{"vulnerability": "CVE-2021-4202", "sightings": [{"uuid": "8b62a69f-269b-4c4e-9b1d-d16058862091", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42028", "type": "seen", "source": "https://t.me/cibsecurity/74403", "content": "\u203c\ufe0fCVE-2021-42028\u203c\ufe0f\n\nA vulnerability has been identified in syngo fastView All versions. The affected application lacks proper validation of usersupplied data when parsing BMP files. This could result in an outofbounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. ZDICAN14860\n\n\ud83d\udcd6 Read more\n\nVia \"National Vulnerability Database\"", "creation_timestamp": "2024-01-05T01:33:00.000000Z"}, {"uuid": "180471ea-a681-4f95-ac80-e41b5d9345f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42028", "type": "seen", "source": "https://t.me/ctinow/172580", "content": "https://ift.tt/XOSxQ2R\nCVE-2021-42028 | Siemens syngo fastView BMP File Parser out-of-bounds write", "creation_timestamp": "2024-01-24T08:41:40.000000Z"}, {"uuid": "715fc3a2-e3d2-4ee0-8704-41577a0d86e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42028", "type": "seen", "source": "https://t.me/ctinow/162975", "content": "https://ift.tt/fwb5Qr7\nCVE-2021-42028", "creation_timestamp": "2024-01-04T13:21:42.000000Z"}, {"uuid": "1e3bbbe8-0d50-4355-b2ca-a1cdddb7d190", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42029", "type": "seen", "source": "https://t.me/cibsecurity/40593", "content": "\u203c CVE-2021-42029 \u203c\n\nA vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 5), SIMATIC STEP 7 (TIA Portal) V17 (All versions < V17 Update 2). An attacker could achieve privilege escalation on the web server of certain devices due to improper access control vulnerability in the engineering system software. The attacker needs to have direct access to the impacted web server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-12T12:23:12.000000Z"}, {"uuid": "db8b32f7-82af-40da-80df-050b96a89728", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-4202", "type": "seen", "source": "https://t.me/cibsecurity/39561", "content": "\u203c CVE-2021-4202 \u203c\n\nA use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leading to a privilege escalation problem.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-25T21:31:04.000000Z"}, {"uuid": "179990ef-d537-46ac-98a2-927eb655740c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42021", "type": "seen", "source": "https://t.me/cibsecurity/32034", "content": "\u203c CVE-2021-42021 \u203c\n\nA vulnerability has been identified in Siveillance Video DLNA Server (2019 R1), Siveillance Video DLNA Server (2019 R2), Siveillance Video DLNA Server (2019 R3), Siveillance Video DLNA Server (2020 R1), Siveillance Video DLNA Server (2020 R2), Siveillance Video DLNA Server (2020 R3), Siveillance Video DLNA Server (2021 R1). The affected application contains a path traversal vulnerability that could allow to read arbitrary files on the server that are outside the application\u00e2\u20ac\u2122s web document directory. An unauthenticated remote attacker could exploit this issue to access sensitive information for subsequent attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-09T14:30:06.000000Z"}, {"uuid": "5e465d01-e45f-42ef-a64c-c1f5cf924db9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42025", "type": "seen", "source": "https://t.me/cibsecurity/32032", "content": "\u203c CVE-2021-42025 \u203c\n\nA vulnerability has been identified in Mendix Applications using Mendix 8 (All versions < V8.18.13), Mendix Applications using Mendix 9 (All versions < V9.6.2). Applications built with affected versions of Mendix Studio Pro do not properly control write access for certain client actions. This could allow authenticated attackers to manipulate the content of System.FileDocument objects in some cases, regardless whether they have write access to it.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-09T14:30:02.000000Z"}, {"uuid": "7d2fdfda-82c6-41be-83df-c86cc82f2713", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42026", "type": "seen", "source": "https://t.me/cibsecurity/32042", "content": "\u203c CVE-2021-42026 \u203c\n\nA vulnerability has been identified in Mendix Applications using Mendix 8 (All versions < V8.18.13), Mendix Applications using Mendix 9 (All versions < V9.6.2). Applications built with affected versions of Mendix Studio Pro do not properly control read access for certain client actions. This could allow authenticated attackers to retrieve the changedDate attribute of arbitrary objects, even when they don't have read access to them.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-09T14:30:24.000000Z"}]}