{"vulnerability": "CVE-2021-3629", "sightings": [{"uuid": "8b022c0b-c723-4058-9118-21d72ec6c38d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3629", "type": "seen", "source": "https://t.me/arpsyndicate/3196", "content": "#ExploitObserverAlert\n\nCVE-2021-3629\n\nDESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to CVE-2021-3629. A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final and prior to 2.2.11.Final.\n\nFIRST-EPSS: 0.000910000\nNVD-IS: 3.6\nNVD-ES: 2.2", "creation_timestamp": "2024-01-28T04:05:27.000000Z"}, {"uuid": "d36f23be-263b-4ca0-9e20-a49606c78e29", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3629", "type": "seen", "source": "https://t.me/cibsecurity/43296", "content": "\u203c CVE-2021-3629 \u203c\n\nA flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final and prior to 2.2.11.Final.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-24T22:37:16.000000Z"}, {"uuid": "4d564bb1-3e51-4ff8-aee7-031972c824ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36298", "type": "seen", "source": "https://t.me/cibsecurity/29849", "content": "\u203c CVE-2021-36298 \u203c\n\nDell EMC InsightIQ, versions prior to 4.1.4, contain risky cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially exploit this vulnerability leading to authentication bypass and remote takeover of the InsightIQ. This allows an attacker to take complete control of InsightIQ to affect services provided by SSH; so Dell recommends customers to upgrade at the earliest opportunity.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-02T00:29:59.000000Z"}, {"uuid": "dd4f01f5-61cc-4ef1-9eb7-f06ec223a86e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36290", "type": "seen", "source": "https://t.me/cibsecurity/40420", "content": "\u203c CVE-2021-36290 \u203c\n\nDell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain privileges.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-09T00:13:35.000000Z"}, {"uuid": "9c69a0b9-d6b8-47f2-a4d1-836d724b3fc5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36293", "type": "seen", "source": "https://t.me/cibsecurity/40423", "content": "\u203c CVE-2021-36293 \u203c\n\nDell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain elevated privileges.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-09T00:13:37.000000Z"}, {"uuid": "247ba5e5-fa03-4f76-9263-3b5719edf805", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36295", "type": "seen", "source": "https://t.me/cibsecurity/36278", "content": "\u203c CVE-2021-36295 \u203c\n\nDell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authenticated remote code execution vulnerability. A remote malicious user with privileges may exploit this vulnerability to execute commands on the system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-26T02:18:58.000000Z"}, {"uuid": "6aa89c8e-8e22-4b38-b1cd-555fe58e403c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36294", "type": "seen", "source": "https://t.me/cibsecurity/36276", "content": "\u203c CVE-2021-36294 \u203c\n\nDell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authentication bypass vulnerability. A remote unauthenticated attacker may exploit this vulnerability by forging a cookie to login as any user.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-26T02:18:57.000000Z"}, {"uuid": "77f4a203-cc7b-43a3-9182-cb735dcf2bf4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36296", "type": "seen", "source": "https://t.me/cibsecurity/36280", "content": "\u203c CVE-2021-36296 \u203c\n\nDell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authenticated remote code execution vulnerability. A remote malicious user with privileges may exploit this vulnerability to execute commands on the system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-26T02:19:02.000000Z"}, {"uuid": "6f869392-c809-429b-a908-1d694d0faf39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36297", "type": "seen", "source": "https://t.me/cibsecurity/29604", "content": "\u203c CVE-2021-36297 \u203c\n\nSupportAssist Client version 3.8 and 3.9 contains an Untrusted search path vulnerability that allows attackers to load an arbitrary .dll file via .dll planting/hijacking, only by a separate administrative action that is not a default part of the SOSInstallerTool.exe installation for executing arbitrary dll's,\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-29T00:36:12.000000Z"}]}