{"vulnerability": "CVE-2021-3844", "sightings": [{"uuid": "b7b0de9a-94da-48ba-9007-e349443f2930", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38445", "type": "seen", "source": "https://t.me/cibsecurity/42005", "content": "\u203c CVE-2021-38445 \u203c\n\nOCI OpenDDS versions prior to 3.18.1 do not handle a length parameter consistent with the actual length of the associated data, which may allow an attacker to remotely execute arbitrary code.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-05T20:36:38.000000Z"}, {"uuid": "c559381d-4b77-4b65-962c-ef7b9e43b9ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3844", "type": "seen", "source": "https://t.me/cibsecurity/60651", "content": "\u203c CVE-2021-3844 \u203c\n\nRapid7 InsightVM suffers from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an administrator due to an otherwise unrelated credential leak, that user account's current session is still valid after the password change, potentially allowing the attacker who originally compromised the credential to remain logged in and able to cause further damage. This vulnerability is mitigated by the use of the Platform Login feature. This issue is related to CVE-2019-5638.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-24T19:42:29.000000Z"}, {"uuid": "c7d8ffab-1dc6-4d6d-866f-b4005939fba6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38448", "type": "seen", "source": "https://t.me/cibsecurity/32817", "content": "\u203c CVE-2021-38448 \u203c\n\nThe affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-22T22:20:01.000000Z"}, {"uuid": "bfea12ac-a5bd-477c-8304-37c9eaf17eed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38442", "type": "seen", "source": "https://t.me/cibsecurity/30686", "content": "\u203c CVE-2021-38442 \u203c\n\nFATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in a heap-corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-18T16:32:04.000000Z"}, {"uuid": "6128ce13-526c-4947-8f09-98d4fa335951", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38440", "type": "seen", "source": "https://t.me/cibsecurity/30681", "content": "\u203c CVE-2021-38440 \u203c\n\nFATEK Automation WinProladder versions 3.30 and prior is vulnerable to an out-of-bounds read, which may allow an attacker to read unauthorized information.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-18T16:31:56.000000Z"}]}