{"vulnerability": "CVE-2021-2293", "sightings": [{"uuid": "03470bd8-a939-44a1-ae2c-fead6b71ad1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22937", "type": "seen", "source": "MISP/06bb11a9-6fa0-4f2e-97b1-45ded48e4662", "content": "", "creation_timestamp": "2024-11-14T06:09:34.000000Z"}, {"uuid": "cc82363d-d2e9-4bf2-a087-62cb379f2ed3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22930", "type": "seen", "source": "https://t.me/cKure/6412", "content": "\u25a0\u25a1\u25a1\u25a1\u25a1 CVE-2021-22930: Node.js fixes severe HTTP2 bug that could let attackers crash apps.\n\nhttps://www.bleepingcomputer.com/news/security/nodejs-fixes-severe-http-bug-that-could-let-attackers-crash-apps/", "creation_timestamp": "2021-07-30T22:37:39.000000Z"}, {"uuid": "83ba5f75-a871-4961-a91e-f32085b9d071", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2021-22930", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "8d03f422-679f-4e9e-89ed-6413ea513f01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22937", "type": "published-proof-of-concept", "source": "Telegram/OlmIWfCf04jqftw8Cq-ou5J6g6om_6u_87bzbeyzb222HA", "content": "", "creation_timestamp": "2021-08-06T13:54:25.000000Z"}, {"uuid": "96784a0b-807f-490b-9e37-387883a5d283", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22930", "type": "seen", "source": "https://t.me/BleepingComputer/10239", "content": "Node.js fixes severe HTTP bug that could let attackers crash apps\n\nNode.js has released updates for a high severity vulnerability that could be exploited by attackers to crash the process and cause unexpected behaviors. The use-after-free vulnerability, tracked as\u00a0CVE-2021-22930 is to do with how HTTP2 streams are handled in the language. [...]\n\nhttps://www.bleepingcomputer.com/news/security/nodejs-fixes-severe-http-bug-that-could-let-attackers-crash-apps/", "creation_timestamp": "2021-07-30T22:56:11.000000Z"}, {"uuid": "a1f89cb4-e20f-4b21-8272-95a78bb47897", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22934", "type": "seen", "source": "https://t.me/cibsecurity/27396", "content": "\u203c CVE-2021-22934 \u203c\n\nA vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator or compromised Pulse Connect Secure device in a load-balanced configuration to perform a buffer overflow via a malicious crafted web request.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-16T22:14:54.000000Z"}, {"uuid": "726d4b23-757a-42f6-a2ca-fce5f2aa0a5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22930", "type": "seen", "source": "https://t.me/cibsecurity/30170", "content": "\u203c CVE-2021-22930 \u203c\n\nNode.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-07T18:34:01.000000Z"}, {"uuid": "fc9da890-ea53-40fb-bf3e-16e8e4057936", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22937", "type": "published-proof-of-concept", "source": "Telegram/PrpY9viYNwJsloEku2TiViFqt7xU58t-bPyhw4S2R6DOTw", "content": "", "creation_timestamp": "2021-08-06T17:57:30.000000Z"}, {"uuid": "53346052-053a-4400-9969-ccadc1ebd666", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22937", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityIL/4542", "content": "\u05d7\u05d5\u05dc\u05e9\u05d4 \u05d7\u05d3\u05e9\u05d4 \u05d1\u05de\u05d5\u05e6\u05e8 \u05e9\u05dc Pulse Secure \u05de\u05d0\u05e4\u05e9\u05e8 \u05d4\u05e8\u05e6\u05ea \u05e7\u05d5\u05d3 \u05de\u05e8\u05d7\u05d5\u05e7 \u05e2\u05dd \u05d4\u05e8\u05e9\u05d0\u05d5\u05ea Root. \n\n\u05d1\u05d7\u05d5\u05d3\u05e9 \u05de\u05d0\u05d9 2021 \u05d3\u05d9\u05d5\u05d5\u05d7 \u05d7\u05d5\u05e7\u05e8 \u05d0\u05d1\u05d8\"\u05de \u05db\u05d9 \u05de\u05e6\u05d0 \u05d7\u05d5\u05dc\u05e9\u05d4 \u05d1\u05de\u05d5\u05e6\u05e8 Pulse Connect Secure \u05d4\u05de\u05d0\u05e4\u05e9\u05e8\u05ea \u05dc\u05d5 \u05dc\u05d4\u05e8\u05d9\u05e5 \u05e7\u05d5\u05d3 \u05de\u05e8\u05d7\u05d5\u05e7 \u05e2\u05dd \u05d4\u05e8\u05e9\u05d0\u05d5\u05ea Root.