{"vulnerability": "cve-2021-4381", "sightings": [{"uuid": "ed3e0bbd-4e64-4e82-9a2d-ce88e675d0ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43819", "type": "seen", "source": "Telegram/Nxg-iMmR6NwOmz0zrqH9iHw_1smOaKt_YMne1n30b2C2uI5H", "content": "", "creation_timestamp": "2025-02-06T02:43:29.000000Z"}, {"uuid": "3c121128-6b36-4974-9f98-aedfeaef03f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43819", "type": "seen", "source": "https://t.me/cibsecurity/62481", "content": "\u203c CVE-2021-43819 \u203c\n\nStargate-Bukkit is a mod for the minecraft video game which adds a portal focused environment. In affected versions Minecarts with chests will drop their items when teleporting through a portal; when they reappear, they will still have their items impacting the integrity of the game world. The teleport code has since been rewritten and is available in release `0.11.5.1`. Users are advised to upgrade. There are no known workarounds for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-19T22:30:25.000000Z"}, {"uuid": "f65ff7d4-fd5b-47ba-9f1d-55ba0be66148", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43811", "type": "seen", "source": "https://t.me/cibsecurity/33667", "content": "\u203c CVE-2021-43811 \u203c\n\nSockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An attacker can add malicious code to the config file of a trained model and attempt to convince users to download and run it. If users run the model, the embedded code will run locally. The issue is fixed in version 2.3.24.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-09T02:23:05.000000Z"}, {"uuid": "7b3dcafe-2309-481d-81cf-ad54235ebf89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43810", "type": "seen", "source": "https://t.me/cibsecurity/33541", "content": "\u203c CVE-2021-43810 \u203c\n\nAdmidio is a free open source user management system for websites of organizations and groups. A cross-site scripting vulnerability is present in Admidio prior to version 4.0.12. The Reflected XSS vulnerability occurs because redirect.php does not properly validate the value of the url parameter. Through this vulnerability, an attacker is capable to execute malicious scripts. This issue is patched in version 4.0.12.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-08T00:23:23.000000Z"}, {"uuid": "e9da3b38-cbb8-4c61-9568-1998f0f17bba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43816", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12948", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-43816\n\ud83d\udd25 CVSS Score: 8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: containerd is an open source container runtime. On installations using SELinux, such as EL8 (CentOS, RHEL), Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtime interface (CRI), an unprivileged pod scheduled to the node may bind mount, via hostPath volume, any privileged, regular file on disk for complete read/write access (sans delete). Such is achieved by placing the in-container location of the hostPath volume mount at either `/etc/hosts`, `/etc/hostname`, or `/etc/resolv.conf`. These locations are being relabeled indiscriminately to match the container process-label which effectively elevates permissions for savvy containers that would not normally be able to access privileged host files. This issue has been resolved in version 1.5.9. Users are advised to upgrade as soon as possible.\n\ud83d\udccf Published: 2022-01-05T18:55:10.000Z\n\ud83d\udccf Modified: 2025-04-22T18:34:15.666Z\n\ud83d\udd17 References:\n1. https://github.com/containerd/containerd/security/advisories/GHSA-mvff-h3cj-wj9c\n2. https://github.com/containerd/containerd/issues/6194\n3. https://github.com/containerd/containerd/commit/a731039238c62be081eb8c31525b988415745eea\n4. https://github.com/dweomer/containerd/commit/f7f08f0e34fb97392b0d382e58916d6865100299\n5. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GD5GH7NMK5VJMA2Y5CYB5O5GTPYMWMLX/\n6. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MPDIZMI7ZPERSZE2XO265UCK5IWM7CID/", "creation_timestamp": "2025-04-22T19:03:44.000000Z"}, {"uuid": "39d0afca-c449-49fa-986d-75406586f3fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43816", "type": "seen", "source": "https://t.me/cibsecurity/35007", "content": "\u203c CVE-2021-43816 \u203c\n\ncontainerd is an open source container runtime. On installations using SELinux, such as EL8 (CentOS, RHEL), Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtime interface (CRI), an unprivileged pod scheduled to the node may bind mount, via hostPath volume, any privileged, regular file on disk for complete read/write access (sans delete). Such is achieved by placing the in-container location of the hostPath volume mount at either `/etc/hosts`, `/etc/hostname`, or `/etc/resolv.conf`. These locations are being relabeled indiscriminately to match the container process-label which effectively elevates permissions for savvy containers that would not normally be able to access privileged host files. This issue has been resolved in version 1.5.9. Users are advised to upgrade as soon as possible.