{"vulnerability": "CVE-2021-4209", "sightings": [{"uuid": "32cc0a76-5510-479f-98e1-7d800b9e339b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42099", "type": "seen", "source": "https://t.me/cibsecurity/33128", "content": "\u203c CVE-2021-42099 \u203c\n\nZoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-30T22:34:35.000000Z"}, {"uuid": "c8bf729e-575b-42cd-ba32-2d55872092fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42096", "type": "seen", "source": "https://t.me/arpsyndicate/586", "content": "#ExploitObserverAlert\n\nCVE-2021-42096\n\nDESCRIPTION: Exploit Observer has 5 entries related to CVE-2021-42096. GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password.\n\nFIRST-EPSS: 0.001730000\nNVD-IS: 1.4\nNVD-ES: 2.8", "creation_timestamp": "2023-11-26T05:03:11.000000Z"}, {"uuid": "67c405b0-3814-457f-8a29-d025d8d7b1dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-4209", "type": "seen", "source": "https://t.me/cibsecurity/48653", "content": "\u203c CVE-2021-4209 \u203c\n\nA NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-24T20:22:45.000000Z"}, {"uuid": "4c35ff7f-40ba-4e67-a000-f4c890b83410", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42096", "type": "seen", "source": "https://t.me/cibsecurity/30931", "content": "\u203c CVE-2021-42096 \u203c\n\nGNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-21T07:36:19.000000Z"}, {"uuid": "bde833ec-b8c8-4d19-94fd-e66932ebcb2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42097", "type": "seen", "source": "https://t.me/cibsecurity/30939", "content": "\u203c CVE-2021-42097 \u203c\n\nGNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-21T07:36:31.000000Z"}, {"uuid": "c57b715c-2b82-4187-a0b0-a130340c121d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42095", "type": "seen", "source": "https://t.me/cibsecurity/30224", "content": "\u203c CVE-2021-42095 \u203c\n\nXshell before 7.0.0.76 allows attackers to cause a crash by triggering rapid changes to the title bar.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-08T00:34:21.000000Z"}, {"uuid": "86b5e709-3439-45f9-9848-53a6d9647bf9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42091", "type": "seen", "source": "https://t.me/cibsecurity/30222", "content": "\u203c CVE-2021-42091 \u203c\n\nAn issue was discovered in Zammad before 4.1.1. SSRF can occur via GitHub or GitLab integration.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-08T00:34:19.000000Z"}, {"uuid": "4cd8aa72-9445-40d0-ba43-8c4a9140d105", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42093", "type": "seen", "source": "https://t.me/cibsecurity/30217", "content": "\u203c CVE-2021-42093 \u203c\n\nAn issue was discovered in Zammad before 4.1.1. An admin can execute code on the server via a crafted request that manipulates triggers.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-08T00:34:13.000000Z"}, {"uuid": "a20c4c60-fc21-4563-9e93-7f8f20958cea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42094", "type": "seen", "source": "https://t.me/cibsecurity/30227", "content": "\u203c CVE-2021-42094 \u203c\n\nAn issue was discovered in Zammad before 4.1.1. Command Injection can occur via custom Packages.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-08T00:34:25.000000Z"}, {"uuid": "e188f24c-20a4-4744-8130-4a2ad389d479", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42090", "type": "seen", "source": "https://t.me/cibsecurity/30220", "content": "\u203c CVE-2021-42090 \u203c\n\nAn issue was discovered in Zammad before 4.1.1. The Form functionality allows remote code execution because deserialization is mishandled.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-08T00:34:17.000000Z"}, {"uuid": "1fc53748-edb6-4614-a0bf-c65a04609423", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42092", "type": "seen", "source": "https://t.me/cibsecurity/30219", "content": "\u203c CVE-2021-42092 \u203c\n\nAn issue was discovered in Zammad before 4.1.1. Stored XSS may occur via an Article during addition of an attachment to a Ticket.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-08T00:34:15.000000Z"}]}