{"vulnerability": "CVE-2021-3830", "sightings": [{"uuid": "56ab7f9f-f939-4066-ad0f-9e42c9ef2254", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38306", "type": "seen", "source": "https://t.me/cibsecurity/27769", "content": "\u203c CVE-2021-38306 \u203c\n\nNetwork Attached Storage on LG N1T1*** 10124 devices allows an unauthenticated attacker to gain root access via OS command injection in the en/ajp/plugins/access.ssh/checkInstall.php destServer parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-24T16:23:30.000000Z"}, {"uuid": "a140506b-9044-41d2-99a6-d8bff44e98de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38304", "type": "seen", "source": "https://t.me/cibsecurity/29060", "content": "\u203c CVE-2021-38304 \u203c\n\nImproper input validation in the National Instruments NI-PAL driver in versions 20.0.0 and prior may allow a privileged user to potentially enable escalation of privilege via local access.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-17T20:23:43.000000Z"}, {"uuid": "2125fe18-01bf-42e3-854a-bab43739fe2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38303", "type": "seen", "source": "https://t.me/cibsecurity/29596", "content": "\u203c CVE-2021-38303 \u203c\n\nA SQL injection vulnerability exists in Sureline SUREedge Migrator 7.0.7.29360.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-28T22:36:09.000000Z"}, {"uuid": "12ba0a47-d553-479b-ba4f-bd136a7b4770", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38305", "type": "seen", "source": "https://t.me/cibsecurity/27027", "content": "\u203c CVE-2021-38305 \u203c\n\n23andMe Yamale before 3.0.8 allows remote attackers to execute arbitrary code via a crafted schema file. The schema parser uses eval as part of its processing, and tries to protect from malicious expressions by limiting the builtins that are passed to the eval. When processing the schema, each line is run through Python's eval function to make the validator available. A well-constructed string within the schema rules can execute system commands; thus, by exploiting the vulnerability, an attacker can run arbitrary code on the image that invokes Yamale.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-10T00:36:31.000000Z"}, {"uuid": "acd332a2-9235-4f37-ac5d-cdc8eadfb698", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3830", "type": "seen", "source": "https://t.me/cibsecurity/29426", "content": "\u203c CVE-2021-3830 \u203c\n\nbtcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-26T12:32:56.000000Z"}, {"uuid": "3396a954-a00f-4e61-b917-cd4bfc91e9fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38302", "type": "seen", "source": "https://t.me/cibsecurity/27325", "content": "\u203c CVE-2021-38302 \u203c\n\nThe Newsletter extension through 4.0.0 for TYPO3 allows SQL Injection.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-13T20:41:22.000000Z"}, {"uuid": "65ce1658-2c48-4aa1-9abd-5b12f5d3eb6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38305", "type": "seen", "source": "https://t.me/thehackernews/1571", "content": "A high-severity code injection #vulnerability (CVE-2021-38305) has been discovered in 23andMe's Yamale, a schema and validator for YAML used by at least 224 repositories on GitHub.\n\nRead: https://thehackernews.com/2021/10/code-execution-bug-affects-yamale.html", "creation_timestamp": "2021-10-07T13:52:10.000000Z"}]}