{"vulnerability": "CVE-2021-3735", "sightings": [{"uuid": "696a9ec7-bc75-4e83-8c2f-b90a54e79037", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2021-3735", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "32e6f621-eac0-4e78-b1d9-8bb863e00590", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3735", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5894", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-3735\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A deadlock issue was found in the AHCI controller device of QEMU. It occurs on a software reset (ahci_reset_port) while handling a host-to-device Register FIS (Frame Information Structure) packet from the guest. A privileged user inside the guest could use this flaw to hang the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability.\n\ud83d\udccf Published: 2022-08-26T15:25:40.000Z\n\ud83d\udccf Modified: 2025-02-28T13:07:24.170Z\n\ud83d\udd17 References:\n1. https://bugzilla.redhat.com/show_bug.cgi?id=1997184\n2. https://access.redhat.com/security/cve/CVE-2021-3735\n3. https://security-tracker.debian.org/tracker/CVE-2021-3735", "creation_timestamp": "2025-02-28T13:27:02.000000Z"}, {"uuid": "b80aa912-1d0f-4644-b039-306b46ac9b63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3735", "type": "seen", "source": "Telegram/2epzO30aBKTi3sLQZWIdnV1-g-7Xzk89A0Ir1f-KRz8NXyNE", "content": "", "creation_timestamp": "2025-03-02T11:44:22.000000Z"}, {"uuid": "89c4d10f-d015-4729-a4a4-84339be07c82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37350", "type": "seen", "source": "https://t.me/true_secator/2137", "content": "\u200b\u200bClaroty \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 11 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0435\u0442\u044c\u044e Nagios, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u0434 \u0441 \u043d\u0430\u0438\u0432\u044b\u0441\u0448\u0438\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438, \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442\u044c \u043a \u043a\u0440\u0430\u0436\u0435 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438 \u0444\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u044b\u043c \u0430\u0442\u0430\u043a\u0430\u043c.\n \nNagios Core - \u044d\u0442\u043e \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0439 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0435\u0442\u044f\u043c\u0438 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c, \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u044b\u0439 SolarWinds Network Performance Monitor (NPM), \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0434\u043b\u044f \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433\u0430 \u0437\u0430 \u0418\u0422-\u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u043e\u0439 \u043d\u0430 \u043f\u0440\u0435\u0434\u043c\u0435\u0442 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0431\u043e\u0435\u0432 \u0432 \u0440\u0430\u0431\u043e\u0442\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u0430\u0436\u043d\u044b\u0445 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u043e\u0432. \u041d\u0430 \u0431\u0430\u0437\u0435 Nagios Core \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u0443\u0435\u0442 Nagios XI - \u043f\u0440\u043e\u043f\u0440\u0438\u0435\u0442\u0430\u0440\u043d\u0430\u044f \u0432\u0435\u0431-\u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430, \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0449\u0430\u044f \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044f\u043c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u0437\u0430 \u0418\u0422-\u043e\u043f\u0435\u0440\u0430\u0446\u0438\u044f\u043c\u0438 \u0438 \u0438\u043c\u0435\u044e\u0449\u0430\u044f \u043c\u0430\u0441\u0448\u0442\u0430\u0431\u0438\u0440\u0443\u0435\u043c\u044b\u0439 \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433 \u0441 \u043d\u0430\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u0435\u043c\u044b\u043c \u0432\u044b\u0441\u043e\u043a\u043e\u0443\u0440\u043e\u0432\u043d\u0435\u0432\u044b\u043c \u043e\u0431\u0437\u043e\u0440\u043e\u043c \u0445\u043e\u0441\u0442\u043e\u0432, \u0441\u043b\u0443\u0436\u0431 \u0438 \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432.