{"vulnerability": "CVE-2021-2407", "sightings": [{"uuid": "8585b00f-5a52-45c7-a5c5-05b609cd74fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24074", "type": "seen", "source": "MISP/ac722bed-c40f-4c26-9ef3-93547bdaa3b4", "content": "", "creation_timestamp": "2024-11-14T06:10:08.000000Z"}, {"uuid": "251bb963-7ae6-45db-9cc2-c832249cd56c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24074", "type": "seen", "source": "https://msrc.microsoft.com/blog/2021/02/multiple-security-updates-affecting-tcp-ip/", "content": "", "creation_timestamp": "2021-02-09T07:00:00.000000Z"}, {"uuid": "5aa68eca-93ab-4e76-8228-346a504225cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2021-24074", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=550", "content": "", "creation_timestamp": "2021-02-10T04:00:00.000000Z"}, {"uuid": "a6efddf3-edd7-47d3-af29-ae9aa8004b9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24075", "type": "seen", "source": "https://t.me/cibsecurity/24186", "content": "\u203c CVE-2021-24075 \u203c\n\nWindows Network File System Denial of Service Vulnerability\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-26T02:44:25.000000Z"}, {"uuid": "ab335c80-3e5b-4723-9698-13e71e0fea47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24074", "type": "published-proof-of-concept", "source": "https://t.me/ptswarm/27", "content": "Windows non-interactive remote BSOD via NULL dereference in tcpip!Ipv6pReassembleDatagram (CVE-2021-24086), from patch diffing and reversing tcpip.sys to PoC, by @doar_e.\n\nContents:\n\u2022 Introduction\n\u2022 TL;DR\n\u2022 Recon\n\u2022 Diffing Microsoft patches in 2021\n\u2022 Reverse-engineering tcpip.sys\n\u2022 Baby steps\n\u2022 High level overview\n\u2022 Zooming out\n\u2022 NET_BUFFER & NET_BUFFER_LIST\n\u2022 The mechanics of parsing an IPv6 packet\n\u2022 The mechanics of IPv6 fragmentation\n\u2022 Theory vs practice: Ipv6pReceiveFragment\n\u2022 Hiding in plain sight\n\u2022 Manufacturing a packet of the death: chasing phantoms\n\u2022 Manufacturing a packet of the death: leap of faith\n\u2022 Conclusion\n\u2022 Bonus: CVE-2021-24074\n\nhttps://doar-e.github.io/blog/2021/04/15/reverse-engineering-tcpipsys-mechanics-of-a-packet-of-the-death-cve-2021-24086/", "creation_timestamp": "2021-04-16T09:26:06.000000Z"}, {"uuid": "224130cf-60c7-4664-ae99-b9edb6ff4057", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24074", "type": "published-proof-of-concept", "source": "https://t.me/reconshell/437", "content": "CVE-2021-24074 Windows TCP/IP Remote Code Execution Vulnerability\n\n#RCE #CVE-2021-24074 #vulnerability #CodeExecution #InfoSec #CyberSecurity\n\nhttps://reconshell.com/cve-2021-24074-windows-tcp-ip-remote-code-execution-vulnerability/", "creation_timestamp": "2021-02-11T16:46:36.000000Z"}, {"uuid": "e5f26d89-0b9e-441c-9d45-a5bfa1348ce4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24072", "type": "seen", "source": "https://t.me/cibsecurity/24171", "content": "\u203c CVE-2021-24072 \u203c\n\nMicrosoft SharePoint Server Remote Code Execution Vulnerability\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-26T02:38:33.000000Z"}, {"uuid": "420006c8-1339-4bf2-a760-91d55ec832c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-2407", "type": "seen", "source": "https://t.me/cibsecurity/26341", "content": "\u203c CVE-2021-2407 \u203c\n\nVulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.57, 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-21T18:48:29.000000Z"}, {"uuid": "c092dea1-f523-426f-b343-9a68101c52ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24077", "type": "seen", "source": "https://t.me/cibsecurity/24176", "content": "\u203c CVE-2021-1722 \u203c\n\nWindows Fax Service Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24077.