{"vulnerability": "CVE-2021-3615", "sightings": [{"uuid": "d1a37c3e-d12e-4bb9-8a19-a285e547148a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36156", "type": "seen", "source": "https://bsky.app/profile/euvd-bot.bsky.social/post/3mjks3vg5ui25", "content": "", "creation_timestamp": "2026-04-15T21:01:07.653268Z"}, {"uuid": "cddb90ef-1f71-46e1-b750-2eba5c06ebfe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36150", "type": "seen", "source": "https://t.me/cibsecurity/30167", "content": "\u203c CVE-2021-36150 \u203c\n\nSilverStripe Framework through 4.8.1 allows XSS.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-07T18:33:58.000000Z"}, {"uuid": "b8e89ca7-739a-42fe-8617-2e5edd6f1bdb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36156", "type": "seen", "source": "https://t.me/cibsecurity/26740", "content": "\u203c CVE-2021-36156 \u203c\n\nAn issue was discovered in Grafana Loki through 2.2.1. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Loki will attempt to parse a rules file at that location and include some of the contents in the error message.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-03T18:27:51.000000Z"}, {"uuid": "ca6cb04b-1adf-4a17-a531-97919e868626", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36157", "type": "seen", "source": "https://t.me/cibsecurity/26739", "content": "\u203c CVE-2021-36157 \u203c\n\nAn issue was discovered in Grafana Cortex through 1.9.0. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Cortex will attempt to parse a rules file at that location and include some of the contents in the error message. (Other Cortex API requests can also be sent a malicious OrgID header, e.g., tricking the ingester into writing metrics to a different location, but the effect is nuisance rather than information disclosure.)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-03T18:27:50.000000Z"}, {"uuid": "8ee86c92-f894-4cfa-92ff-7058d567a97e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36159", "type": "seen", "source": "https://t.me/cibsecurity/26745", "content": "\u203c CVE-2021-36159 \u203c\n\nlibfetch before 2021-07-26, as used in apk-tools, xbps, and other products, mishandles numeric strings for the FTP and HTTP protocols. The FTP passive mode implementation allows an out-of-bounds read because strtol is used to parse the relevant numbers into address bytes. It does not check if the line ends prematurely. If it does, the for-loop condition checks for the '\\0' terminator one byte too late.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-03T18:27:58.000000Z"}, {"uuid": "89574f67-51f5-422f-a9b2-125df3412c7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36158", "type": "seen", "source": "https://t.me/cibsecurity/25919", "content": "\u203c CVE-2021-36158 \u203c\n\nIn the xrdp package (in branches through 3.14) for Alpine Linux, RDP sessions are vulnerable to man-in-the-middle attacks because pre-generated RSA certificates and private keys are used.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-06T02:36:10.000000Z"}, {"uuid": "d6157a69-b752-49d5-9572-1a29f27eb0b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3615", "type": "seen", "source": "https://t.me/cibsecurity/27436", "content": "\u203c CVE-2021-3615 \u203c\n\nA vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow code execution if a specific file exists on the attached SD card. This vulnerability is the same as CNVD-2021-45262.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-17T20:15:55.000000Z"}]}