{"vulnerability": "CVE-2021-4083", "sightings": [{"uuid": "62694e64-9d39-43d9-818f-b8e01823345b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40837", "type": "seen", "source": "https://t.me/cibsecurity/37058", "content": "\u203c CVE-2021-40837 \u203c\n\nA vulnerability affecting F-Secure antivirus engine before Capricorn update 2022-02-01_01 was discovered whereby decompression of ACE file causes the scanner service to stop. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-09T16:12:53.000000Z"}, {"uuid": "3943c2b0-836d-4c7c-8f85-a3f20380759b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40835", "type": "seen", "source": "https://t.me/cibsecurity/34135", "content": "\u203c CVE-2021-40835 \u203c\n\nAn URL Address bar spoofing vulnerability was discovered in Safe Browser for iOS. When user clicks on a specially crafted a malicious URL, if user does not carefully pay attention to url, user may be tricked to think content may be coming from a valid domain, while it comes from another. This is performed by using a very long username part of the url so that user cannot see the domain name. A remote attacker can leverage this to perform url address bar spoofing attack. The fix is, browser no longer shows the user name part in address bar.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-16T14:35:51.000000Z"}, {"uuid": "76c5d44f-dee9-4ed3-8c57-2813e43b695c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40831", "type": "seen", "source": "https://t.me/cibsecurity/32836", "content": "\u203c CVE-2021-40831 \u203c\n\nThe AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on macOS systems. Additionally, SNI validation is also not enabled when the CA has been \u00e2\u20ac\u0153overridden\u00e2\u20ac\ufffd. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system\u00e2\u20ac\u2122s default trust-store. Attackers with access to a host\u00e2\u20ac\u2122s trust stores or are able to compromise a certificate authority already in the host's trust store (note: the attacker must also be able to spoof DNS in this case) may be able to use this issue to bypass CA pinning. An attacker could then spoof the MQTT broker, and either drop traffic and/or respond with the attacker's data, but they would not be able to forward this data on to the MQTT broker because the attacker would still need the user's private keys to authenticate against the MQTT broker. The 'aws_tls_ctx_options_override_default_trust_store_*' function within the aws-c-io submodule has been updated to address this behavior. This issue affects: Amazon Web Services AWS IoT Device SDK v2 for Java versions prior to 1.5.0 on macOS. Amazon Web Services AWS IoT Device SDK v2 for Python versions prior to 1.7.0 on macOS. Amazon Web Services AWS IoT Device SDK v2 for C++ versions prior to 1.14.0 on macOS. Amazon Web Services AWS IoT Device SDK v2 for Node.js versions prior to 1.6.0 on macOS. Amazon Web Services AWS-C-IO 0.10.7 on macOS.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-23T02:20:18.000000Z"}, {"uuid": "46f4f675-ef9e-4a62-99c7-7d9fb12d03f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-4083", "type": "seen", "source": "https://t.me/cibsecurity/35728", "content": "\u203c CVE-2021-4083 \u203c\n\nA read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system. This flaw affects Linux kernel versions prior to 5.16-rc4.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-18T20:25:03.000000Z"}, {"uuid": "ff761a4b-1936-4b1f-a0e1-fce2f13a5e96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40836", "type": "seen", "source": "https://t.me/cibsecurity/34491", "content": "\u203c CVE-2021-40836 \u203c\n\nA vulnerability affecting F-Secure antivirus engine was discovered whereby scanning MS outlook .pst files can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine. Fixed in Capricorn update 2021-12-13_07.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-22T14:17:55.000000Z"}, {"uuid": "71912193-36a0-4502-8a67-1c6c85b15df6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-4083", "type": "seen", "source": "https://googleprojectzero.blogspot.com/2022/08/the-quantum-state-of-linux-kernel.html", "content": "", "creation_timestamp": "2022-08-10T23:00:00.000000Z"}, {"uuid": "f46d7db2-6981-4a83-ac74-c9fefe02d9cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40836", "type": "seen", "source": "https://t.me/avdno/1114", "content": "\u0412\u0441\u0435 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u044b \u0444\u0438\u043d\u0441\u043a\u043e\u0439 F-Secure \u0431\u044b\u043b\u0438 \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u044b DoS-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2021-40836. \u041f\u0440\u0438 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e .pst \u0444\u0430\u0439\u043b\u0430 \u0434\u0432\u0438\u0436\u043e\u043a F-Secure \u043a\u0440\u044d\u0448\u0438\u043b\u0441\u044f \u0438 \u043f\u0435\u0440\u0435\u0441\u0442\u0430\u0432\u0430\u043b \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0436\u043d\u043e \u0431\u044b\u043b\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e \u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e. \n\n\u041f\u0430\u0442\u0447 \u0443\u0436\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d: https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-40836", "creation_timestamp": "2024-02-27T17:35:20.000000Z"}, {"uuid": "8146e97a-3aea-48d3-a8ab-cfa5e1e73423", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40834", "type": "seen", "source": "https://t.me/cibsecurity/33734", "content": "\u203c CVE-2021-40834 \u203c\n\nA user interface overlay vulnerability was discovered in F-secure SAFE Browser for Android. When user click on a specially crafted seemingly legitimate URL SAFE browser goes into full screen and hides the user interface. A remote attacker can leverage this to perform spoofing attack.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-10T16:25:02.000000Z"}, {"uuid": "9bd82dba-e75a-414f-b07f-0c3ba7480b21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40833", "type": "seen", "source": "https://t.me/cibsecurity/33001", "content": "\u203c CVE-2021-40833 \u203c\n\nA vulnerability affecting F-Secure antivirus engine was discovered whereby unpacking UPX file can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-26T20:29:55.000000Z"}, {"uuid": "58f831ce-6df4-4a97-ad8d-e240b1c716f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40830", "type": "seen", "source": "https://t.me/cibsecurity/32832", "content": "\u203c CVE-2021-40830 \u203c\n\nThe AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system\u00e2\u20ac\u2122s default trust-store. Attackers with access to a host\u00e2\u20ac\u2122s trust stores or are able to compromise a certificate authority already in the host's trust store (note: the attacker must also be able to spoof DNS in this case) may be able to use this issue to bypass CA pinning. An attacker could then spoof the MQTT broker, and either drop traffic and/or respond with the attacker's data, but they would not be able to forward this data on to the MQTT broker because the attacker would still need the user's private keys to authenticate against the MQTT broker. The 'aws_tls_ctx_options_override_default_trust_store_*' function within the aws-c-io submodule has been updated to override the default trust store. This corrects this issue. This issue affects: Amazon Web Services AWS IoT Device SDK v2 for Java versions prior to 1.5.0 on Linux/Unix. Amazon Web Services AWS IoT Device SDK v2 for Python versions prior to 1.6.1 on Linux/Unix. Amazon Web Services AWS IoT Device SDK v2 for C++ versions prior to 1.12.7 on Linux/Unix. Amazon Web Services AWS IoT Device SDK v2 for Node.js versions prior to 1.5.3 on Linux/Unix. Amazon Web Services AWS-C-IO 0.10.4 on Linux/Unix.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-23T02:20:08.000000Z"}, {"uuid": "2183a1ab-a25e-48df-a4b0-a1f0b84691e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40832", "type": "seen", "source": "https://t.me/cibsecurity/30234", "content": "\u203c CVE-2021-40832 \u203c\n\nA Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVRDL unpacking module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-08T14:40:04.000000Z"}]}