https://vulnerability.circl.lu/sightings/feed 2026-05-08T23:06:08.241919+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/e4310e09-2067-4d06-a33c-e009b726fa52/export 2026-05-08T23:06:08.734723+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "e4310e09-2067-4d06-a33c-e009b726fa52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41110", "type": "seen", "source": "https://t.me/cibsecurity/29791", "content": "\u203c CVE-2021-41110 \u203c\n\ncwlviewer is a web application to view and share Common Workflow Language workflows. Versions prior to 1.3.1 contain a Deserialization of Untrusted Data vulnerability. Commit number f6066f09edb70033a2ce80200e9fa9e70a5c29de (dated 2021-09-30) contains a patch. There are no available workarounds aside from installing the patch. The SnakeYaml constructor, by default, allows any data to be parsed. To fix the issue the object needs to be created with a `SafeConstructor` object, as seen in the patch.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-01T16:15:05.000000Z"} 2021-10-01T16:15:05+00:00 https://vulnerability.circl.lu/sighting/c914ddd1-42c5-4569-815f-d33faeb7d9f8/export 2026-05-08T23:06:08.734580+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "c914ddd1-42c5-4569-815f-d33faeb7d9f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41118", "type": "seen", "source": "https://t.me/cibsecurity/29922", "content": "\u203c CVE-2021-41118 \u203c\n\nThe DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. In affected versions unsanitised input of regular expression date within the parameters of the DPL parser function, allowed for the possibility of ReDoS (Regex Denial of Service). This has been resolved in version 3.3.6. If you are unable to update you may also set `$wgDplSettings['functionalRichness'] = 0;` or disable DynamicPageList3 to mitigate.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-04T22:24:54.000000Z"} 2021-10-04T22:24:54+00:00 https://vulnerability.circl.lu/sighting/fadfd1bf-da9b-4ead-9722-c5b2e042e5c7/export 2026-05-08T23:06:08.734424+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "fadfd1bf-da9b-4ead-9722-c5b2e042e5c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41116", "type": "seen", "source": "https://t.me/cibsecurity/30000", "content": "\u203c CVE-2021-41116 \u203c\n\nComposer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install untrusted dependencies are subject to command injection and should upgrade their composer version. Other OSs and WSL are not affected. The issue has been resolved in composer versions 1.10.23 and 2.1.9. There are no workarounds for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-05T22:30:47.000000Z"} 2021-10-05T22:30:47+00:00 https://vulnerability.circl.lu/sighting/a3a1fdb8-3639-4688-87ec-280bf16dc2e1/export 2026-05-08T23:06:08.734270+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "a3a1fdb8-3639-4688-87ec-280bf16dc2e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41113", "type": "seen", "source": "https://t.me/cibsecurity/30001", "content": "\u203c CVE-2021-41113 \u203c\n\nTYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the new TYPO3 v11 feature that allows users to create and share deep links in the backend user interface is vulnerable to cross-site-request-forgery. The impact is the same as described in TYPO3-CORE-SA-2020-006 (CVE-2020-11069). However, it is not limited to the same site context and does not require the attacker to be authenticated. In a worst case scenario, the attacker could create a new admin user account to compromise the system. To successfully carry out an attack, an attacker must trick his victim to access a compromised system. The victim must have an active session in the TYPO3 backend at that time. The following Same-Site cookie settings in $GLOBALS[TYPO3_CONF_VARS][BE][cookieSameSite] are required for an attack to be successful: SameSite=strict: malicious evil.example.org invoking TYPO3 application at good.example.org and SameSite=lax or none: malicious evil.com invoking TYPO3 application at example.org. Update your instance to TYPO3 version 11.5.0 which addresses the problem described.