{"vulnerability": "cve-2021-3719", "sightings": [{"uuid": "783dd754-349d-48b5-bf8f-cde99ca1c2c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3719", "type": "seen", "source": "https://t.me/cibsecurity/32353", "content": "\u203c CVE-2021-3719 \u203c\n\nA potential vulnerability in the SMI callback function that saves and restore boot script tables used for resuming from sleep state in some ThinkCentre and ThinkStation models may allow an attacker with local access and elevated privileges to execute arbitrary code.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-13T00:39:44.000000Z"}, {"uuid": "90de9d35-79ab-4833-b9da-2915f6e90690", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37198", "type": "seen", "source": "https://t.me/cibsecurity/35232", "content": "\u203c CVE-2021-37198 \u203c\n\nA vulnerability has been identified in COMOS (All versions < V10.4.1). The COMOS Web component of COMOS uses a flawed implementation of CSRF prevention. An attacker could exploit this vulnerability to perform Cross-Site-Request-Forgery attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-11T14:15:58.000000Z"}, {"uuid": "16caef05-df75-4794-828c-64bb1d39cb24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37196", "type": "seen", "source": "https://t.me/cibsecurity/35229", "content": "\u203c CVE-2021-37196 \u203c\n\nA vulnerability has been identified in COMOS (All versions < V10.4.1). The COMOS Web component of COMOS unpacks specially crafted archive files to relative paths. This vulnerability could allow an attacker to store files in any folder accessible by the COMOS Web webservice.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-11T14:15:52.000000Z"}, {"uuid": "360f3e6f-4bb3-4ddb-a179-0bcdf39c699a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37197", "type": "seen", "source": "https://t.me/cibsecurity/35228", "content": "\u203c CVE-2021-37197 \u203c\n\nA vulnerability has been identified in COMOS (All versions < V10.4.1). The COMOS Web component of COMOS is vulnerable to SQL injections. This could allow an attacker to execute arbitrary SQL statements.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-11T14:15:52.000000Z"}, {"uuid": "ed1c0a09-99a6-4be7-8367-5cfd5cabd6ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37195", "type": "seen", "source": "https://t.me/cibsecurity/35225", "content": "\u203c CVE-2021-37195 \u203c\n\nA vulnerability has been identified in COMOS (All versions < V10.4.1). The COMOS Web component of COMOS accepts arbitrary code as attachment to tasks. This could allow an attacker to inject malicious code that is executed when loading the attachment.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-11T14:15:48.000000Z"}, {"uuid": "b0eb9294-2d05-46ba-a88c-6f54e96d143e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37194", "type": "seen", "source": "https://t.me/cibsecurity/37071", "content": "\u203c CVE-2021-37194 \u203c\n\nA vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.2.14 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS allows to upload and store arbitrary files at the webserver. This could allow an attacker to store malicious files.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-09T18:13:02.000000Z"}, {"uuid": "39cb1c0e-9eda-4030-a9e4-f8784572dbd6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37199", "type": "seen", "source": "https://t.me/cibsecurity/30381", "content": "\u203c CVE-2021-37199 \u203c\n\nA vulnerability has been identified in SINUMERIK 808D (All versions), SINUMERIK 828D (All versions < V4.95). Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial-of-service in the device.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-12T14:25:30.000000Z"}, {"uuid": "cb7adb32-2567-415d-9194-3dd7741698ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37192", "type": "seen", "source": "https://t.me/cibsecurity/28778", "content": "\u203c CVE-2021-37192 \u203c\n\nA vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software has an information disclosure vulnerability that could allow an attacker to retrieve a list of network devices a known user can manage.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-14T14:20:58.000000Z"}, {"uuid": "eefde819-5d8d-4b52-a95c-6fd6332baa03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37191", "type": "seen", "source": "https://t.me/cibsecurity/28774", "content": "\u203c CVE-2021-37191 \u203c\n\nA vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could brute force the usernames from the affected software.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-14T14:20:52.000000Z"}, {"uuid": "cba2a0a2-5807-4dc9-b9ab-4446d2a57298", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37190", "type": "seen", "source": "https://t.me/cibsecurity/28785", "content": "\u203c CVE-2021-37190 \u203c\n\nA vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software has an information disclosure vulnerability that could allow an attacker to retrieve VPN connection for a known user.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-14T14:21:07.000000Z"}, {"uuid": "fd1ebe06-226c-4f63-a519-81ff0655a116", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37193", "type": "seen", "source": "https://t.me/cibsecurity/28772", "content": "\u203c CVE-2021-37193 \u203c\n\nA vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could manipulate certain parameters and set a valid user of the affected software as invalid (or vice-versa).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-14T14:20:49.000000Z"}]}