\n\n\u05d4\u05d7\u05d5\u05dc\u05e9\u05d4 \u05d3\u05d5\u05d5\u05d7\u05d4 \u05dc\u05d7\u05d1\u05e8\u05ea Pulse Secure \u05d1\u05d0\u05de\u05e6\u05e2\u05d5\u05ea \u05e4\u05dc\u05d8\u05e4\u05d5\u05e8\u05de\u05ea HackerOne \u05d1\u05ea\u05d0\u05e8\u05d9\u05da 12.5.21 \u05d0\u05da \u05d1\u05de\u05e9\u05da \u05d7\u05d5\u05d3\u05e9\u05d9\u05d9\u05dd \"\u05d6\u05db\u05ea\u05d4\" \u05dc\u05d4\u05ea\u05e2\u05dc\u05de\u05d5\u05ea \u05de\u05e6\u05d3 Pulse Secure. \u05e8\u05e7 \u05d1-15.7.21 \u05d5\u05dc\u05d0\u05e8\u05d7 \u05e9\u05d1-HackerOne \u05d4\u05d5\u05d3\u05d9\u05e2\u05d5 \u05db\u05d9 \u05d1\u05d4\u05ea\u05d0\u05dd \u05dc\u05de\u05d3\u05d9\u05e0\u05d9\u05d5\u05ea \u05d4\u05d0\u05ea\u05e8 \u05d4\u05d7\u05d5\u05dc\u05e9\u05d4 \u05ea\u05e4\u05d5\u05e8\u05e1\u05dd \u05d1\u05d0\u05d5\u05e4\u05df \u05e6\u05d9\u05d1\u05d5\u05e8\u05d9 \u05d1\u05e2\u05d5\u05d3 \u05de\u05e1\u05e4\u05e8 \u05d9\u05de\u05d9\u05dd \u05d4\u05d2\u05d9\u05d1\u05d5 \u05d1-Pulse Secure \u05d5\u05d3\u05d9\u05d5\u05d5\u05d7\u05d5 \u05db\u05d9 \u05d4\u05d7\u05d5\u05dc\u05e9\u05d4 \u05ea\u05ea\u05d5\u05e7\u05df \u05d1\u05d4\u05e7\u05d3\u05dd \u05d5\u05d1\u05d9\u05e7\u05e9\u05d5 \u05dc\u05d0 \u05dc\u05e4\u05e8\u05e1\u05dd \u05d0\u05ea \u05d4\u05d7\u05d5\u05dc\u05e9\u05d4 \u05e2\u05d3 \u05dc\u05ea\u05d9\u05e7\u05d5\u05df.\n\n\u05d4\u05d7\u05d5\u05dc\u05e9\u05d4 \u05d0\u05db\u05df \u05dc\u05d0 \u05e4\u05d5\u05e8\u05e1\u05de\u05d4 \u05d5\u05d4\u05e4\u05e8\u05e1\u05d5\u05dd \u05e0\u05d3\u05d7\u05d4 \u05e2\u05d3 \u05dc\u05d0\u05ea\u05de\u05d5\u05dc 5.8.21 \u05db\u05d0\u05e9\u05e8 Pulse Secure \u05e9\u05d7\u05e8\u05e8\u05d5 \u05e2\u05d3\u05db\u05d5\u05df \u05d1-2.8.21.\n\u05d4\u05d2\u05e8\u05e1\u05d4 \u05d4\u05de\u05e2\u05d5\u05d3\u05db\u05e0\u05ea \u05d4\u05d9\u05d0 9.1R12.\n\n(\u05ea\u05d5\u05d3\u05d4 \u05dc-Guy \u05e2\u05dc \u05d4\u05d4\u05e4\u05e0\u05d9\u05d9\u05d4 \u05dc\u05db\u05ea\u05d1\u05d4 \ud83d\ude4f\ud83c\udffb) \n\nhttps://t.me/CyberSecurityIL/1219\n\nhttps://research.nccgroup.com/2021/08/05/technical-advisory-pulse-connect-secure-rce-via-uncontrolled-archive-extraction-cve-2021-22937-patch-bypass/amp/", "creation_timestamp": "2021-08-06T14:51:28.000000Z"}, {"uuid": "fbf79b96-bb8f-46e6-81e4-dd8517783fcd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22939", "type": "seen", "source": "https://t.me/cibsecurity/27400", "content": "\u203c CVE-2021-22939 \u203c\n\nIf the Node.js https API was used incorrectly and \"undefined\" was in passed for the \"rejectUnauthorized\" parameter, no error was returned and connections to servers with an expired certificate would have been accepted.