{"vulnerability": "cve-2021-3680", "sightings": [{"uuid": "81292ddb-5a1d-47ad-b313-e691c261aa33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-36809", "type": "seen", "source": "https://t.me/cibsecurity/38523", "content": "\u203c CVE-2021-36809 \u203c\n\nA local attacker can overwrite arbitrary files on the system with VPN client logs using administrator privileges, potentially resulting in a denial of service and data loss, in all versions of Sophos SSL VPN client.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-08T02:40:14.000000Z"}, {"uuid": "201a1819-7348-46a5-8402-0cc1fbfcf514", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-36807", "type": "seen", "source": "https://t.me/cibsecurity/32994", "content": "\u203c CVE-2021-36807 \u203c\n\nAn authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.708 MR8.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-26T18:29:42.000000Z"}, {"uuid": "d93f0ee4-6020-4951-8378-88689450f509", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-36804", "type": "seen", "source": "https://t.me/cibsecurity/26872", "content": "\u203c CVE-2021-36804 \u203c\n\nAkaunting version 2.1.12 and earlier suffers from a password reset spoofing vulnerability, wherein an attacker can proxy password reset requests through a running Akaunting instance, if that attacker knows the target's e-mail address. This issue was fixed in version 2.1.13 of the product. Please note that this issue is ultimately caused by the defaults provided by the Laravel framework, specifically how proxy headers are handled with respect to multi-tenant implementations. In other words, while this is not technically a vulnerability in Laravel, this default configuration is very likely to lead to practically identical identical vulnerabilities in Laravel projects that implement multi-tenant applications.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-05T03:23:19.000000Z"}, {"uuid": "9fe27a85-b001-42f1-b122-36cfeb4e5cbc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-36805", "type": "seen", "source": "https://t.me/cibsecurity/26873", "content": "\u203c CVE-2021-36805 \u203c\n\nAkaunting version 2.1.12 and earlier suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in the sales invoice processing component of the application. This issue was fixed in version 2.1.13 of the product.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-05T03:23:20.000000Z"}, {"uuid": "f15d56f9-4563-4327-aebe-360d9291a435", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-3680", "type": "seen", "source": "https://t.me/cibsecurity/26796", "content": "\u203c CVE-2021-3680 \u203c\n\nshowdoc is vulnerable to Missing Cryptographic Step\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-04T16:31:18.000000Z"}, {"uuid": "8489785d-6e3e-42c7-b86c-e48f7d84e475", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-36800", "type": "seen", "source": "https://t.me/cibsecurity/26866", "content": "\u203c CVE-2021-36800 \u203c\n\nAkaunting version 2.1.12 and earlier suffers from a code injection issue in the Money.php component of the application. A POST sent to /{company_id}/sales/invoices/{invoice_id} with an items[0][price] that includes a PHP callable function is executed directly. This issue was fixed in version 2.1.13 of the product.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-05T03:23:12.000000Z"}, {"uuid": "1892e03c-a886-4228-8024-f30677478f6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-36801", "type": "seen", "source": "https://t.me/cibsecurity/26868", "content": "\u203c CVE-2021-36801 \u203c\n\nAkaunting version 2.1.12 and earlier suffers from an authentication bypass issue in the user-controllable field, companies[0]. This issue was fixed in version 2.1.13 of the product.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-05T03:23:14.000000Z"}, {"uuid": "cd48cec5-faa6-421d-93c9-96ff145b5dd2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-36803", "type": "seen", "source": "https://t.me/cibsecurity/26867", "content": "\u203c CVE-2021-36803 \u203c\n\nAkaunting version 2.1.12 and earlier suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in processing user-supplied avatar images. This issue was fixed in version 2.1.13 of the product.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-05T03:23:13.000000Z"}, {"uuid": "9058a089-d551-481e-9074-6dab3a7089cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-36802", "type": "seen", "source": "https://t.me/cibsecurity/26870", "content": "\u203c CVE-2021-36802 \u203c\n\nAkaunting version 2.1.12 and earlier suffers from a denial-of-service issue that is triggered by setting a malformed 'locale' variable and sending it in an otherwise normal HTTP POST request. This issue was fixed in version 2.1.13 of the product.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-05T03:23:16.000000Z"}, {"uuid": "f6eb2fee-ed4c-4e56-9e00-f4dc5aec2e53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-36808", "type": "seen", "source": "https://t.me/cibsecurity/31493", "content": "\u203c CVE-2021-36808 \u203c\n\nA local attacker could bypass the app password using a race condition in Sophos Secure Workspace for Android before version 9.7.3115.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-30T16:19:43.000000Z"}, {"uuid": "07fb8e0a-e2b9-4a93-bb8a-55108c2d06d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-36806", "type": "seen", "source": "https://t.me/ctinow/157096", "content": "https://ift.tt/uO9lKEM\nCVE-2021-36806 | Sophos Email Appliance 4.5.3.3 cross site scripting", "creation_timestamp": "2023-12-20T15:48:03.000000Z"}]}