{"vulnerability": "CVE-2021-4199", "sightings": [{"uuid": "d753902d-8b74-4478-ab84-adf6a5e0404b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41991", "type": "seen", "source": "https://t.me/cibsecurity/30704", "content": "\u203c CVE-2021-41991 \u203c\n\nThe in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-18T18:32:07.000000Z"}, {"uuid": "b3a6332a-9089-4067-afda-9d47681a5c79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-4199", "type": "seen", "source": "https://t.me/cibsecurity/38500", "content": "\u203c CVE-2021-4199 \u203c\n\nIncorrect Permission Assignment for Critical Resource vulnerability in the crash handling component BDReinit.exe as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools for Windows allows a remote attacker to escalate local privileges to SYSTEM. This issue affects: Bitdefender Total Security versions prior to 26.0.10.45. Bitdefender Internet Security versions prior to 26.0.10.45. Bitdefender Antivirus Plus versions prior to 26.0.10.45. Bitdefender Endpoint Security Tools for Windows versions prior to 7.4.3.146.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-07T14:34:37.000000Z"}, {"uuid": "6366786d-70d3-4a63-a117-18d186db1733", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41991", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-259-03", "content": "", "creation_timestamp": "2025-09-16T10:00:00.000000Z"}, {"uuid": "03ffe9c7-6a3f-4524-a85f-f55e64daa3e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41990", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-259-03", "content": "", "creation_timestamp": "2025-09-16T10:00:00.000000Z"}, {"uuid": "4deb05cb-589b-4ff9-98ee-42c68e151d38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41993", "type": "seen", "source": "https://t.me/cibsecurity/41695", "content": "\u203c CVE-2021-41993 \u203c\n\nA misconfiguration of RSA in PingID Android app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-01T02:26:24.000000Z"}, {"uuid": "5300daab-a852-4d1c-a400-748e213d4383", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41994", "type": "seen", "source": "https://t.me/cibsecurity/41694", "content": "\u203c CVE-2021-41994 \u203c\n\nA misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-01T02:26:23.000000Z"}, {"uuid": "f50f9eda-856f-4d81-a84d-3b9be49e637f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41992", "type": "seen", "source": "https://t.me/cibsecurity/41693", "content": "\u203c CVE-2021-41992 \u203c\n\nA misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-01T02:26:22.000000Z"}, {"uuid": "ba252f36-53d5-444a-83f9-b238c4d6b29d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41990", "type": "seen", "source": "https://t.me/cibsecurity/30699", "content": "\u203c CVE-2021-41990 \u203c\n\nThe gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent by an initiator. Remote code execution cannot occur.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-18T18:31:59.000000Z"}]}