{"vulnerability": "cve-2021-4399", "sightings": [{"uuid": "e64e8fec-8c64-4f4c-9f9e-9623ffcf2726", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43990", "type": "seen", "source": "https://t.me/cibsecurity/41184", "content": "\u203c CVE-2021-43990 \u203c\n\nThe affected product is vulnerable to a network-based attack by threat actors supplying a crafted, malicious XML payload designed to trigger an external entity reference call.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-20T20:25:52.000000Z"}, {"uuid": "6e6c41f6-c0be-475e-800c-6afb8853c958", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43991", "type": "seen", "source": "https://t.me/cibsecurity/33316", "content": "\u203c CVE-2021-43991 \u203c\n\nThe Kentico Xperience CMS version 13.0 \u00e2\u20ac\u201c 13.0.43 is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS). Persistent XSS vulnerabilities occur when the application stores and retrieves client supplied data without proper handling of dangerous content. This type of XSS vulnerability is exploited by submitting malicious script content to the application which is then retrieved and executed by other application users. The attacker could exploit this to conduct a range of attacks against users of the affected application such as session hijacking, account take over and accessing sensitive data.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-03T18:39:48.000000Z"}, {"uuid": "bce34763-d1fb-48b7-a09f-704be3e8e6b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43997", "type": "seen", "source": "https://t.me/cibsecurity/32584", "content": "\u203c CVE-2021-43997 \u203c\n\nAmazon FreeRTOS 10.2.0 through 10.4.5 on the ARMv7-M and ARMv8-M MPU platforms does not prevent non-kernel code from calling the xPortRaisePrivilege and vPortResetPrivilege internal functions. This is fixed in 10.4.6 and in 10.4.3-LTS Patch 2.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-18T00:14:47.000000Z"}, {"uuid": "a8a72cc7-7416-460f-9c9c-e29b83c89cff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43998", "type": "seen", "source": "https://t.me/cibsecurity/33095", "content": "\u203c CVE-2021-43998 \u203c\n\nHashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed in Vault and Vault Enterprise 1.7.6, 1.8.5, and 1.9.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-30T18:34:26.000000Z"}]}