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-16T22:14:58.000000Z"}, {"uuid": "512927af-50cd-43c9-b66c-8d98c714e3a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22936", "type": "seen", "source": "https://t.me/cibsecurity/27399", "content": "\u203c CVE-2021-22936 \u203c\n\nA vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-16T22:14:57.000000Z"}, {"uuid": "51057238-79a1-4512-abcc-c29ef990229e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22937", "type": "seen", "source": "https://t.me/cibsecurity/27395", "content": "\u203c CVE-2021-22937 \u203c\n\nA vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-16T22:14:53.000000Z"}, {"uuid": "ad1b780c-bfbe-4ced-a889-59a80ecbfb0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22933", "type": "seen", "source": "https://t.me/cibsecurity/27407", "content": "\u203c CVE-2021-22933 \u203c\n\nA vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform an arbitrary file delete via a maliciously crafted web request.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-16T22:15:06.000000Z"}, {"uuid": "356eafe2-aa15-4c84-ac7e-6d2b1219bb52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22932", "type": "seen", "source": "https://t.me/cibsecurity/27402", "content": "\u203c CVE-2021-22932 \u203c\n\nAn issue has been identified in the CTX269106 mitigation tool for Citrix ShareFile storage zones controller which causes the ShareFile file encryption option to become disabled if it had previously been enabled. Customers are only affected by this issue if they previously selected \u00e2\u20ac\u0153Enable Encryption\u00e2\u20ac\ufffd in the ShareFile configuration page and did not re-select this setting after running the CTX269106 mitigation tool. ShareFile customers who have not run the CTX269106 mitigation tool or who re-selected \u00e2\u20ac\u0153Enable Encryption\u00e2\u20ac\ufffd immediately after running the tool are unaffected by this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-16T22:15:00.000000Z"}, {"uuid": "2fd4f788-d5bf-4f75-8ab7-f2428ef96376", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22937", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/4044", "content": "#Threat_Research\n1. Multiple Vulnerabilities in cPanel/WHM\nhttps://www.fortbridge.co.uk/research/multiple-vulnerabilities-in-cpanel-whm\n2. Pulse Connect Secure - RCE via Uncontrolled Archive Extraction - CVE-2021-22937 (Patch Bypass)\nhttps://research.nccgroup.com/2021/08/05/technical-advisory-pulse-connect-secure-rce-via-uncontrolled-archive-extraction-cve-2021-22937-patch-bypass", "creation_timestamp": "2021-08-11T12:29:23.000000Z"}, {"uuid": "20f125b8-b9a7-4fb6-ac95-562ff1962c9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22937", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/4203", "content": "#Analytics\nTop 10 Most Used Vulns of the Month (Aug 1-31)\nCVE-2021-1675 - Print Spooler EoP\nhttps://t.me/cybersecuritytechnologies/3723\nCVE-2021-31956 - Win NTFS EoP\nhttps://t.me/cybersecuritytechnologies/4110\nCVE-2021-36958 - Print Spooler RCE\nhttps://mobile.twitter.com/gentilkiwi/status/1416429860566847490?s=20\nCVE-2021-39137 - A consensus-vuln in go-eth\nCVE-2021-22937 - Pulse ConnSecure RCE\nhttps://t.me/cybersecuritytechnologies/4044\nCVE-2021-34473 - Pre-auth Path Confusion\nhttps://www.zerodayinitiative.com/blog/2021/8/17/from-pwn2own-2021-a-new-attack-surface-on-microsoft-exchange-proxyshell\nCVE-2021-21225 - Vuln in V8's Array.prototype.concat\nhttps://t.me/cybersecuritytechnologies/4090\nCVE-2021-20090 - Path traversal in Buffalo routers\nhttps://t.me/cybersecuritytechnologies/3986\nCVE-2021-26084 - Confluence Server Webwork OGNL Inj\nhttps://t.me/cybersecuritytechnologies/4202\nCVE-2021-3711 - Vulns in OpenSSL\nhttps://nakedsecurity.sophos.com/2021/08/27/big-bad-decryption-bug-in-openssl-but-no-cause-for-alarm", "creation_timestamp": "2021-09-02T11:05:07.000000Z"}]}