\n \n\u041e\u0441\u043d\u043e\u0432\u043d\u044b\u043c\u0438 \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u0434\u0432\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 (CVE-2021-37344, CVE-2021-37346) \u0432 Nagios XI Switch Wizard \u0438 Nagios XI WatchGuard Wizard, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0438 (CVE-2021-37350) \u0432 Nagios XI \u0438 \u043f\u043e\u0434\u0434\u0435\u043b\u043a\u0430 \u0437\u0430\u043f\u0440\u043e\u0441\u0430 \u043d\u0430 \u0441\u0442\u043e\u0440\u043e\u043d\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 (SSRF), \u0432\u043b\u0438\u044f\u044e\u0449\u0430\u044f \u043d\u0430 \u043c\u0430\u0441\u0442\u0435\u0440 Nagios XI Docker, \u0430 \u0442\u0430\u043a\u0436\u0435 RCE \u0441 \u043f\u043e\u0441\u0442-\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0435\u0439 \u0432 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0435 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f Nagios XI. \u0412 \u0441\u043e\u0432\u043e\u043a\u0443\u043f\u043d\u043e\u0441\u0442\u0438 \u043e\u043d\u0438 \u0434\u0430\u044e\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0441\u0431\u0440\u043e\u0441\u0438\u0442\u044c \u0432\u0435\u0431-\u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0443 \u0438\u043b\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0438 PHP, \u043f\u043e\u0432\u044b\u0448\u0430\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0434\u043e root, \u0442\u0430\u043a\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u0434\u043e\u0441\u0442\u0443\u043f \u0434\u043b\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434.\n \n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b \u0432 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f\u0445, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u044b\u0445 \u0432 \u0430\u0432\u0433\u0443\u0441\u0442\u0435: Nagios XI 5.8.5 \u0438 \u0432\u044b\u0448\u0435, Nagios XI Switch Wizard 2.5.7 \u0438 \u0432\u044b\u0448\u0435, Nagios XI Docker Wizard 1.13 \u0438 \u0432\u044b\u0448\u0435, \u0430 \u0442\u0430\u043a\u0436\u0435 Nagios XI WatchGuard 1.4.8 \u0438 \u0432\u044b\u0448\u0435.\n \n\u042d\u0442\u043e \u0443\u0436\u0435 \u0434\u0430\u043b\u0435\u043a\u043e \u043d\u0435\u0442 \u043f\u0435\u0440\u0432\u044b\u0439 \u043d\u0430\u0431\u043e\u0440 \u0431\u0430\u0433, \u0432 \u043c\u0430\u0435 \u044d\u0442\u043e\u0433\u043e \u0433\u043e\u0434\u0430 Skylight Cyber \u0443\u0436\u0435 \u043d\u0430\u0445\u043e\u0434\u0438\u043b\u0438 13 \u0441\u043b\u0430\u0431\u044b\u0445 \u043c\u0435\u0441\u0442 \u0432 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433\u0430 \u0441\u0435\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u043c \u0434\u043b\u044f \u0432\u0437\u043b\u043e\u043c\u0430 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0431\u0435\u0437 \u0432\u043c\u0435\u0448\u0430\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0430 \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u0430.\n \n\u0421\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0435\u0442\u044c\u044e \u0442\u0440\u0435\u0431\u0443\u044e\u0442 \u043e\u0431\u0448\u0438\u0440\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430\u043c \u0441\u0435\u0442\u0438 \u0438, \u0431\u0435\u0437\u0443\u0441\u043b\u043e\u0432\u043d\u043e, \u043c\u043e\u0433\u0443\u0442 \u0432\u044b\u0445\u043e\u0434\u0438\u0442\u044c \u0437\u0430 \u0435\u0435 \u043f\u0440\u0435\u0434\u0435\u043b\u044b \u0447\u0435\u0440\u0435\u0437 \u0431\u0440\u0430\u043d\u0434\u043c\u0430\u0443\u044d\u0440, \u0447\u0442\u043e\u0431\u044b \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u044b \u0438 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u044f. \u0412\u0441\u0435 \u044d\u0442\u043e \u0434\u0435\u043b\u0430\u0435\u0442 \u0442\u0430\u043a\u0438\u0435 \u0441\u0435\u0442\u0435\u0432\u044b\u0435 \u043a\u043e\u043d\u0446\u0435\u043d\u0442\u0440\u0430\u0442\u043e\u0440\u044b \u043e\u0434\u043d\u043e\u0439 \u0438\u0437 \u0433\u043b\u0430\u0432\u043d\u044b\u0445 \u043c\u0438\u0448\u0435\u043d\u0435\u0439 \u0434\u043b\u044f \u0445\u0430\u043a\u0435\u0440\u043e\u0432, \u043e\u0440\u0438\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u043d\u0430 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a.