{"vulnerability": "CVE-2021-3609", "sightings": [{"uuid": "38d22ce8-a4ae-4a6d-924c-866877b02644", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36090", "type": "seen", "source": "https://t.me/ctinow/181855", "content": "https://ift.tt/cS3d8Dx\nCVE-2021-36090 | Oracle JDeveloper 12.2.1.4.0 denial of service", "creation_timestamp": "2024-02-09T08:21:43.000000Z"}, {"uuid": "e1738230-9454-498b-b1c4-669fbb10eb5f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3609", "type": "seen", "source": "https://t.me/cibsecurity/38381", "content": "\u203c CVE-2021-3609 \u203c\n\n.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-03T22:26:23.000000Z"}, {"uuid": "44d37ad1-ebfc-4b84-ac1d-ccae17fa2aff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36097", "type": "seen", "source": "https://t.me/cibsecurity/30669", "content": "\u203c CVE-2021-36097 \u203c\n\nAgents are able to lock the ticket without the \"Owner\" permission. Once the ticket is locked, it could be moved to the queue where the agent has \"rw\" permissions and gain a full control. This issue affects: OTRS AG OTRS 8.0.x version: 8.0.16 and prior versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-18T12:36:39.000000Z"}, {"uuid": "f1bd77de-8937-4823-8d2c-738b6a9ec48d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36091", "type": "seen", "source": "https://t.me/cibsecurity/26472", "content": "\u203c CVE-2021-36091 \u203c\n\nAgents are able to list appointments in the calendars without required permissions. This issue affects: OTRS AG ((OTRS)) Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-26T12:41:10.000000Z"}, {"uuid": "53395665-78b0-479e-92ec-10fa21019f78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36095", "type": "seen", "source": "https://t.me/cibsecurity/28304", "content": "\u203c CVE-2021-36095 \u203c\n\nMalicious attacker is able to find out valid user logins by using the \"lost password\" feature. This issue affects: OTRS AG ((OTRS)) Community Edition version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-06T18:40:42.000000Z"}, {"uuid": "fcd44876-52bb-4841-9669-e4dd1ae7e0db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36093", "type": "seen", "source": "https://t.me/cibsecurity/28303", "content": "\u203c CVE-2021-36093 \u203c\n\nIt's possible to create an email which can be stuck while being processed by PostMaster filters, causing DoS. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-06T18:40:41.000000Z"}, {"uuid": "56d41dda-4656-43d2-ac50-537d92654683", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36096", "type": "seen", "source": "https://t.me/cibsecurity/28302", "content": "\u203c CVE-2021-36096 \u203c\n\nGenerated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-06T18:40:40.000000Z"}, {"uuid": "080b19a0-7d7e-4ae6-94a4-d453950d8f86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36094", "type": "seen", "source": "https://t.me/cibsecurity/28301", "content": "\u203c CVE-2021-36094 \u203c\n\nIt's possible to craft a request for appointment edit screen, which could lead to the XSS attack. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-06T18:40:39.000000Z"}, {"uuid": "c0efa1bd-669b-4186-94bb-c3c73a104575", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36092", "type": "seen", "source": "https://t.me/cibsecurity/26467", "content": "\u203c CVE-2021-36092 \u203c\n\nIt's possible to create an email which contains specially crafted link and it can be used to perform XSS attack. This issue affects: OTRS AG ((OTRS)) Community Edition:6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-26T12:41:02.000000Z"}, {"uuid": "fffa1a58-4273-4361-8d60-f1c8f35fd047", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3609", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/3651", "content": "#exploit\nCVE-2021-3609:\nLinux CAN BCM LPE\nhttps://github.com/nrb547/kernel-exploitation/blob/main/cve-2021-3609/cve-2021-3609.md", "creation_timestamp": "2024-02-15T13:44:11.000000Z"}]}