{"vulnerability": "cve-2021-4331", "sightings": [{"uuid": "38b455ef-051f-475d-ae0f-f674c55eac5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43315", "type": "seen", "source": "https://t.me/cibsecurity/60681", "content": "\u203c CVE-2021-43315 \u203c\n\nA heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5349\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-24T23:47:37.000000Z"}, {"uuid": "475d0cb5-2325-4666-ae04-f276270ac9b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43315", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5296", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-43315\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5349\n\ud83d\udccf Published: 2023-03-24T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-25T15:08:37.064Z\n\ud83d\udd17 References:\n1. https://github.com/upx/upx/issues/380", "creation_timestamp": "2025-02-25T15:23:15.000000Z"}, {"uuid": "d0e37513-df02-4fa1-952d-cb989776c906", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43312", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5292", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-43312\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf64::invert_pt_dynamic at p_lx_elf.cpp:5239.\n\ud83d\udccf Published: 2023-03-24T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-25T15:13:30.750Z\n\ud83d\udd17 References:\n1. https://github.com/upx/upx/issues/379", "creation_timestamp": "2025-02-25T15:23:09.000000Z"}, {"uuid": "59040eac-29d1-4a8d-bce6-0288957fb870", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43314", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5295", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-43314\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5368\n\ud83d\udccf Published: 2023-03-24T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-25T15:10:26.821Z\n\ud83d\udd17 References:\n1. https://github.com/upx/upx/issues/380", "creation_timestamp": "2025-02-25T15:23:11.000000Z"}, {"uuid": "b8df4a9b-8c93-4c2c-9592-41ed97670a72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43316", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5298", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-43316\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le64().\n\ud83d\udccf Published: 2023-03-24T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-25T15:06:32.962Z\n\ud83d\udd17 References:\n1. https://github.com/upx/upx/issues/381", "creation_timestamp": "2025-02-25T15:23:17.000000Z"}, {"uuid": "31a43fa6-9fe4-43ed-83b6-32acf3ccbdec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43317", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5299", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-43317\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf64::elf_lookup() at p_lx_elf.cpp:5404\n\ud83d\udccf Published: 2023-03-24T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-25T15:05:22.989Z\n\ud83d\udd17 References:\n1. https://github.com/upx/upx/issues/380", "creation_timestamp": "2025-02-25T15:23:18.000000Z"}, {"uuid": "710f948b-eace-4406-b66b-3ed649118e21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43313", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5294", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-43313\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf32::invert_pt_dynamic at p_lx_elf.cpp:1688.\n\ud83d\udccf Published: 2023-03-24T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-25T15:12:23.571Z\n\ud83d\udd17 References:\n1. https://github.com/upx/upx/issues/378", "creation_timestamp": "2025-02-25T15:23:10.000000Z"}, {"uuid": "ecb64898-72d7-4554-a822-d21540af768a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43312", "type": "seen", "source": "https://t.me/cibsecurity/60696", "content": "\u203c CVE-2021-43312 \u203c\n\nA heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf64::invert_pt_dynamic at p_lx_elf.cpp:5239.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-24T23:47:58.000000Z"}, {"uuid": "0ccb3e28-b61d-434b-837b-82c3dc25ea0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-4331", "type": "seen", "source": "https://t.me/cibsecurity/59581", "content": "\u203c CVE-2021-4331 \u203c\n\nThe Plus Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). The plugin adds a registration form to the Elementor page builders functionality. As part of the registration form, users can choose which role to set as the default for users upon registration. This field is not hidden for lower-level users so any user with access to the Elementor page builder, such as contributors, can set the default role to administrator. Since contributors can not publish posts, only author+ users can elevate privileges without interaction via a site administrator (to approve a post).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-07T18:19:44.000000Z"}, {"uuid": "992eeca6-c056-4bc2-a5c3-c7ae80490578", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43314", "type": "seen", "source": "https://t.me/cibsecurity/60706", "content": "\u203c CVE-2021-43314 \u203c\n\nA heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5368\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-24T23:50:46.000000Z"}, {"uuid": "d88e2d6b-69cd-4efd-8d21-85dd6b233c80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43313", "type": "seen", "source": "https://t.me/cibsecurity/60705", "content": "\u203c CVE-2021-43313 \u203c\n\nA heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf32::invert_pt_dynamic at p_lx_elf.cpp:1688.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-24T23:50:45.000000Z"}, {"uuid": "fb962d5c-34e3-4817-888c-629c60c158d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43310", "type": "seen", "source": "https://t.me/cibsecurity/50231", "content": "\u203c CVE-2021-43310 \u203c\n\nA vulnerability in Keylime before 6.3.0 allows an attacker to craft a request to the agent that resets the U and V keys as if the agent were being re-added to a verifier. This could lead to a remote code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-21T22:41:28.000000Z"}, {"uuid": "e5a989b6-9828-4ebc-a000-dc5a31457a51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43319", "type": "seen", "source": "https://t.me/cibsecurity/33140", "content": "\u203c CVE-2021-43319 \u203c\n\nZoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection due to improper validation in the Ping functionality.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-30T22:34:51.000000Z"}]}