{"vulnerability": "CVE-2021-3740", "sightings": [{"uuid": "99eb964e-efc4-4efe-bf50-625152fcf7ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37401", "type": "seen", "source": "https://t.me/cibsecurity/34706", "content": "\u203c CVE-2021-37401 \u203c\n\nAn attacker may obtain the user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the PLC user program may be uploaded, altered, and/or downloaded.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-28T16:24:40.000000Z"}, {"uuid": "9c75513a-f37f-413d-a3d6-c5ab70b664e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37404", "type": "seen", "source": "https://t.me/arpsyndicate/3137", "content": "#ExploitObserverAlert\n\nCVE-2021-37404\n\nDESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to CVE-2021-37404. There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.\n\nFIRST-EPSS: 0.001730000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2024-01-28T00:46:59.000000Z"}, {"uuid": "61406300-7feb-4e23-9310-1ce3a19ad081", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37404", "type": "seen", "source": "https://t.me/cibsecurity/44255", "content": "\u203c CVE-2021-37404 \u203c\n\nThere is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-13T12:17:53.000000Z"}, {"uuid": "058e25ce-007c-438d-8b15-fb6f758522a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37400", "type": "seen", "source": "https://t.me/cibsecurity/34704", "content": "\u203c CVE-2021-37400 \u203c\n\nAn attacker may obtain the user credentials from the communication between the PLC and the software. As a result, the PLC user program may be uploaded, altered, and/or downloaded.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-28T16:24:38.000000Z"}, {"uuid": "7ad80a26-f613-4e68-9d70-2471cf0decf2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37402", "type": "seen", "source": "https://t.me/cibsecurity/26414", "content": "\u203c CVE-2021-37402 \u203c\n\nOX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via binary data that is mishandled when the legacy dataretrieval endpoint has been enabled.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-22T20:36:57.000000Z"}, {"uuid": "0f73c54a-47f0-4a96-a932-364fcef5715c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37403", "type": "seen", "source": "https://t.me/cibsecurity/26413", "content": "\u203c CVE-2021-37403 \u203c\n\nOX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and an App Loader relative URL is used.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-22T20:36:56.000000Z"}]}