{"vulnerability": "cve-2021-3060", "sightings": [{"uuid": "6d186e8a-feaa-4b6c-9857-c9810af2c15b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-30603", "type": "seen", "source": "https://t.me/cibsecurity/27922", "content": "\u203c CVE-2021-30603 \u203c\n\nData race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-26T22:27:51.000000Z"}, {"uuid": "2c1f651e-1592-4b9a-9d22-06d3a3c8e792", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-30602", "type": "seen", "source": "https://t.me/cibsecurity/27919", "content": "\u203c CVE-2021-30602 \u203c\n\nUse after free in WebRTC in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to visit a malicious website to potentially exploit heap corruption via a crafted HTML page.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-26T22:27:45.000000Z"}, {"uuid": "c9824696-4317-405a-921f-1e8cb481a91b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-30601", "type": "seen", "source": "https://t.me/cibsecurity/27915", "content": "\u203c CVE-2021-30601 \u203c\n\nUse after free in Extensions API in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-26T22:27:37.000000Z"}, {"uuid": "70af47f5-51d9-4dc1-bb0d-54522a18ed23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-30602", "type": "seen", "source": "https://t.me/BlueRedTeam/1190", "content": "#exploit\n\nCVE-2021-30602:\nGoogle Chrome WebRTC addIceCandidate UaF vulnerability\nhttps://talosintelligence.com/vulnerability_reports/TALOS-2021-1348\n\n@BlueRedTeam", "creation_timestamp": "2021-11-18T04:33:52.000000Z"}, {"uuid": "34063e6f-6290-418a-a869-82723e15dc39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-3060", "type": "seen", "source": "https://t.me/cibsecurity/32199", "content": "\u203c CVE-2021-3060 \u203c\n\nAn OS command injection vulnerability in the Simple Certificate Enrollment Protocol (SCEP) feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the firewall configuration to execute arbitrary code with root user privileges. The attacker must have network access to the GlobalProtect interfaces to exploit this issue. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 10.1 versions earlier than PAN-OS 10.1.3. Prisma Access customers with Prisma Access 2.1 Preferred and Prisma Access 2.1 Innovation firewalls are impacted by this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-10T20:36:52.000000Z"}, {"uuid": "b9a5f9b7-9992-4448-94a7-d7b61cc894e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-30604", "type": "seen", "source": "https://t.me/cibsecurity/27925", "content": "\u203c CVE-2021-30604 \u203c\n\nUse after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-26T22:27:56.000000Z"}, {"uuid": "17ba4899-9ee4-491a-a2a8-5ca8a4fe2c3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-30605", "type": "seen", "source": "https://t.me/cibsecurity/28540", "content": "\u203c CVE-2021-30605 \u203c\n\nInappropriate implementation in the ChromeOS Readiness Tool installer on Windows prior to 1.0.2.0 loosens DCOM access rights on two objects allowing an attacker to potentially bypass discretionary access controls.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-09T00:28:59.000000Z"}, {"uuid": "d468c565-5788-47a5-af32-b68c4878549f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-30602", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/4780", "content": "#exploit\nCVE-2021-30602:\nGoogle Chrome WebRTC addIceCandidate UaF vulnerability\nhttps://talosintelligence.com/vulnerability_reports/TALOS-2021-1348", "creation_timestamp": "2021-11-18T11:00:28.000000Z"}]}