{"vulnerability": "cve-2021-3628", "sightings": [{"uuid": "30176e20-8a42-4a00-970b-04b61ff48c6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36287", "type": "seen", "source": "https://t.me/cibsecurity/40417", "content": "\u203c CVE-2021-36287 \u203c\n\nDell VNX2 for file version 8.1.21.266 and earlier, contain an unauthenticated remote code execution vulnerability which may lead unauthenticated users to execute commands on the system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-09T00:13:29.000000Z"}, {"uuid": "78514c81-d74f-4283-add3-b90d088c43de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36288", "type": "seen", "source": "https://t.me/cibsecurity/40415", "content": "\u203c CVE-2021-36288 \u203c\n\nDell VNX2 for File version 8.1.21.266 and earlier, contain a path traversal vulnerability which may lead unauthenticated users to read/write restricted files\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-09T00:13:27.000000Z"}, {"uuid": "c8288fe8-9446-4459-9ec4-aad73077abb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3628", "type": "seen", "source": "https://t.me/cibsecurity/28030", "content": "\u203c CVE-2021-3628 \u203c\n\nOpenKM Community Edition in its 6.3.10 version is vulnerable to authenticated Cross-site scripting (XSS). A remote attacker could exploit this vulnerability by injecting arbitrary code via de uuid parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-30T22:32:46.000000Z"}, {"uuid": "426b940b-530a-468c-9372-f4fbd54fc8ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36289", "type": "seen", "source": "https://t.me/cibsecurity/36281", "content": "\u203c CVE-2021-36289 \u203c\n\nDell VNX2 OE for File versions 8.1.21.266 and earlier, contain a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information and use it.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-26T02:19:03.000000Z"}, {"uuid": "0d2f3ded-9888-401d-9686-411e54372c67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36284", "type": "seen", "source": "https://t.me/cibsecurity/29608", "content": "\u203c CVE-2021-36284 \u203c\n\nDell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this vulnerability to bypass excessive admin password attempt mitigations in order to carry out a brute force attack.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-29T00:36:16.000000Z"}, {"uuid": "0dad4736-e500-4e07-8b63-edc0c6467817", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36286", "type": "seen", "source": "https://t.me/cibsecurity/29603", "content": "\u203c CVE-2021-36286 \u203c\n\nDell SupportAssist Client Consumer versions 3.9.13.0 and any versions prior to 3.9.13.0 contain an arbitrary file deletion vulnerability that can be exploited by using the Windows feature of NTFS called Symbolic links. Symbolic links can be created by any(non-privileged) user under some object directories, but by themselves are not sufficient to successfully escalate privileges. However, combining them with a different object, such as the NTFS junction point allows for the exploitation. Support assist clean files functionality do not distinguish junction points from the physical folder and proceeds to clean the target of the junction that allows nonprivileged users to create junction points and delete arbitrary files on the system which can be accessed only by the admin.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-29T00:36:11.000000Z"}, {"uuid": "82ef978a-59c0-4236-8bc2-63e20ffdc20e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36285", "type": "seen", "source": "https://t.me/cibsecurity/29602", "content": "\u203c CVE-2021-36285 \u203c\n\nDell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this vulnerability to bypass excessive NVMe password attempt mitigations in order to carry out a brute force attack.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-29T00:36:10.000000Z"}, {"uuid": "144ae597-761c-4c8a-ba1f-a4bf004b78e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36283", "type": "seen", "source": "https://t.me/cibsecurity/29600", "content": "\u203c CVE-2021-36283 \u203c\n\nDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-29T00:36:08.000000Z"}]}