{"vulnerability": "CVE-2021-3443", "sightings": [{"uuid": "61ff9b39-b518-4400-beba-e65354254ee1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-34434", "type": "seen", "source": "https://t.me/cibsecurity/28047", "content": "\u203c CVE-2021-34434 \u203c\n\nIn Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-31T00:32:38.000000Z"}, {"uuid": "47548837-5f52-45ee-b0f9-0775bfd67378", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-34436", "type": "seen", "source": "https://t.me/cibsecurity/28247", "content": "\u203c CVE-2021-34436 \u203c\n\nIn Eclipse Theia 0.1.1 to 0.2.0, it is possible to exploit the default build to obtain remote code execution (and XXE) via the theia-xml-extension. This extension uses lsp4xml (recently renamed to LemMinX) in order to provide language support for XML. This is installed by default.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-03T00:36:20.000000Z"}, {"uuid": "393da703-9adc-4956-9597-a988af1f6f40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-34430", "type": "seen", "source": "https://t.me/cibsecurity/25994", "content": "\u203c CVE-2021-34430 \u203c\n\nEclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C library, which makes it easier for remote attackers to compute the master key and then decrypt DTLS traffic.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-08T07:38:23.000000Z"}, {"uuid": "d9feee2d-b2fa-4517-b3f6-a4a677db3600", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-34433", "type": "seen", "source": "https://t.me/cibsecurity/27649", "content": "\u203c CVE-2021-34433 \u203c\n\nIn Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based (x509 and RPK) DTLS handshakes accidentally succeeds without verifying the server side's signature on the client side, if that signature is not included in the server's ServerKeyExchange.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-20T20:19:26.000000Z"}, {"uuid": "c1634bac-acd9-4059-b28c-5374afdd9130", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-34432", "type": "seen", "source": "https://t.me/cibsecurity/26544", "content": "\u203c CVE-2021-34432 \u203c\n\nIn Eclipse Mosquitto versions 2.07 and earlier, the server will crash if the client tries to send a PUBLISH packet with topic length = 0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-27T20:12:32.000000Z"}, {"uuid": "dd25e6f3-dc91-422c-93f8-42a6efc76c67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-34431", "type": "seen", "source": "https://t.me/cibsecurity/26387", "content": "\u203c CVE-2021-34431 \u203c\n\nIn Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client that had connected with MQTT v5 sent a crafted CONNECT message to the broker a memory leak would occur, which could be used to provide a DoS attack against the broker.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-22T18:36:26.000000Z"}]}