{"vulnerability": "CVE-2021-3843", "sightings": [{"uuid": "172bd266-ec61-44d7-89a7-8b202498d10f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38439", "type": "seen", "source": "https://t.me/cibsecurity/42017", "content": "\u203c CVE-2021-38439 \u203c\n\nAll versions of GurumDDS are vulnerable to heap-based buffer overflow, which may cause a denial-of-service condition or remotely execute arbitrary code.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-05T20:36:52.000000Z"}, {"uuid": "38faae8e-c643-492e-9909-67018f2d5039", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38435", "type": "seen", "source": "Telegram/HCV3Zue871rmNWtB76X2K6et5dfkOuhGT79p0-UTPkpZtpJv", "content": "", "creation_timestamp": "2025-02-06T02:43:28.000000Z"}, {"uuid": "507e2f6e-910a-455a-b454-452ee9791685", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38433", "type": "seen", "source": "Telegram/fySthXv51r1z6Wkd3KJvbNjnqSjfm2LtVTBT1zwP9ti5P_yl", "content": "", "creation_timestamp": "2025-02-06T02:43:28.000000Z"}, {"uuid": "ae93f06e-0f68-4901-a79b-dc03cc5c4c87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38433", "type": "seen", "source": "https://t.me/cibsecurity/42020", "content": "\u203c CVE-2021-38433 \u203c\n\nRTI Connext DDS Professional and Connext DDS Secure Versions 4.2x to 6.1.0 vulnerable to a stack-based buffer overflow, which may allow a local attacker to execute arbitrary code.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-05T20:36:55.000000Z"}, {"uuid": "3e3dc504-6496-4ab3-b783-3395bb3910e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38434", "type": "seen", "source": "https://t.me/cibsecurity/30682", "content": "\u203c CVE-2021-38434 \u203c\n\nFATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in an unexpected sign extension. An attacker could leverage this vulnerability to execute arbitrary code.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-18T16:31:57.000000Z"}, {"uuid": "4f55a1cc-6f34-4f77-bee3-65a14e5c8ace", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38438", "type": "seen", "source": "https://t.me/cibsecurity/30692", "content": "\u203c CVE-2021-38438 \u203c\n\nA use after free vulnerability in FATEK Automation WinProladder versions 3.30 and prior may be exploited when a valid user opens a malformed project file, which may allow arbitrary code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-18T16:32:13.000000Z"}, {"uuid": "191296b9-b3e6-451c-bcc4-a980958dbce8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3843", "type": "seen", "source": "https://t.me/cibsecurity/32347", "content": "\u203c CVE-2021-3843 \u203c\n\nA potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-13T00:39:35.000000Z"}, {"uuid": "01dbdff6-eafd-4e45-8393-2391620c6a5f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38432", "type": "seen", "source": "https://t.me/cibsecurity/30642", "content": "\u203c CVE-2021-38432 \u203c\n\nFATEK Automation Communication Server Versions 1.13 and prior lacks proper validation of user-supplied data, which could result in a stack-based buffer overflow condition and allow an attacker to remotely execute code.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-15T18:28:56.000000Z"}, {"uuid": "76228563-8b61-4877-a93b-14c591d7371a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38436", "type": "seen", "source": "https://t.me/cibsecurity/30685", "content": "\u203c CVE-2021-38436 \u203c\n\nFATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in a memory-corruption condition. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-18T16:32:03.000000Z"}, {"uuid": "427ddfd6-c7bd-4ad1-93dd-1d67352b8823", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38431", "type": "seen", "source": "https://t.me/cibsecurity/30610", "content": "\u203c CVE-2021-38431 \u203c\n\nAn authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project names and paths from other users.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-15T16:28:40.000000Z"}, {"uuid": "e9f25587-4476-44e9-8048-32f0e80f2f5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38430", "type": "seen", "source": "https://t.me/cibsecurity/30690", "content": "\u203c CVE-2021-38430 \u203c\n\nFATEK Automation WinProladder versions 3.30 and prior proper validation of user-supplied data when parsing project files, which could result in a stack-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-18T16:32:10.000000Z"}]}