{"vulnerability": "CVE-2021-3786", "sightings": [{"uuid": "f2bb2c71-2799-4557-a968-7fe0ab3ea2c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3786", "type": "seen", "source": "https://t.me/cibsecurity/32336", "content": "\u203c CVE-2021-3786 \u203c\n\nA potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM range.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-13T00:39:15.000000Z"}, {"uuid": "658557a8-bd43-4dfc-9ffb-7f15717eac15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37863", "type": "seen", "source": "https://t.me/cibsecurity/34210", "content": "\u203c CVE-2021-37863 \u203c\n\nMattermost 6.0 and earlier fails to sufficiently validate parameters during post creation, which allows authenticated attackers to cause a client-side crash of the web application via a maliciously crafted post.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-17T20:36:57.000000Z"}, {"uuid": "15a21339-32aa-466f-aebf-73fea106fcd4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37862", "type": "seen", "source": "https://t.me/cibsecurity/34202", "content": "\u203c CVE-2021-37862 \u203c\n\nMattermost 6.0 and earlier fails to sufficiently validate the email address during registration, which allows attackers to trick users into signing up using attacker-controlled email addresses via crafted invitation token.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-17T20:36:49.000000Z"}, {"uuid": "21aa55ad-203b-4b08-8c27-66c62e9afe74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37860", "type": "seen", "source": "https://t.me/cibsecurity/29239", "content": "\u203c CVE-2021-37860 \u203c\n\nMattermost 5.38 and earlier fails to sufficiently sanitize clipboard contents, which allows a user-assisted attacker to inject arbitrary web script in product deployments that explicitly disable the default CSP.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-22T20:29:00.000000Z"}]}