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-26T02:44:16.000000Z"}, {"uuid": "e7fe2819-e6db-4ad9-a3b6-5c78cf8982a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24074", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/3104", "content": "#Analytics\n10 most exploited vulnerabilities of the week (April 5-11)\nCVE-2021-26855 - ProxyLogon MS Exchange Srv RCE\nhttps://t.me/cybersecuritytechnologies/2835\nCVE-2020-13379 - Unauth Full-Read SSRF in Grafana\nhttps://t.me/cybersecuritytechnologies/1515\nCVE-2021-24086 - Win IPv4/6 Stack RCE/DoS Vulns\nhttps://unit42.paloaltonetworks.com/cve-2021-24074-patch-tuesday\nCVE-2021-26411 - IE mshtml UAF\nhttps://t.me/cybersecuritytechnologies/2908\nCVE-2021-3129 - Laravel debug RCE\nhttps://t.me/cybersecuritytechnologies/2557\nCVE-2021-26708 - LPE in the Linux kernel <5.10.x\nhttps://github.com/jordan9001/vsock_poc\nCVE-2020-16040 - V8 JIT Compiler Bug\nhttps://t.me/cybersecuritytechnologies/2450\nCVE-2021-21982 - SSRF in VMWare\nhttps://t.me/cybersecuritytechnologies/3039\nCVE-2021-21402 - UAF read in Jellyfin\nhttps://t.me/cybersecuritytechnologies/3064\nCVE-2021-29154 - BPF JIT bug\nhttps://www.openwall.com/lists/oss-security/2021/04/08/1", "creation_timestamp": "2021-04-12T11:01:12.000000Z"}, {"uuid": "4c498f45-e647-494b-8fbf-66ea04b26aae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24078", "type": "seen", "source": "https://t.me/cibsecurity/24163", "content": "\u203c CVE-2021-24078 \u203c\n\nWindows DNS Server Remote Code Execution Vulnerability\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-26T02:38:22.000000Z"}, {"uuid": "1964ac52-c493-48d9-9937-856a89718c88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24074", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/2815", "content": "#Analytics\nTop 10 Most Used Vulnerabilities of the Month (feb 1-28)\nCVE-2021-3156 - Heap-Based Buffer Overflow in Sudo\nhttps://t.me/cybersecuritytechnologies/2577\nCVE-2021-21972 - VMware vCenter RCE\nhttps://swarm.ptsecurity.com/unauth-rce-vmware/#more-2477\nhttps://github.com/QmF0c3UK/CVE-2021-21972-vCenter-6.5-7.0-RCE-POC\nhttps://github.com/NS-Sp4ce/CVE-2021-21972\nhttps://github.com/yaunsky/CVE-2021-21972\nCVE-2021-1732 - Windows kernel 0-day exploit is used by BITTER APT\nhttps://t.me/cybersecuritytechnologies/2679\nCVE-2021-1782 - iOS\\iPadOS 14.3 kernel LPE\nhttps://t.me/cybersecuritytechnologies/2694\nCVE-2021-25646 - Apache Druid <=0.20.1 RCE\nhttps://t.me/cybersecuritytechnologies/2639\nCVE-2020-27932 - A type confusion in MacOS 10.15.7\nhttps://t.me/cybersecuritytechnologies/2383\nCVE-2021-24074, CVE-2021-24094, CVE-2021-24086 - Windows IPv4/IPv6 Stack RCE/DoS Vulnerabilities\nhttps://unit42.paloaltonetworks.com/cve-2021-24074-patch-tuesday", "creation_timestamp": "2021-03-03T05:37:03.000000Z"}, {"uuid": "ee0328a2-d22b-45f9-8cfb-1f96ca0bb7b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24079", "type": "seen", "source": "https://t.me/cibsecurity/24158", "content": "\u203c CVE-2021-24079 \u203c\n\nWindows Backup Engine Information Disclosure Vulnerability\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-26T02:38:16.000000Z"}, {"uuid": "e470d143-445b-4468-ac8f-af248bcbd9c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24077", "type": "seen", "source": "https://t.me/cibsecurity/24157", "content": "\u203c CVE-2021-24077 \u203c\n\nWindows Fax Service Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1722.