\n \n\u0414\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0432\u0441\u043f\u043e\u043c\u043d\u0438\u0442\u044c SolarWinds \u0438 Kaseya, \u043e\u0431\u043b\u0430\u0434\u0430\u044e\u0449\u0438\u0445, \u0431\u0435\u0437\u0443\u0441\u043b\u043e\u0432\u043d\u043e, \u043a\u0443\u0434\u0430 \u0431\u043e\u043b\u044c\u0448\u0435\u0439 \u0438 \u0431\u043e\u043b\u0435\u0435 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u043e\u0439 \u043a\u043b\u0438\u0435\u043d\u0442\u0441\u043a\u043e\u0439 \u0431\u0430\u0437\u043e\u0439. \u041d\u043e \u044d\u0442\u043e \u0432\u043e\u0432\u0441\u0435, \u043d\u0435 \u043e\u0437\u043d\u0430\u0447\u0430\u0435\u0442, \u0447\u0442\u043e \u0441\u0438\u0441\u0442\u0435\u043c\u044b Nagios \u0441 \u0442\u0430\u043a\u0438\u043c \u00ab\u043f\u0440\u0435\u043a\u0440\u0430\u0441\u043d\u044b\u043c\u00bb \u043d\u0430\u0431\u043e\u0440\u043e\u043c \u0434\u044b\u0440 \u043d\u0435 \u0437\u0430\u0438\u043d\u0442\u0435\u0440\u0435\u0441\u0443\u0435\u0442 \u0442\u0435\u043d\u0435\u0432\u043e\u0439 \u0441\u0435\u0433\u043c\u0435\u043d\u0442.", "creation_timestamp": "2021-09-23T16:20:06.000000Z"}, {"uuid": "5b8a6cfa-166d-41b7-8806-2d9db411d1fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37351", "type": "seen", "source": "https://t.me/cibsecurity/27302", "content": "\u203c CVE-2021-37351 \u203c\n\nNagios XI before version 5.8.5 is vulnerable to insecure permissions and allows unauthenticated users to access guarded pages through a crafted HTTP request to the server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-13T16:41:07.000000Z"}, {"uuid": "50e68129-a2c8-4187-86d5-db83b2a1933a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37352", "type": "seen", "source": "https://t.me/cibsecurity/27300", "content": "\u203c CVE-2021-37352 \u203c\n\nAn open redirect vulnerability exists in Nagios XI before version 5.8.5 that could lead to spoofing. To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-13T16:41:05.000000Z"}, {"uuid": "ae189b34-3bca-4864-9dfb-ed5ed4da537a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37353", "type": "seen", "source": "https://t.me/cibsecurity/27297", "content": "\u203c CVE-2021-37353 \u203c\n\nNagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due to improper sanitation in table_population.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-13T16:41:01.000000Z"}, {"uuid": "02cfc0ed-a48c-4923-b2be-41b739292959", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37350", "type": "seen", "source": "https://t.me/cibsecurity/27292", "content": "\u203c CVE-2021-37350 \u203c\n\nNagios XI before version 5.8.5 is vulnerable to SQL injection vulnerability in Bulk Modifications Tool due to improper input sanitisation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-13T16:40:53.000000Z"}, {"uuid": "4dfeecc7-7eee-4096-a254-bcd838e675d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37354", "type": "seen", "source": "https://t.me/cibsecurity/37537", "content": "\u203c CVE-2021-37354 \u203c\n\nXerox Phaser 4622 v35.013.01.000 was discovered to contain a buffer overflow in the function sub_3226AC via the TIMEZONE variable. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-15T22:34:54.000000Z"}, {"uuid": "e4a01ca3-191b-4acf-b7d0-1a86d1b9c81f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37358", "type": "seen", "source": "https://t.me/cibsecurity/27523", "content": "\u203c CVE-2021-37358 \u203c\n\nSQL Injection in SEACMS v210530 (2021-05-30) allows remote attackers to execute arbitrary code via the component \"admin_ajax.php?action=checkrepeat&amp;v_name=\".\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-18T18:16:59.000000Z"}]}