{"vulnerability": "CVE-2021-3637", "sightings": [{"uuid": "97844282-1fbb-4c92-9a8e-5e8880dcedeb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36372", "type": "seen", "source": "https://t.me/cibsecurity/32678", "content": "\u203c CVE-2021-36372 \u203c\n\nIn Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users with permission to the key. Authenticated users may use them even after access is revoked.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-19T12:16:36.000000Z"}, {"uuid": "cece49c8-356a-4794-9fc0-fbe2b3604336", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36370", "type": "seen", "source": "https://t.me/cibsecurity/28029", "content": "\u203c CVE-2021-36370 \u203c\n\nAn issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-30T22:32:45.000000Z"}, {"uuid": "957082af-62bc-4308-9fa9-aaa641540a42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36371", "type": "seen", "source": "https://t.me/cibsecurity/26047", "content": "\u203c CVE-2021-36371 \u203c\n\nEmissary-Ingress (formerly Ambassador API Gateway) through 1.13.9 allows attackers to bypass client certificate requirements (i.e., mTLS cert_required) on backend upstreams when more than one TLSContext is defined and at least one configuration exists that does not require client certificate authentication. The attacker must send an SNI specifying an unprotected backend and an HTTP Host header specifying a protected backend.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-10T00:15:12.000000Z"}, {"uuid": "171a7009-8002-46b7-9bd1-3202a76325ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36373", "type": "seen", "source": "https://t.me/cibsecurity/26135", "content": "\u203c CVE-2021-36373 \u203c\n\nWhen reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-14T12:20:11.000000Z"}, {"uuid": "ec15ebda-c250-4f8b-a4e8-55dfc459fe2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36370", "type": "seen", "source": "https://t.me/sysodmins/12700", "content": "\u200b\u200b\u0412\u044b\u043f\u0443\u0441\u043a \u0444\u0430\u0439\u043b\u043e\u0432\u043e\u0433\u043e \u043c\u0435\u043d\u0435\u0434\u0436\u0435\u0440\u0430 Midnight Commander 4.8.27\n\n\u041f\u043e\u0441\u043b\u0435 \u0432\u043e\u0441\u044c\u043c\u0438 \u043c\u0435\u0441\u044f\u0446\u0435\u0432 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d \u0432\u044b\u043f\u0443\u0441\u043a \u043a\u043e\u043d\u0441\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u043e\u0432\u043e\u0433\u043e \u043c\u0435\u043d\u0435\u0434\u0436\u0435\u0440\u0430 Midnight Commander 4.8.27, \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u043c\u043e\u0433\u043e \u0432 \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u0445 \u0442\u0435\u043a\u0441\u0442\u0430\u0445 \u043f\u043e\u0434 \u043b\u0438\u0446\u0435\u043d\u0437\u0438\u0435\u0439 GPLv3+. \u0421\u043f\u0438\u0441\u043e\u043a \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u0439:\n\n\u2014 \u0417\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0441\u043e\u043a\u0440\u0430\u0449\u0435\u043d\u043e \u0432\u0440\u0435\u043c\u044f \u0441\u0431\u043e\u0440\u043a\u0438 \u043f\u043e\u0441\u043b\u0435 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0432\u0435\u0440\u0441\u0438\u0438.\n\u2014 \u041f\u0435\u0440\u0435\u0440\u0430\u0431\u043e\u0442\u0430\u043d\u0430 \u0441\u0438\u0441\u0442\u0435\u043c\u0430 \u0432\u0438\u0434\u0436\u0435\u0442\u043e\u0432, \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043e \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 WST_VISIBLE \u0434\u043b\u044f \u043f\u043e\u043a\u0430\u0437\u0430 \u0438 \u0441\u043a\u0440\u044b\u0442\u0438\u044f \u0432\u0438\u0434\u0436\u0435\u0442\u043e\u0432.\n\u2014 VFS \u043c\u043e\u0434\u0443\u043b\u044c extfs \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u0430 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430 unrar 6 \u0438 \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0441\u0431\u043e\u0440\u043e\u043a 7z.\n\u2014 \u0412 \u0434\u0438\u0430\u043b\u043e\u0433 \u043f\u043e\u0438\u0441\u043a\u0430 \u0444\u0430\u0439\u043b\u043e\u0432 (\"Find File\") \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u0430 \u043e\u043f\u0446\u0438\u044f \u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u043e \u0441\u0438\u043c\u0432\u043e\u043b\u0438\u0447\u0435\u0441\u043a\u0438\u043c \u0441\u0441\u044b\u043b\u043a\u0430\u043c (\"Follow symlinks\").\n\u2014 \u0412\u043e \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u043e\u043c \u0440\u0435\u0434\u0430\u043a\u0442\u043e\u0440\u0435 \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u0430 \u043f\u043e\u0434\u0441\u0432\u0435\u0442\u043a\u0430 \u0441\u0438\u043d\u0442\u0430\u043a\u0441\u0438\u0441\u0430 \u0434\u043b\u044f \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043e\u0447\u043d\u044b\u0445 \u0444\u0430\u0439\u043b\u043e\u0432 Verilog \u0438 SystemVerilog, \u0441\u043a\u0440\u0438\u043f\u0442\u043e\u0432 openrc-run \u0438 \u0444\u043e\u0440\u043c\u0430\u0442\u0430 JSON. \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u044b \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0438 \u043f\u043e\u0434\u0441\u0432\u0435\u0442\u043a\u0438 \u0441\u0438\u043d\u0442\u0430\u043a\u0441\u0438\u0441\u0430 \u0434\u043b\u044f Python\n\u2014 \u0412 \u043f\u0430\u043d\u0435\u043b\u044f\u0445 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0430 \u043f\u043e\u0434\u0441\u0432\u0435\u0442\u043a\u0430 \u0444\u0430\u0439\u043b\u043e\u0432 c++ \u0438 h++ \u043a\u0430\u043a \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u0445 \u0442\u0435\u043a\u0441\u0442\u043e\u0432, \u0430 \u0444\u0430\u0439\u043b\u043e\u0432 JSON \u043a\u0430\u043a \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u043e\u0432.\n\u2014 \u0414\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u0430 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430 \u044d\u043c\u0443\u043b\u044f\u0442\u043e\u0440\u043e\u0432 \u0442\u0435\u0440\u043c\u0438\u043d\u0430\u043b\u0430 alacritty \u0438 \u200bfoot.\n\u2014 \u0412 mc.ext \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u0430 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430 \u0444\u043e\u0440\u043c\u0430\u0442\u0430 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u044b\u0445 \u043a\u043d\u0438\u0433 fb2.\n\u2014 \u0423\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2021-36370 \u0432 VFS-\u043c\u043e\u0434\u0443\u043b\u0435 \u0441 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u043e\u0439 SFTP, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 fingerprint-\u043e\u0442\u043f\u0435\u0447\u0430\u0442\u043a\u043e\u0432 \u043a\u043b\u044e\u0447\u0435\u0439 \u0445\u043e\u0441\u0442\u0430.", "creation_timestamp": "2021-08-17T01:10:02.000000Z"}]}