{"vulnerability": "cve-2021-4276", "sightings": [{"uuid": "02e2c887-3a00-4b5b-ac0b-4d9fb75692a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-42763", "type": "seen", "source": "https://t.me/cibsecurity/31594", "content": "\u203c CVE-2021-42763 \u203c\n\nCouchbase Server before 6.6.3 and 7.x before 7.0.2 stores Sensitive Information in Cleartext. The issue occurs when the cluster manager forwards a HTTP request from the pluggable UI (query workbench etc) to the specific service. In the backtrace, the Basic Auth Header included in the HTTP request, has the \"@\" user credentials of the node processing the UI request.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-02T15:22:39.000000Z"}, {"uuid": "658768cb-d580-4992-b6e2-d63f879aef85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-42764", "type": "seen", "source": "https://t.me/cibsecurity/30927", "content": "\u203c CVE-2021-42764 \u203c\n\nThe Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-19 allows an adversary to cause a denial of service (delayed consensus decisions), and also increase the profits of individual validators, via short-range reorganizations of the underlying consensus chain.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-21T00:35:45.000000Z"}, {"uuid": "10de11e4-df49-4f36-8884-2b9b4a4e7c77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-42766", "type": "seen", "source": "https://t.me/cibsecurity/30926", "content": "\u203c CVE-2021-42766 \u203c\n\nThe Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-19 allows an adversary to cause a denial of service (long-range consensus chain reorganizations), even when this adversary has little stake and cannot influence network message propagation. This can cause a protocol stall, or an increase in the profits of individual validators.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-21T00:35:44.000000Z"}, {"uuid": "2699e940-b2c5-41e8-9929-4829e495b025", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-42765", "type": "seen", "source": "https://t.me/cibsecurity/30925", "content": "\u203c CVE-2021-42765 \u203c\n\nThe Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-19 allows an adversary to leverage network delay to cause a denial of service (indefinite stalling of consensus decisions).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-21T00:35:43.000000Z"}, {"uuid": "bb78f55a-6054-4afe-8208-1bd7f29a6324", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-42761", "type": "seen", "source": "https://t.me/cibsecurity/58381", "content": "\u203c CVE-2021-42761 \u203c\n\nA condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb versions 6.4 all versions, 6.3.0 through 6.3.16, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 through 6.0.7, 5.9.0 through 5.9.1 may allow a remote, unauthenticated attacker to infer the session identifier of other users and possibly usurp their session.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-16T22:26:57.000000Z"}, {"uuid": "b9e0eb3d-4855-4503-aa1b-7ebdca638140", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-42767", "type": "seen", "source": "https://t.me/cibsecurity/38248", "content": "\u203c CVE-2021-42767 \u203c\n\nA directory traversal vulnerability in the Apoc plugins in Neo4J Graph database 4.0.0 through 4.3.6 allows attackers to read local files.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-01T07:23:50.000000Z"}]}