{"vulnerability": "CVE-2021-3818", "sightings": [{"uuid": "31e28f9b-03b5-44dd-8fe6-3d9a0c921e8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38183", "type": "seen", "source": "https://t.me/cibsecurity/30418", "content": "\u203c CVE-2021-38183 \u203c\n\nSAP NetWeaver - versions 700, 701, 702, 730, does not sufficiently encode user-controlled inputs, allowing an attacker to cause a potential victim to supply a malicious content to a vulnerable web application, which is then reflected to the victim and executed by the web browser, resulting in Cross-Site Scripting vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-12T18:25:44.000000Z"}, {"uuid": "7075cf85-8255-4055-bb47-051064820f5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38180", "type": "seen", "source": "https://t.me/cibsecurity/30416", "content": "\u203c CVE-2021-38180 \u203c\n\nSAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to Excel (CSV injection) due to improper sanitation during the data export. An attacker could thereby execute arbitrary commands on the victim's computer but only if the victim allows to execute macros while opening the file and the security settings of Excel allow for command execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-12T18:25:42.000000Z"}, {"uuid": "328827d5-b69a-401c-8eeb-4464027edce9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3818", "type": "seen", "source": "https://t.me/cibsecurity/29463", "content": "\u203c CVE-2021-3818 \u203c\n\ngrav is vulnerable to Reliance on Cookies without Validation and Integrity Checking\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-27T16:35:04.000000Z"}, {"uuid": "86726e1d-e3f0-476d-9eb1-25ca206f15dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38185", "type": "seen", "source": "https://t.me/cibsecurity/26969", "content": "\u203c CVE-2021-38185 \u203c\n\nGNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-08T07:35:12.000000Z"}, {"uuid": "359239db-64ae-421d-b01e-8b6f940d5ded", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38186", "type": "seen", "source": "https://t.me/cibsecurity/26977", "content": "\u203c CVE-2021-38186 \u203c\n\nAn issue was discovered in the comrak crate before 0.10.1 for Rust. It mishandles & characters, leading to XSS via &# HTML entities.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-08T12:35:37.000000Z"}, {"uuid": "408b1d8d-8aeb-41c9-b5fb-5891ae21a37b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38188", "type": "seen", "source": "https://t.me/cibsecurity/26973", "content": "\u203c CVE-2021-38188 \u203c\n\nAn issue was discovered in the iced-x86 crate through 1.10.3 for Rust. In Decoder::new(), slice.get_unchecked(slice.length()) is used unsafely.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-08T12:35:30.000000Z"}]}