{"vulnerability": "CVE-2021-3604", "sightings": [{"uuid": "85b249af-e796-4191-a223-03d81a7b0b89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36049", "type": "seen", "source": "https://t.me/cibsecurity/28175", "content": "\u203c CVE-2021-36049 \u203c\n\nAdobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-01T18:40:54.000000Z"}, {"uuid": "9aec948e-c98e-4dd7-aa5a-ee1a6826f75b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36044", "type": "seen", "source": "https://t.me/cibsecurity/28181", "content": "\u203c CVE-2021-36044 \u203c\n\nMagento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An unauthenticated attacker could abuse this vulnerability to cause a server-side denial-of-service using a GraphQL field.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-01T18:41:07.000000Z"}, {"uuid": "23543b1c-afb0-4011-b6a4-10dbf8202ea7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36048", "type": "seen", "source": "https://t.me/cibsecurity/28179", "content": "\u203c CVE-2021-36048 \u203c\n\nXMP Toolkit SDK version 2020.1 (and earlier) is affected by an Improper Input Validation vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-01T18:41:01.000000Z"}, {"uuid": "8389ebe6-7862-47a0-ae68-856805f121d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36042", "type": "seen", "source": "https://t.me/cibsecurity/28153", "content": "\u203c CVE-2021-36042 \u203c\n\nMagento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability in the API File Option Upload Extension. An attacker with Admin privileges can achieve unrestricted file upload which can result in remote code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-01T18:34:48.000000Z"}, {"uuid": "91a07090-43a4-4078-bd35-f60c57c4c29b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3604", "type": "seen", "source": "https://t.me/cibsecurity/25554", "content": "\u203c CVE-2021-3604 \u203c\n\nSecure 8 (Evalos) does not validate user input data correctly, allowing a remote attacker to perform a Blind SQL Injection. An attacker could exploit this vulnerability in order to extract information of users and administrator accounts stored in the database.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-06-18T18:12:04.000000Z"}]}