{"vulnerability": "cve-2021-3849", "sightings": [{"uuid": "a1bb8461-7b2e-403b-b432-5d25374935f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3849", "type": "seen", "source": "https://t.me/cibsecurity/41356", "content": "\u203c CVE-2021-3849 \u203c\n\nAn authentication bypass vulnerability was discovered in the web interface of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-23T00:28:25.000000Z"}, {"uuid": "5fa93fa9-d347-49fb-840b-f0bcd7d2ef34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38494", "type": "seen", "source": "https://t.me/cibsecurity/31697", "content": "\u203c CVE-2021-38494 \u203c\n\nMozilla developers reported memory safety bugs present in Firefox 91. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 92.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-03T06:23:29.000000Z"}, {"uuid": "a952acb6-25b5-4dea-a853-c51d43a8df10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38499", "type": "seen", "source": "https://t.me/cibsecurity/31696", "content": "\u203c CVE-2021-38499 \u203c\n\nMozilla developers reported memory safety bugs present in Firefox 92. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-03T06:23:28.000000Z"}, {"uuid": "a6de7195-9697-48a6-b6ca-bcf076190518", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38491", "type": "seen", "source": "https://t.me/cibsecurity/31693", "content": "\u203c CVE-2021-38491 \u203c\n\nMixed-content checks were unable to analyze opaque origins which led to some mixed content being loaded. This vulnerability affects Firefox < 92.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-03T06:23:25.000000Z"}, {"uuid": "c4dd2280-d09e-4efe-8914-c632e34e0e77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38497", "type": "seen", "source": "https://t.me/cibsecurity/31688", "content": "\u203c CVE-2021-38497 \u203c\n\nThrough use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-03T06:23:18.000000Z"}, {"uuid": "c69c2a86-857d-4cb4-8c36-9bca11b28a79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38492", "type": "seen", "source": "https://t.me/cibsecurity/31705", "content": "\u203c CVE-2021-38492 \u203c\n\nWhen delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 92, Thunderbird < 91.1, Thunderbird < 78.14, Firefox ESR < 78.14, and Firefox ESR < 91.1.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-03T06:23:40.000000Z"}, {"uuid": "58a011d7-1521-4b06-b2dc-f467756f7731", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38493", "type": "seen", "source": "https://t.me/cibsecurity/31702", "content": "\u203c CVE-2021-38493 \u203c\n\nMozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-03T06:23:35.000000Z"}]}