{"vulnerability": "cve-2021-3840", "sightings": [{"uuid": "e98b1592-4aff-4b2d-a0ab-99eff8e8d11c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38406", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:04.000000Z"}, {"uuid": "e08aff90-b399-48e8-91b3-921822173b7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38406", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971691", "content": "", "creation_timestamp": "2024-12-24T20:32:51.832906Z"}, {"uuid": "3bd7797a-e1b1-44c3-82fb-ce1da6e80419", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38406", "type": "seen", "source": "https://t.me/arpsyndicate/1063", "content": "#ExploitObserverAlert\n\nCVE-2021-38406\n\nDESCRIPTION: Exploit Observer has 1 entries related to CVE-2021-38406. Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in multiple out-of-bounds write instances. An attacker could leverage this vulnerability to execute code in the context of the current process.\n\nFIRST-EPSS: 0.929090000\nNVD-IS: 5.9\nNVD-ES: 1.8", "creation_timestamp": "2023-12-03T23:57:55.000000Z"}, {"uuid": "fd55eef2-a737-4a06-b445-9bfebef93b52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38406", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:31.000000Z"}, {"uuid": "884f1159-ec54-4124-9f61-72766a77ad9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2021-38406", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/71c7d200-7205-45f7-9b14-8e6388d9ac28", "content": "", "creation_timestamp": "2026-02-02T12:27:15.475187Z"}, {"uuid": "ce85b8c4-40a8-419e-a42f-600c41f0641c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38402", "type": "seen", "source": "https://t.me/cibsecurity/29063", "content": "\u203c CVE-2021-38402 \u203c\n\nDelta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could lead to a stack-based buffer overflow while trying to copy to a buffer during font string handling. An attacker could leverage this vulnerability to execute code in the context of the current process.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-17T22:24:10.000000Z"}, {"uuid": "24cb2bf7-c04b-41c2-b164-50562380a574", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38400", "type": "seen", "source": "https://t.me/cibsecurity/29918", "content": "\u203c CVE-2021-38400 \u203c\n\nAn attacker with physical access to Boston Scientific Zoom Latitude Model 3120 can remove the hard disk drive or create a specially crafted USB to extract the password hash for brute force reverse engineering of the system password.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-04T22:24:42.000000Z"}, {"uuid": "a02230fc-10da-4887-8181-79b3c86ff5ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38403", "type": "seen", "source": "https://t.me/cibsecurity/31784", "content": "\u203c CVE-2021-38403 \u203c\n\nDelta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter supplier of the API maintenance, which may allow an attacker to remotely execute code.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-03T23:23:37.000000Z"}, {"uuid": "d504195c-7844-452e-a9c8-5e9b2f864714", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38407", "type": "seen", "source": "https://t.me/cibsecurity/31780", "content": "\u203c CVE-2021-38407 \u203c\n\nDelta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API devices, which may allow an attacker to remotely execute code.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-03T23:23:32.000000Z"}, {"uuid": "e1e20786-cfce-4d50-874e-13c0bd5fe86c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38406", "type": "seen", "source": "https://t.me/cibsecurity/29062", "content": "\u203c CVE-2021-38406 \u203c\n\nDelta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in multiple out-of-bounds write instances. An attacker could leverage this vulnerability to execute code in the context of the current process.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-17T22:24:09.000000Z"}, {"uuid": "1c628d0e-656b-4fb2-98b0-5384cd813bca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38408", "type": "seen", "source": "https://t.me/cibsecurity/28585", "content": "\u203c CVE-2021-38408 \u203c\n\nA stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-09T16:29:57.000000Z"}, {"uuid": "e68abc8b-5c09-49f2-9f50-f74512d5455c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38404", "type": "seen", "source": "https://t.me/cibsecurity/29066", "content": "\u203c CVE-2021-38404 \u203c\n\nDelta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-17T22:24:14.000000Z"}]}