{"vulnerability": "CVE-2021-3348", "sightings": [{"uuid": "cdd30a12-375b-496b-866f-d0acf7c9523a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2021-33485", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-076-01", "content": "", "creation_timestamp": "2026-03-17T12:00:00.000000Z"}, {"uuid": "3047ffd8-6e54-4def-8e7a-097a56b5697f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-33485", "type": "seen", "source": "https://t.me/cibsecurity/26764", "content": "\u203c CVE-2021-33485 \u203c\n\nCODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-03T20:28:57.000000Z"}, {"uuid": "e0f06d24-c542-4591-82f6-c50199d4e105", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2021-33486", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-076-01", "content": "", "creation_timestamp": "2026-03-17T12:00:00.000000Z"}, {"uuid": "9c2f692e-8338-4bb6-968a-d39f5c370810", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-33481", "type": "seen", "source": "https://t.me/cibsecurity/32537", "content": "\u203c CVE-2021-33481 \u203c\n\nA stack-based buffer overflow vulnerability was discovered in gocr through 0.53-20200802 in try_to_divide_boxes() in pgm2asc.c.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-17T20:14:47.000000Z"}, {"uuid": "e2f1a279-5ff7-47cd-b973-012cd3749ec3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-33480", "type": "seen", "source": "https://t.me/cibsecurity/32533", "content": "\u203c CVE-2021-33480 \u203c\n\nAn use-after-free vulnerability was discovered in gocr through 0.53-20200802 in context_correction() in pgm2asc.c.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-17T20:14:41.000000Z"}, {"uuid": "77dd7d0c-761d-4c91-8dd8-c30f777dc755", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-33486", "type": "seen", "source": "https://t.me/cibsecurity/26752", "content": "\u203c CVE-2021-33486 \u203c\n\nAll versions of the CODESYS V3 Runtime Toolkit for VxWorks from version V3.5.8.0 and before version V3.5.17.10 have Improper Handling of Exceptional Conditions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-03T20:28:40.000000Z"}, {"uuid": "d86c05f5-8505-44ff-a591-aa2fe557499e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-33484", "type": "seen", "source": "https://t.me/cibsecurity/28318", "content": "\u203c CVE-2021-33484 \u203c\n\nAn issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. An attacker can download a copy of the installer, decompile it, and discover a hardcoded IV used to encrypt the username and userid in the comment POST request. Additionally, the attacker can decrypt the encrypted encryption key (sent as a parameter in the comment form request) by setting this encrypted value as the username, which will appear on the comment page in its decrypted form. Using these two values (combined with the encryption functionality discovered in the decompiled installer), the attacker can encrypt another user's ID and username. These values can be used as part of the comment posting request in order to spoof the user.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-07T12:17:15.000000Z"}, {"uuid": "acb1d72a-0096-4dbd-a6fe-93e68d9cb9d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-33483", "type": "seen", "source": "https://t.me/cibsecurity/28310", "content": "\u203c CVE-2021-33483 \u203c\n\nAn issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. The comment posting functionality allows an attacker to add an XSS payload to the JSON request that will execute when users visit the page with the comment.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-07T12:17:06.000000Z"}]}