{"vulnerability": "CVE-2021-3855", "sightings": [{"uuid": "435e0a3d-a0ae-4d53-b900-2edab55525f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38555", "type": "seen", "source": "https://t.me/cibsecurity/28699", "content": "\u203c CVE-2021-38555 \u203c\n\nAn XML external entity (XXE) injection vulnerability was discovered in the Any23 StreamUtils.java file and is known to affect Any23 versions < 2.5. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-11T14:36:40.000000Z"}, {"uuid": "ddc144bc-1683-43f7-bab9-dc8d73e82e70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38559", "type": "seen", "source": "https://t.me/cibsecurity/27899", "content": "\u203c CVE-2021-38559 \u203c\n\nDigitalDruid HotelDruid 3.0.2 has an XSS vulnerability in prenota.php affecting the fineperiodo1 parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-26T16:26:46.000000Z"}, {"uuid": "aa082f14-9eb2-4a2d-aed3-24caff094cf9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38556", "type": "seen", "source": "https://t.me/cibsecurity/27771", "content": "\u203c CVE-2021-38556 \u203c\n\nincludes/configure_client.php in RaspAP 2.6.6 allows attackers to execute commands via command injection.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-24T16:23:34.000000Z"}, {"uuid": "582a17c6-e90d-4c67-891a-a15dd439ac80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38557", "type": "seen", "source": "https://t.me/cibsecurity/27770", "content": "\u203c CVE-2021-38557 \u203c\n\nraspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions. The www-data account can execute /etc/raspap/hostapd/enablelog.sh as root with no password; however, the www-data account can also overwrite /etc/raspap/hostapd/enablelog.sh with any executable content.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-24T16:23:33.000000Z"}, {"uuid": "c99f19bd-7845-4811-92a0-57d76abebba0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38554", "type": "seen", "source": "https://t.me/cibsecurity/27326", "content": "\u203c CVE-2021-38554 \u203c\n\nHashiCorp Vault and Vault Enterprise\u00e2\u20ac\u2122s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. Fixed in 1.8.0 and pending 1.7.4 / 1.6.6 releases.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-13T20:41:26.000000Z"}, {"uuid": "5bfbc9c0-bb64-4b74-ae4d-8522d1ef28de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38553", "type": "seen", "source": "https://t.me/cibsecurity/27316", "content": "\u203c CVE-2021-38553 \u203c\n\nHashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-13T20:41:10.000000Z"}]}