{"vulnerability": "cve-2021-4213", "sightings": [{"uuid": "2950adf6-9179-4649-b999-ff5b2b8aa503", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-42132", "type": "seen", "source": "https://t.me/cibsecurity/33453", "content": "\u203c CVE-2021-42132 \u203c\n\nA command Injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-07T16:22:04.000000Z"}, {"uuid": "99caeba4-028a-44b5-90fc-c3add4d10e1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-42133", "type": "seen", "source": "https://t.me/cibsecurity/33437", "content": "\u203c CVE-2021-42133 \u203c\n\nAn exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-07T16:21:41.000000Z"}, {"uuid": "a1979a44-d731-4186-ba8a-59772d13999c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-42130", "type": "seen", "source": "https://t.me/cibsecurity/33445", "content": "\u203c CVE-2021-42130 \u203c\n\nA deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-07T16:21:51.000000Z"}, {"uuid": "1ef8cd17-d9db-4e9e-b58b-d7906a0876f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-42131", "type": "seen", "source": "https://t.me/cibsecurity/33447", "content": "\u203c CVE-2021-42131 \u203c\n\nA SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-07T16:21:56.000000Z"}, {"uuid": "4c0abd62-3683-4206-add2-9592416f2316", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-4213", "type": "seen", "source": "https://t.me/cibsecurity/48670", "content": "\u203c CVE-2021-4213 \u203c\n\nA flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory builds up in the server memory, saturating the server\u00e2\u20ac\u2122s RAM. This flaw allows an attacker to force the invocation of an out-of-memory process, causing a denial of service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-24T20:23:05.000000Z"}, {"uuid": "7bf8f2bb-21df-4eea-a1fb-49c4716ae94d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-42134", "type": "seen", "source": "https://t.me/cibsecurity/30307", "content": "\u203c CVE-2021-42134 \u203c\n\nThe Unicorn framework before 0.36.1 for Django allows XSS via a component. NOTE: this issue exists because of an incomplete fix for CVE-2021-42053.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-11T07:23:28.000000Z"}, {"uuid": "3e304b3d-45b0-4539-981b-630d70d0465d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-42135", "type": "seen", "source": "https://t.me/cibsecurity/30306", "content": "\u203c CVE-2021-42135 \u203c\n\nHashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/* path may be able to issue Google Cloud service account credentials.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-11T07:23:27.000000Z"}, {"uuid": "6e95b373-8f2f-4dac-9a19-959976ab769f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-42136", "type": "seen", "source": "https://t.me/cibsecurity/40735", "content": "\u203c CVE-2021-42136 \u203c\n\nA stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes Functionality of REDCap 11.2.5 allows remote attackers to execute JavaScript code in the client's browser by storing said code as a Missing Data Code value. This can then be leveraged to execute a Cross-Site Request Forgery attack to escalate privileges to administrator.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-13T20:18:17.000000Z"}]}