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-05T22:40:23.000000Z"}, {"uuid": "933a5bfa-c24a-4591-a560-b0a56b613d1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43812", "type": "seen", "source": "https://t.me/cibsecurity/34171", "content": "\u203c CVE-2021-43812 \u203c\n\nThe Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions before 1.6.2 do not filter out certain returnTo parameter values from the login url, which expose the application to an open redirect vulnerability. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-16T22:36:15.000000Z"}, {"uuid": "3afd9c72-6e2f-4b9b-85ef-62ca749b1492", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43818", "type": "seen", "source": "https://t.me/cibsecurity/33871", "content": "\u203c CVE-2021-43818 \u203c\n\nlxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-13T20:11:14.000000Z"}, {"uuid": "1683fb3b-8eb7-4560-9383-91b11d6f91a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43814", "type": "seen", "source": "https://t.me/cibsecurity/33876", "content": "\u203c CVE-2021-43814 \u203c\n\nRizin is a UNIX-like reverse engineering framework and command-line toolset. In versions up to and including 0.3.1 there is a heap-based out of bounds write in parse_die() when reversing an AMD64 ELF binary with DWARF debug info. When a malicious AMD64 ELF binary is opened by a victim user, Rizin may crash or execute unintended actions. No workaround are known and users are advised to upgrade.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-13T22:12:12.000000Z"}, {"uuid": "0bc8e6d6-bde1-471d-997e-e2dba555ede4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43817", "type": "seen", "source": "https://t.me/cibsecurity/33881", "content": "\u203c CVE-2021-43817 \u203c\n\nCollabora Online is a collaborative online office suite based on LibreOffice technology. In affected versions a reflected XSS vulnerability was found in Collabora Online. An attacker could inject unescaped HTML into a variable as they created the Collabora Online iframe, and execute scripts inside the context of the Collabora Online iframe. This would give access to a small set of user settings stored in the browser, as well as the session's authentication token which was also passed in at iframe creation time. Users should upgrade to Collabora Online 6.4.16 or higher or Collabora Online 4.2.20 or higher. Collabora Online Development Edition 21.11 is not affected.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-13T22:12:19.000000Z"}, {"uuid": "87c140dd-b154-408b-bd26-1d45fc454b8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43813", "type": "seen", "source": "https://t.me/cibsecurity/33752", "content": "\u203c CVE-2021-43813 \u203c\n\nGrafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension .md to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Users should upgrade to patched versions 8.3.2 or 7.5.12. For users who cannot upgrade, running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. Alternatively, for fully lowercase or fully uppercase .md files, users can block /api/plugins/.*/markdown/.* without losing any functionality beyond inlined plugin help text.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-10T20:25:18.000000Z"}, {"uuid": "db9a1bd3-fc1a-47b1-a53c-e624bec11f59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43811", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/6646", "content": "#exploit\n1. CVE-2021-43811:\nawslabs/sockeye Code injection via unsafe YAML loading\nhttps://github.com/s-index/CVE-2021-43811\n\n2. Exploiting WebKit JSPropertyNameEnumerator Out-of-Bounds Read (CVE-2021-1789)\nhttps://starlabs.sg/blog/2022/08-exploiting-webkit-jspropertynameenumerator-out-of-bounds-read-cve-2021-1789", "creation_timestamp": "2022-08-22T15:44:19.000000Z"}, {"uuid": "012237ed-929b-477f-b022-5e5e869695b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43818", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0395/", "content": "", "creation_timestamp": "2026-04-02T17:00:00.000000Z"}, {"uuid": "890d88a2-19a0-4942-82ea-15bb26a85ec2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43811", "type": "published-proof-of-concept", "source": "Telegram/P942jOdyqR7oFT29HyIsqSCa5ypLmatmlqAq5qduNAKCsA", "content": "", "creation_timestamp": "2022-08-22T13:51:08.000000Z"}, {"uuid": "e83e8491-5620-4a63-97a3-539c269c9233", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43811", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/1059", "content": "Updates On Hackbyte Forum:-\n\n1. Defcon 27 Files\n2. pfizer files Leaks 2022\n3. CVE-2021-43811 exploit\n4. Sandman - a backdoor that meant to work on hardened networks during red team engagements\n5. GTPv1/GTPv2 Dialer\n6. capa - detects capabilities in executable files\n7. CVE-2022-1802 Exploit\n8. Pitraix - Modern Cross-Platform HTTP-Based P2P Botnet over TOR that cannot be traced\n9. crAPI - completely ridiculous API (crAPI) will help you to understand the ten most critical API security risks\n10. aerodar.ru Leak\n11. manyavar.com Leak\n12. ExportDumper - A small tool I made to dump the export table of PE files\n13. Redline FreeLogs\n14. City Hall of La Haba Spain Leak\n15. OAO Rybinskgazservis Gas distribution Rusia Leak\n\n\ud83d\udc49\ud83c\udffb\ud83d\udc49\ud83c\udffbAll Updates On :- https://bit.ly/3yRyah3 \ud83d\udc48\ud83c\udffb\ud83d\udc48\ud83c\udffb", "creation_timestamp": "2022-08-22T14:03:16.000000Z"}]}