{"vulnerability": "CVE-2021-3634", "sightings": [{"uuid": "5559069d-4d95-477c-8cb1-3da59552d146", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36344", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfi2464jac2i", "content": "", "creation_timestamp": "2025-01-11T15:39:32.848611Z"}, {"uuid": "599426ce-f7e3-4ba4-b74e-913b91297f7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36346", "type": "seen", "source": "https://t.me/cibsecurity/36282", "content": "\u203c CVE-2021-36346 \u203c\n\nDell iDRAC 8 prior to version 2.82.82.82 contain a denial of service vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to deny access to the iDRAC webserver.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-26T02:19:04.000000Z"}, {"uuid": "1afda4df-52d3-4efc-ae35-9deda565b9a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36342", "type": "seen", "source": "https://t.me/cibsecurity/36164", "content": "\u203c CVE-2021-36342 \u203c\n\nDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-24T22:17:56.000000Z"}, {"uuid": "83c29840-6470-40e4-b7d2-6856a3420a54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36347", "type": "seen", "source": "https://t.me/cibsecurity/36277", "content": "\u203c CVE-2021-36347 \u203c\n\niDRAC9 versions prior to 5.00.20.00 and iDRAC8 versions prior to 2.82.82.82 contain a stack-based buffer overflow vulnerability. An authenticated remote attacker with high privileges could potentially exploit this vulnerability to control process execution and gain access to the iDRAC operating system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-26T02:18:58.000000Z"}, {"uuid": "dd7f1ac1-0891-4e63-a054-0b9801e93c4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36348", "type": "seen", "source": "https://t.me/cibsecurity/36279", "content": "\u203c CVE-2021-36348 \u203c\n\niDRAC9 versions prior to 5.00.20.00 contain an input injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to iDRAC.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-26T02:19:00.000000Z"}, {"uuid": "df5d4135-6319-4d69-a63f-58ff9cb4f436", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36343", "type": "seen", "source": "https://t.me/cibsecurity/36149", "content": "\u203c CVE-2021-36343 \u203c\n\nDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-24T22:17:38.000000Z"}, {"uuid": "aa9ad88d-b0d8-4ca5-9fd3-c68f6a6e7de4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36349", "type": "seen", "source": "https://t.me/cibsecurity/36155", "content": "\u203c CVE-2021-36349 \u203c\n\nDell EMC Data Protection Central versions 19.5 and prior contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user could potentially exploit this vulnerability, allowing port scanning of external hosts.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-24T22:17:47.000000Z"}, {"uuid": "15cc0760-083a-437f-8921-1e617032094f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3634", "type": "seen", "source": "https://t.me/cibsecurity/28113", "content": "\u203c CVE-2021-3634 \u203c\n\nA flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input to new secret_hash. Historically, both of these buffers had shared length variable, which worked as long as these buffers were same. But the key re-exchange operation can also change the key exchange method, which can be based on hash of different size, eventually creating \"secret_hash\" of different size than the session_id has. This becomes an issue when the session_id memory is zeroed or when it is used again during second key re-exchange.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-31T20:33:50.000000Z"}, {"uuid": "92621aec-bacc-4100-af8b-e6f3b7005b56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36341", "type": "seen", "source": "https://t.me/cibsecurity/34456", "content": "\u203c CVE-2021-36341 \u203c\n\nDell Wyse Device Agent version 14.5.4.1 and below contain a sensitive data exposure vulnerability. A local authenticated user with low privileges could potentially exploit this vulnerability in order to access sensitive information.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-21T20:12:26.000000Z"}, {"uuid": "7690cc95-586c-4b2a-ad91-56c19cc93188", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36340", "type": "seen", "source": "https://t.me/cibsecurity/32761", "content": "\u203c CVE-2021-36340 \u203c\n\nDell EMC SCG 5.00.00.10 and earlier, contain a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information and use it.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-20T07:17:30.000000Z"}]}