{"vulnerability": "CVE-2021-4255", "sightings": [{"uuid": "48bc5899-4652-4500-a9ad-6ea37e5adf38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42551", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-42551.yaml", "content": "", "creation_timestamp": "2023-04-27T09:58:59.000000Z"}, {"uuid": "74a6bda7-cf9c-4a2c-b644-b722f739ceb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42554", "type": "seen", "source": "https://t.me/cibsecurity/36738", "content": "\u203c CVE-2021-42554 \u203c\n\nSMM memory corruption vulnerability allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-03T07:29:34.000000Z"}, {"uuid": "580949db-9473-4325-a3ac-5337375858bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42553", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15411", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-42553\n\ud83d\udd25 CVSS Score: 6.8 (cvssV3_1, Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: A buffer overflow vulnerability in stm32_mw_usb_host of STMicroelectronics in versions before 3.5.1 allows an attacker to execute arbitrary code when the descriptor contains more endpoints than USBH_MAX_NUM_ENDPOINTS. The library is typically integrated when using a RTOS such as FreeRTOS on STM32 MCUs.\n\ud83d\udccf Published: 2022-10-21T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-07T20:10:49.445Z\n\ud83d\udd17 References:\n1. https://github.com/STMicroelectronics/stm32_mw_usb_host/pull/4\n2. https://github.com/STMicroelectronics/stm32_mw_usb_host", "creation_timestamp": "2025-05-07T20:22:49.000000Z"}, {"uuid": "cad0d1a6-3f0d-44b8-bb3f-025dc7db2ace", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42550", "type": "exploited", "source": "Telegram/QbzltGTL5MLooH2kEl1qS06h23oJX4UpKYkbnKcssYleTA", "content": "", "creation_timestamp": "2022-01-03T05:49:38.000000Z"}, {"uuid": "833bb7f6-81d2-4882-97b5-c6639d0ec052", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-4255", "type": "seen", "source": "https://t.me/cibsecurity/54829", "content": "\u203c CVE-2021-4255 \u203c\n\nA vulnerability was found in ctrlo lenio and classified as problematic. Affected by this issue is some unknown functionality of the file views/contractor.tt. The manipulation of the argument contractor.name leads to cross site scripting. The attack may be launched remotely. The name of the patch is e1646d5cd0a2fbab9eb505196dd2ca1c9e4cdd97. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216212.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-19T00:41:08.000000Z"}, {"uuid": "0da9cfef-5281-4bf1-b5ac-d1aa30ce14d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42553", "type": "seen", "source": "https://t.me/cibsecurity/51912", "content": "\u203c CVE-2021-42553 \u203c\n\nA buffer overflow vulnerability in stm32_mw_usb_host of STMicroelectronics allows an attacker to execute arbitrary code when the descriptor contains more endpoints than USBH_MAX_NUM_ENDPOINTS. The library is typically integrated when using a RTOS such as FreeRTOS on STM32 MCUs.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-21T21:07:58.000000Z"}, {"uuid": "b8f9acbd-9f1f-4a96-91c5-0c256edc79f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42552", "type": "seen", "source": "https://t.me/cibsecurity/39024", "content": "\u203c CVE-2021-42552 \u203c\n\nCross-site Scripting (XSS) vulnerability in ArchivistaBox webclient allows an attacker to craft a malicious link, executing JavaScript in the context of a victim's browser. This issue affects all ArchivistaBox versions prior to 2022/I.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-16T15:23:44.000000Z"}, {"uuid": "29ae5072-7c79-439e-8221-15148780f0d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42550", "type": "seen", "source": "https://t.me/cibsecurity/34169", "content": "\u203c CVE-2021-42550 \u203c\n\nIn logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-16T22:36:14.000000Z"}, {"uuid": "0f7be476-8b5a-4486-85f5-3d0a30b11a8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42551", "type": "seen", "source": "https://t.me/cibsecurity/35488", "content": "\u203c CVE-2021-42551 \u203c\n\nCross-site Scripting (XSS) vulnerability in the search functionality of AlCoda NetBiblio WebOPAC allows an unauthenticated user to craft a reflected Cross-Site Scripting attack. This issue affects: AlCoda NetBiblio WebOPAC versions prior to 4.0.0.320; versions later than 4.0.0.328. This issue does not affect: AlCoda NetBiblio WebOPAC version 4.0.0.335 and later versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-14T12:19:06.000000Z"}, {"uuid": "f3f3d778-33d1-4c87-adcf-d950a5651f2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42559", "type": "seen", "source": "https://t.me/cibsecurity/35366", "content": "\u203c CVE-2021-42559 \u203c\n\nAn issue was discovered in CALDERA 2.8.1. It contains multiple startup \"requirements\" that execute commands when starting the server. Because these commands can be changed via the REST API, an authenticated user can insert arbitrary commands that will execute when the server is restarted.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-12T22:17:31.000000Z"}, {"uuid": "25bc45b6-c714-4018-9f57-cbf52b6f975d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42558", "type": "seen", "source": "https://t.me/cibsecurity/35357", "content": "\u203c CVE-2021-42558 \u203c\n\nAn issue was discovered in CALDERA 2.8.1. It contains multiple reflected, stored, and self XSS vulnerabilities that may be exploited by authenticated and unauthenticated attackers.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-12T22:17:22.000000Z"}, {"uuid": "927c5efc-0673-4b1e-a10d-01e90b74613d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42557", "type": "seen", "source": "https://t.me/cibsecurity/31548", "content": "\u203c CVE-2021-42557 \u203c\n\nIn Jeedom through 4.1.19, a bug allows a remote attacker to bypass API access and retrieve users credentials.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-01T15:21:28.000000Z"}, {"uuid": "d6a1c280-6e50-4d67-9357-ee7a1021d813", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42556", "type": "seen", "source": "https://t.me/cibsecurity/31055", "content": "\u203c CVE-2021-42556 \u203c\n\nRasa X before 0.42.4 allows Directory Traversal during archive extraction. In the functionality that allows a user to load a trained model archive, an attacker has arbitrary write capability within specific directories via a crafted archive file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-22T22:39:22.000000Z"}]}