{"vulnerability": "cve-2021-3848", "sightings": [{"uuid": "ade2e95e-82d1-4974-b150-b496f114e01b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38483", "type": "seen", "source": "https://t.me/cibsecurity/41180", "content": "\u203c CVE-2021-38483 \u203c\n\nThe affected product is vulnerable to misconfigured binaries, allowing users on the target PC with SYSTEM level privileges access to overwrite the binary and modify files to gain privilege escalation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-20T20:25:48.000000Z"}, {"uuid": "f418aae8-5403-4b84-b424-39c9de6cb342", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38487", "type": "seen", "source": "Telegram/cQZzk_K0ABmW-6za7II0G9o-Haf4t2Ojf8lHiLTYD-0gOdrQ", "content": "", "creation_timestamp": "2025-02-06T02:43:28.000000Z"}, {"uuid": "7e4849a6-074c-4c4b-9320-cc69cea5018d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38487", "type": "seen", "source": "https://t.me/cibsecurity/42001", "content": "\u203c CVE-2021-38487 \u203c\n\nRTI Connext DDS Professional, Connext DDS Secure versions 4.2x to 6.1.0, and Connext DDS Micro versions 2.4 and later are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic. This may result in a denial-of-service condition and information exposure.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-05T20:36:34.000000Z"}, {"uuid": "1235190a-6860-4403-b2c0-6d6eea24bdb0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-3848", "type": "seen", "source": "https://t.me/cibsecurity/30026", "content": "\u203c CVE-2021-3848 \u203c\n\nAn arbitrary file creation by privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1, and Worry-Free Business Security Services could allow a local attacker to create an arbitrary file with higher privileges that could lead to a denial-of-service (DoS) on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-06T14:31:47.000000Z"}, {"uuid": "44e0e580-3f6c-4591-8b5c-266c9fe34189", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38488", "type": "seen", "source": "https://t.me/cibsecurity/31783", "content": "\u203c CVE-2021-38488 \u203c\n\nDelta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter comment of the API events, which may allow an attacker to remotely execute code.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-03T23:23:36.000000Z"}, {"uuid": "a289374b-43d7-470b-ac81-dd34bca0e139", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38481", "type": "seen", "source": "https://t.me/cibsecurity/31020", "content": "\u203c CVE-2021-38481 \u203c\n\nThe scheduler service running on a specific TCP port enables the user to start and stop jobs. There is no sanitation of the supplied JOB ID provided to the function. An attacker may send a malicious payload that can enable the user to execute another SQL expression by sending a specific string.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-22T16:39:17.000000Z"}, {"uuid": "ba870840-c518-410d-9b95-48b8eb2aeae6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38480", "type": "seen", "source": "https://t.me/cibsecurity/30762", "content": "\u203c CVE-2021-38480 \u203c\n\nInHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to cross-site request forgery when unauthorized commands are submitted from a user the web application trusts. This may allow an attacker to remotely perform actions on the router\u00e2\u20ac\u2122s management portal, such as making configuration changes, changing administrator credentials, and running system commands on the router.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-19T16:33:25.000000Z"}, {"uuid": "d30df697-a427-4165-a5d8-db9cb491ba50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38484", "type": "seen", "source": "https://t.me/cibsecurity/30761", "content": "\u203c CVE-2021-38484 \u203c\n\nInHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not have a filter or signature check to detect or prevent an upload of malicious files to the server, which may allow an attacker, acting as an administrator, to upload malicious files. This could result in cross-site scripting, deletion of system files, and remote code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-19T16:33:24.000000Z"}, {"uuid": "bf53033e-136d-4ba2-af70-f1a8da558afc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38485", "type": "seen", "source": "https://t.me/cibsecurity/31043", "content": "\u203c CVE-2021-38485 \u203c\n\nThe affected product is vulnerable to improper input validation in the restore file. This enables an attacker to provide malicious config files to replace any file on disk.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-22T18:39:21.000000Z"}, {"uuid": "32393a65-3b44-4cf1-b50d-a0481bf524c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38486", "type": "seen", "source": "https://t.me/cibsecurity/30757", "content": "\u203c CVE-2021-38486 \u203c\n\nInHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 cloud portal allows for self-registration of the affected product without any requirements to create an account, which may allow an attacker to have full control over the product and execute code within the internal network to which the product is connected.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-19T16:33:17.000000Z"}]}