0430\u0440\u043e\u0432 \u043f\u043e bug bounty \u0431\u044b\u043b\u0438 \u0432\u044b\u043f\u043b\u0430\u0447\u0435\u043d\u044b \u0437\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0435 CVE-2021-4054 \u0438 CVE-2021-4055, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0445 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u044f\u0445 \u0438 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u0430\u0432\u0442\u043e\u0437\u0430\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f.\n \n\u041e\u0441\u0442\u0430\u043b\u044c\u043d\u044b\u0435 \u043d\u0430\u0433\u0440\u0430\u0434\u044b \u043d\u0435 \u0440\u0430\u0441\u043a\u0440\u044b\u0432\u0430\u044e\u0442\u0441\u044f, \u043d\u043e \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e, \u0447\u0442\u043e \u0432\u043e\u0437\u043d\u0430\u0433\u0440\u0430\u0436\u0434\u0435\u043d\u0438\u044f \u0443\u0448\u043b\u0438 \u0437\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u0435 5 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u043c\u0438 \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430\u0445: API, \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430, \u0437\u0430\u0445\u0432\u0430\u0442 \u044d\u043a\u0440\u0430\u043d\u0430, \u0430\u0432\u0442\u043e\u0437\u0430\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0438 \u043e\u043a\u043e\u043d\u043d\u044b\u0439 \u043c\u0435\u043d\u0435\u0434\u0436\u0435\u0440. \u0414\u0440\u0443\u0433\u0438\u0435 \u0431\u0430\u0433\u0438 \u0442\u0430\u043a\u0436\u0435 \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0442 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430 \u043a\u0443\u0447\u0438 (\u0432 ANGLE \u0438 BFCache), \u043f\u0443\u0442\u0430\u043d\u0438\u0446\u0443 \u0442\u0438\u043f\u043e\u0432 (\u0432 \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a\u0435 \u0438 V8), \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0443\u044e \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u0434\u0430\u043d\u043d\u044b\u0445 \u0432 \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a\u0435 \u0438 \u0446\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u043e\u0435 \u043e\u043f\u0443\u0441\u0442\u043e\u0448\u0435\u043d\u0438\u0435 \u0432 ANGLE.\n \nGoogle \u0442\u0430\u043a\u0436\u0435 \u0440\u0435\u0448\u0438\u043b \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u043d\u0438\u0437\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 CVE-2021-4068, \u043e\u043f\u0438\u0441\u0430\u043d\u043d\u0443\u044e \u043a\u0430\u043a \u00ab\u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u043d\u0435\u043d\u0430\u0434\u0435\u0436\u043d\u043e\u0433\u043e \u0432\u0432\u043e\u0434\u0430 \u043d\u0430 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0435 \u043d\u043e\u0432\u043e\u0439 \u0432\u043a\u043b\u0430\u0434\u043a\u0438\u00bb, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u0440\u0438\u043d\u0435\u0441\u043b\u0430 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044e (\u043f\u0443\u0441\u0442\u044c \u0434\u0430\u0436\u0435 \u0441\u0438\u043c\u0432\u043e\u043b\u0438\u0447\u0435\u0441\u043a\u043e\u0435, \u043d\u043e) \u0432\u043e\u0437\u043d\u0430\u0433\u0440\u0430\u0436\u0434\u0435\u043d\u0438\u0435 \u0432 \u0440\u0430\u0437\u043c\u0435\u0440\u0435 500 \u0437\u0435\u043b\u0435\u043d\u044b\u0445 \u0441\u0432\u043e\u0435\u043c\u0443 \u0430\u0432\u0442\u043e\u0440\u0443.\n \n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u0430\u044f \u0432\u0435\u0440\u0441\u0438\u044f Chrome 96.0.4664.93 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u0430 \u0434\u043b\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u041e\u0421 Windows, Mac \u0438 Linux, \u0438 \u0436\u0434\u0435\u0442 \u0432\u0430\u0448\u0438\u0445 \u043a\u043b\u0438\u043a\u043e\u0432.", "creation_timestamp": "2021-12-08T07:35:16.000000Z"}, {"uuid": "153ef367-21b1-4742-bd97-f0f08f12b0f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40527", "type": "seen", "source": "https://t.me/cibsecurity/31109", "content": "\u203c CVE-2021-40527 \u203c\n\nExposure of senstive information to an unauthorised actor in the \"com.onepeloton.erlich\" mobile application up to and including version 1.7.22 allows a remote attacker to access developer files stored in an AWS S3 bucket, by reading credentials stored in plain text within the mobile application.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-25T14:13:28.000000Z"}, {"uuid": "bd629ff4-2937-46fa-b949-ff31c059192b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40526", "type": "seen", "source": "https://t.me/cibsecurity/31110", "content": "\u203c CVE-2021-40526 \u203c\n\nIncorrect calculation of buffer size vulnerability in Peleton TTR01 up to and including PTV55G allows a remote attacker to trigger a Denial of Service attack through the GymKit daemon process by exploiting a heap overflow in the network server handling the Apple GymKit communication. This can lead to an Apple MFI device not being able to authenticate with the Peleton Bike\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-25T14:13:29.000000Z"}]}