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-26T02:38:15.000000Z"}, {"uuid": "de52d93b-e654-4d08-b4cc-a7631a70cd19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24074", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/3279", "content": "#Analytics\nTop 10 Most Used Vulnerabilities of the Month (April 1-30)\n\nCVE-2020-13379 - Unauth Full-Read SSRF in Grafana\nhttps://t.me/cybersecuritytechnologies/1515\nCVE-2021-24086 - Win IPv4/6 Stack RCE/DoS Vulns\nhttps://unit42.paloaltonetworks.com/cve-2021-24074-patch-tuesday\nCVE-2021-22893 Pulse SecureVPN RCE\nhttps://t.me/cybersecuritytechnologies/3185\nCVE-2021-28310 - Win32k EoP Vulnerability\nhttps://t.me/cybersecuritytechnologies/3124\nCVE-2021-26411 - IE mshtml UAF\nhttps://t.me/cybersecuritytechnologies/2908\nCVE-2021-22204 - DjVu improper neutralization of user data\nhttps://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800\nCVE-2021-24027 - Remote exploitation of a man-in-the-disk vulnerability in WhatsApp\nhttps://t.me/cybersecuritytechnologies/3126\nCVE-2021-28316 - Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability\nhttps://t.me/cybersecuritytechnologies/3156\nCVE-2021-28480/28482 - MS Exchange Server RCE\nhttps://www.tenable.com/blog/cve-2021-28480-cve-2021-28481-cve-2021-28482-cve-2021-28483-four-critical-microsoft-exchange", "creation_timestamp": "2024-04-30T17:11:44.000000Z"}, {"uuid": "247b30c7-cfd0-4c0f-8ec0-22becf929c5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24074", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/2708", "content": "#Analytics\n10 most exploited vulnerabilities of the week (feb 8-14)\nCVE-2020-1472 - Microsoft Zerologon\nhttps://t.me/cybersecuritytechnologies/1742\nCVE-2021-3156 - Heap-Based Buffer Overflow in Sudo\nhttps://t.me/cybersecuritytechnologies/2577\nCVE-2021-1732 - Windows kernel 0-day exploit is used by BITTER APT in targeted attack\nhttps://t.me/cybersecuritytechnologies/2679\nCVE-2020-2037 - Palo Alto PAN-OS vulnerability\nhttps://t.me/cybersecuritytechnologies/2687\nCVE-2021-24074, CVE-2021-24086, CVE-2021-24094 - Windows IPv4/IPv6 Stack RCE/DoS Vulnerabilities\nhttps://unit42.paloaltonetworks.com/cve-2021-24074-patch-tuesday\nCVE-2021-1782 - iOS\\iPadOS 14.3 kernel LPE vulnerability\nhttps://t.me/cybersecuritytechnologies/2694\nCVE-2021-21017 - Acrobat Reader DC\u00a0a heap-based buffer overflow vulnerability\nhttps://threatpost.com/critical-adobe-windows-flaw/163789\nCVE-2020-24581 - D-Link DSL-2888A AU_2.31_V1x - RCE\nhttps://t.me/cybersecuritytechnologies/2670", "creation_timestamp": "2021-02-15T11:00:19.000000Z"}, {"uuid": "71aa6990-c92f-4a36-8388-5e17910c5fda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24074", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/3159", "content": "#Analytics\n10 most exploited vulnerabilities of the week (April 12-18)\nCVE-2020-13379 - Unauth Full-Read SSRF in Grafana\nhttps://t.me/cybersecuritytechnologies/1515\nCVE-2021-24086 - Win IPv4/6 Stack RCE/DoS Vulns\nhttps://unit42.paloaltonetworks.com/cve-2021-24074-patch-tuesday\nCVE-2021-1647 - MS Defender RCE Vulnerability\nhttps://www.anquanke.com/post/id/231625\nCVE-2021-28310 - Win32k Elevation of Privilege Vulnerability\nhttps://t.me/cybersecuritytechnologies/3124\nCVE-2021-24027 - Remote exploitation of a man-in-the-disk vulnerability in WhatsApp\nhttps://t.me/cybersecuritytechnologies/3126\nCVE-2021-28480/28481/28482/28483 - MS Exchange Server RCE Vulnerability\nhttps://www.tenable.com/blog/cve-2021-28480-cve-2021-28481-cve-2021-28482-cve-2021-28483-four-critical-microsoft-exchange\nCVE-2021-28316 - Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability\nhttps://t.me/cybersecuritytechnologies/3156", "creation_timestamp": "2021-04-19T11:01:18.000000Z"}]}