{"vulnerability": "cve-2021-2011", "sightings": [{"uuid": "e31d87c3-6181-42a3-a983-88147d743fe0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20119", "type": "seen", "source": "https://t.me/cibsecurity/32118", "content": "\u203c CVE-2021-20119 \u203c\n\nThe password change utility for the Arris SurfBoard SB8200 can have safety measures bypassed that allow any logged-in user to change the administrator password.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-09T22:35:20.000000Z"}, {"uuid": "622037af-a352-4b62-9bb0-cd6c29f7ffe8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-2011", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-027-02", "content": "", "creation_timestamp": "2026-01-27T11:00:00.000000Z"}, {"uuid": "91b43e0b-0ea6-4b4a-b4a4-d175cfc6cd00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20114", "type": "seen", "source": "https://t.me/cibsecurity/26593", "content": "\u203c CVE-2021-20114 \u203c\n\nWhen installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which included sensitive database backup files.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-30T18:15:20.000000Z"}, {"uuid": "2e21e44a-7993-4e50-b65f-7465abdee521", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20113", "type": "seen", "source": "https://t.me/cibsecurity/26606", "content": "\u203c CVE-2021-20113 \u203c\n\nAn exposure of sensitive information vulnerability exists in TCExam <= 14.8.1. If a password reset request was made for an email address that was not registered with a user then we would be presented with an \u00e2\u20ac\u02dcunknown email\u00e2\u20ac\u2122 error. If an email is given that is registered with a user then this error will not appear. A malicious actor could abuse this to enumerate the email addresses of\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-30T18:15:34.000000Z"}, {"uuid": "ff3a49a1-63c3-48c8-9c4a-68ac94f03676", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20118", "type": "seen", "source": "https://t.me/cibsecurity/28581", "content": "\u203c CVE-2021-20118 \u203c\n\nNessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. This is different than CVE-2021-20117.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-09T16:29:52.000000Z"}, {"uuid": "d5e7312b-d5a1-4725-ae93-e97f7d1f71c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20117", "type": "seen", "source": "https://t.me/cibsecurity/28581", "content": "\u203c CVE-2021-20118 \u203c\n\nNessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. This is different than CVE-2021-20117.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-09T16:29:52.000000Z"}, {"uuid": "0ed71343-0bf6-4cda-95c5-cbc572b9ee51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-2011", "type": "seen", "source": "https://t.me/cibsecurity/22408", "content": "\u203c CVE-2021-2011 \u203c\n\nVulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-20T18:40:43.000000Z"}]}