{"vulnerability": "cve-2021-4179", "sightings": [{"uuid": "c3fa8c2b-8a6a-4a7c-a64f-71748a2aebfb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-41794", "type": "seen", "source": "https://t.me/cibsecurity/30165", "content": "\u203c CVE-2021-41794 \u203c\n\nogs_fqdn_parse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a client-supplied length value, leading to a buffer overflow. The attacker can send a PFCP Session Establishment Request with \"internet\" as the PDI Network Instance. The first character is interpreted as a length value to be used in a memcpy call. The destination buffer is only 100 bytes long on the stack. Then, 'i' gets interpreted as 105 bytes to copy from the source buffer to the destination buffer.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-07T18:33:55.000000Z"}, {"uuid": "f3c79b41-c3bb-4fc5-ba87-af39bbf8b1ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-4179", "type": "seen", "source": "https://t.me/cibsecurity/34702", "content": "\u203c CVE-2021-4179 \u203c\n\nlivehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-28T12:24:27.000000Z"}, {"uuid": "030c4fdf-479a-4bf1-9eb0-17c365badc33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-41795", "type": "seen", "source": "https://t.me/cibsecurity/29688", "content": "\u203c CVE-2021-41795 \u203c\n\nThe Safari app extension bundled with 1Password for Mac 7.7.0 through 7.8.x before 7.8.7 is vulnerable to authorization bypass. By targeting a vulnerable component of this extension, a malicious web page could read a subset of 1Password vault items that would normally be fillable by the user on that web page. These items are usernames and passwords for vault items associated with its domain, usernames and passwords without a domain association, credit cards, and contact items. (1Password must be unlocked for these items to be accessible, but no further user interaction is required.)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-30T00:37:15.000000Z"}, {"uuid": "51a0ffbc-5132-45cf-a762-6db0decf39ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-41794", "type": "published-proof-of-concept", "source": "https://t.me/hacker_trick/440", "content": "#poc CVE-2021-41794 Exploit the Fuzz\nExploiting Vulnerabilities in 5G Core Networks\nhttps://research.nccgroup.com/2021/11/16/exploit-the-fuzz-exploiting-vulnerabilities-in-5g-core-networks\n\n#CVE-2021-41228 TensorFlow Python Code Injection: More eval() Woes \nhttps://jfrog.com/blog/tensorflow-python-code-injection-more-eval-woes\n\n#poc CVE-2021-37580\nhttps://github.com/fengwenhua/CVE-2021-37580", "creation_timestamp": "2021-11-18T00:23:00.000000Z"}]}