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-05T22:30:48.000000Z"} 2021-10-05T22:30:48+00:00 https://vulnerability.circl.lu/sighting/d9db7846-41cd-4333-a08b-464d1b19e61e/export 2026-05-08T23:06:08.734111+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "d9db7846-41cd-4333-a08b-464d1b19e61e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41114", "type": "seen", "source": "https://t.me/cibsecurity/30003", "content": "\u203c CVE-2021-41114 \u203c\n\nTYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that TYPO3 CMS is susceptible to host spoofing due to improper validation of the HTTP Host header. TYPO3 uses the HTTP Host header, for example, to generate absolute URLs during the frontend rendering process. Since the host header itself is provided by the client, it can be forged to any value, even in a name-based virtual hosts environment. This vulnerability is the same as described in TYPO3-CORE-SA-2014-001 (CVE-2014-3941). A regression, introduced during TYPO3 v11 development, led to this situation. The already existing setting $GLOBALS['TYPO3_CONF_VARS']['SYS']['trustedHostsPattern'] (used as an effective mitigation strategy in previous TYPO3 versions) was not evaluated anymore, and reintroduced the vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-05T22:30:51.000000Z"} 2021-10-05T22:30:51+00:00 https://vulnerability.circl.lu/sighting/2df8f445-198b-407e-ad5b-1f5e1d59d7be/export 2026-05-08T23:06:08.733910+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "2df8f445-198b-407e-ad5b-1f5e1d59d7be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41117", "type": "published-proof-of-concept", "source": "https://t.me/cibsecurity/30358", "content": "\u203c CVE-2021-41117 \u203c\n\nkeypair is a a RSA PEM key generator written in javascript. keypair implements a lot of cryptographic primitives on its own or by borrowing from other libraries where possible, including node-forge. An issue was discovered where this library was generating identical RSA keys used in SSH. This would mean that the library is generating identical P, Q (and thus N) values which, in practical terms, is impossible with RSA-2048 keys. Generating identical values, repeatedly, usually indicates an issue with poor random number generation, or, poor handling of CSPRNG output. Issue 1: Poor random number generation (`GHSL-2021-1012`). The library does not rely entirely on a platform provided CSPRNG, rather, it uses it's own counter-based CMAC approach. Where things go wrong is seeding the CMAC implementation with \"true\" random data in the function `defaultSeedFile`. In order to seed the AES-CMAC generator, the library will take two different approaches depending on the JavaScript execution environment. In a browser, the library will use [`window.crypto.getRandomValues()`](https://github.com/juliangruber/keypair/blob/87c62f255baa12c1ec4f98a91600f82af80be6db/index.js#L971). However, in a nodeJS execution environment, the `window` object is not defined, so it goes down a much less secure solution, also of which has a bug in it. It does look like the library tries to use node's CSPRNG when possible unfortunately, it looks like the `crypto` object is null because a variable was declared with the same name, and set to `null`. So the node CSPRNG path is never taken. However, when `window.crypto.getRandomValues()` is not available, a Lehmer LCG random number generator is used to seed the CMAC counter, and the LCG is seeded with `Math.random`. While this is poor and would likely qualify in a security bug in itself, it does not explain the extreme frequency in which duplicate keys occur. The main flaw: The output from the Lehmer LCG is encoded incorrectly. The specific [line][https://github.com/juliangruber/keypair/blob/87c62f255baa12c1ec4f98a91600f82af80be6db/index.js#L1008] with the flaw is: `b.putByte(String.fromCharCode(next & 0xFF))` The [definition](https://github.com/juliangruber/keypair/blob/87c62f255baa12c1ec4f98a91600f82af80be6db/index.js#L350-L352) of `putByte` is `util.ByteBuffer.prototype.putByte = function(b) {this.data += String.fromCharCode(b);};`. Simplified, this is `String.fromCharCode(String.fromCharCode(next & 0xFF))`. The double `String.fromCharCode` is almost certainly unintentional and the source of weak seeding. Unfortunately, this does not result in an error. Rather, it results most of the buffer containing zeros. Since we are masking with 0xFF, we can determine that 97% of the output from the LCG are converted to zeros. The only outputs that result in meaningful values are outputs 48 through 57, inclusive. The impact is that each byte in the RNG seed has a 97% chance of being 0 due to incorrect conversion. When it is not, the bytes are 0 through 9. In summary, there are three immediate concerns: 1. The library has an insecure random number fallback path. Ideally the library would require a strong CSPRNG instead of attempting to use a LCG and `Math.random`. 2. The library does not correctly use a strong random number generator when run in NodeJS, even though a strong CSPRNG is available. 3. The fallback path has an issue in the implementation where a majority of the seed data is going to effectively be zero. Due to the poor random number generation, keypair generates RSA keys that are relatively easy to guess. This could enable an attacker to decrypt confidential messages or gain authorized access to an account belonging to the victim.