{"vulnerability": "CVE-2021-4138", "sightings": [{"uuid": "a09c75c7-5ab6-4191-8307-39bf9a8feb5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-41383", "type": "seen", "source": "https://t.me/cibsecurity/29073", "content": "\u203c CVE-2021-41383 \u203c\n\nsetup.cgi on NETGEAR R6020 1.0.0.48 devices allows an admin to execute arbitrary shell commands via shell metacharacters in the ntp_server field.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-18T00:23:25.000000Z"}, {"uuid": "32d03aa2-8013-4c6e-93b8-fd591161fccb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-41380", "type": "seen", "source": "https://t.me/cibsecurity/29072", "content": "\u203c CVE-2021-41380 \u203c\n\nRealVNC Viewer 6.21.406 allows remote VNC servers to cause a denial of service (application crash) via crafted RFB protocol data.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-18T00:23:24.000000Z"}, {"uuid": "6addf796-3c43-4479-9723-a873759f3f20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-41385", "type": "seen", "source": "https://t.me/cibsecurity/29432", "content": "\u203c CVE-2021-41385 \u203c\n\nThe third party intelligence connector in Securonix SNYPR 6.3.1 Build 184295_0302 allows an authenticated user to obtain access to server configuration details via SSRF.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-27T12:34:33.000000Z"}, {"uuid": "2d116eb5-57bd-4616-8d18-eb93d15253b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-41388", "type": "seen", "source": "https://t.me/cibsecurity/34968", "content": "\u203c CVE-2021-41388 \u203c\n\nNetskope client prior to 89.x on macOS is impacted by a local privilege escalation vulnerability. The XPC implementation of nsAuxiliarySvc process does not perform validation on new connections before accepting the connection. Thus any low privileged user can connect and call external methods defined in XPC service as root, elevating their privilege to the highest level.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-05T00:39:28.000000Z"}, {"uuid": "78c0ff67-417e-4bc2-815a-a9cfa19e12da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-41387", "type": "seen", "source": "https://t.me/cibsecurity/29078", "content": "\u203c CVE-2021-41387 \u203c\n\nseatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation because it uses execlp and may be installed setuid root.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-18T00:23:32.000000Z"}, {"uuid": "91d73379-fa2d-402d-be53-a42bba5f6a02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-41381", "type": "seen", "source": "https://t.me/cibsecurity/29310", "content": "\u203c CVE-2021-41381 \u203c\n\nPayara Micro Community 5.2021.6 and below allows Directory Traversal.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-23T18:29:29.000000Z"}, {"uuid": "e46283b0-34cb-4039-a5e8-c430c0c1b676", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-41382", "type": "seen", "source": "https://t.me/cibsecurity/29209", "content": "\u203c CVE-2021-41382 \u203c\n\nPlastic SCM before 10.0.16.5622 mishandles the WebAdmin server management interface.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-22T07:28:26.000000Z"}, {"uuid": "d6bb444b-d8e5-4aee-b968-9d5c9dfbdfee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-4138", "type": "seen", "source": "https://t.me/cibsecurity/41779", "content": "\u203c CVE-2021-4138 \u203c\n\nImproved Host header checks to reject requests not sent to a well-known local hostname or IP, or the server-specified hostname.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-03T19:07:25.000000Z"}]}