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-11T20:24:51.000000Z"} 2021-10-11T20:24:51+00:00 https://vulnerability.circl.lu/sighting/601f193a-2272-4792-9392-4a193881f2ab/export 2026-05-08T23:06:08.733770+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "601f193a-2272-4792-9392-4a193881f2ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41112", "type": "seen", "source": "https://t.me/cibsecurity/38200", "content": "\u203c CVE-2021-41112 \u203c\n\nRundeck is an open source automation service with a web console, command line tools and a WebAPI. In versions prior to 3.4.5, authenticated users could craft a request to modify or delete System or Project level Calendars, without appropriate authorization. Modifying or removing calendars could cause Scheduled Jobs to execute, or not execute on desired calendar days. Severity depends on trust level of authenticated users and impact of running or not running scheduled jobs on days governed by calendar definitions. Version 3.4.5 contains a patch for this issue. There are currently no known workarounds.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-28T22:23:33.000000Z"} 2022-02-28T22:23:33+00:00 https://vulnerability.circl.lu/sighting/671fefd2-c2dc-483c-82ef-969e1902dd8c/export 2026-05-08T23:06:08.733583+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "671fefd2-c2dc-483c-82ef-969e1902dd8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41111", "type": "seen", "source": "https://t.me/cibsecurity/38202", "content": "\u203c CVE-2021-41111 \u203c\n\nRundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to versions 3.4.5 and 3.3.15, an authenticated user with authorization to read webhooks in one project can craft a request to reveal Webhook definitions and tokens in another project. The user could use the revealed webhook tokens to trigger webhooks. Severity depends on trust level of authenticated users and whether any webhooks exist that trigger sensitive actions. There are patches for this vulnerability in versions 3.4.5 and 3.3.15. There are currently no known workarounds.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-28T22:23:37.000000Z"} 2022-02-28T22:23:37+00:00 https://vulnerability.circl.lu/sighting/2f356d2f-a829-4e38-bbfc-c181a9cc67b6/export 2026-05-08T23:06:08.733344+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "2f356d2f-a829-4e38-bbfc-c181a9cc67b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41111", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13112", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-41111\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to versions 3.4.5 and 3.3.15, an authenticated user with authorization to read webhooks in one project can craft a request to reveal Webhook definitions and tokens in another project. The user could use the revealed webhook tokens to trigger webhooks. Severity depends on trust level of authenticated users and whether any webhooks exist that trigger sensitive actions. There are patches for this vulnerability in versions 3.4.5 and 3.3.15. There are currently no known workarounds.\n\ud83d\udccf Published: 2022-02-28T19:15:11.000Z\n\ud83d\udccf Modified: 2025-04-23T19:00:01.628Z\n\ud83d\udd17 References:\n1. https://github.com/rundeck/rundeck/security/advisories/GHSA-mfqj-f22m-gv8j\n2. https://github.com/rundeck/rundeck/commit/a3bdc06a0731da902593732022a5b9d2b4facec5", "creation_timestamp": "2025-04-23T19:05:05.000000Z"} 2025-04-23T19:05:05+00:00 https://vulnerability.circl.lu/sighting/9b8b7d76-8017-40ab-831d-112ed379600c/export 2026-05-08T23:06:08.622471+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "9b8b7d76-8017-40ab-831d-112ed379600c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41112", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13113", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-41112\n\ud83d\udd25 CVSS Score: 8.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H)\n\ud83d\udd39 Description: Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In versions prior to 3.4.5, authenticated users could craft a request to modify or delete System or Project level Calendars, without appropriate authorization. Modifying or removing calendars could cause Scheduled Jobs to execute, or not execute on desired calendar days. Severity depends on trust level of authenticated users and impact of running or not running scheduled jobs on days governed by calendar definitions. Version 3.4.5 contains a patch for this issue. There are currently no known workarounds.\n\ud83d\udccf Published: 2022-02-28T19:15:17.000Z\n\ud83d\udccf Modified: 2025-04-23T18:59:54.497Z\n\ud83d\udd17 References:\n1. https://github.com/rundeck/rundeck/security/advisories/GHSA-f68p-c9wh-j2q8", "creation_timestamp": "2025-04-23T19:05:06.000000Z"} 2025-04-23T19:05:06+00:00