{"vulnerability": "CVE-2021-3755", "sightings": [{"uuid": "c29610c8-5e36-4e1c-abd5-0888e1475b85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37551", "type": "seen", "source": "https://t.me/cibsecurity/26943", "content": "\u203c CVE-2021-37551 \u203c\n\nIn JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-06T18:32:37.000000Z"}, {"uuid": "c0671386-b205-4737-b6d8-42e97e530483", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37550", "type": "seen", "source": "https://t.me/cibsecurity/26942", "content": "\u203c CVE-2021-37550 \u203c\n\nIn JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons were used.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-06T18:32:36.000000Z"}, {"uuid": "037e8f5b-fc19-4741-a543-5286040c89c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37554", "type": "seen", "source": "https://t.me/cibsecurity/26947", "content": "\u203c CVE-2021-37554 \u203c\n\nIn JetBrains YouTrack before 2021.3.21051, a user could see boards without having corresponding permissions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-06T18:32:44.000000Z"}, {"uuid": "bfc97e38-3d3b-4a64-a6b1-de219ad14cf3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37552", "type": "seen", "source": "https://t.me/cibsecurity/26937", "content": "\u203c CVE-2021-37552 \u203c\n\nIn JetBrains YouTrack before 2021.2.17925, stored XSS was possible.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-06T18:32:29.000000Z"}, {"uuid": "03b26506-ba48-4767-9aa4-7b888badf42e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37557", "type": "seen", "source": "https://t.me/cibsecurity/26765", "content": "\u203c CVE-2021-37557 \u203c\n\nA SQL injection vulnerability in image generation in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the include/views/graphs/generateGraphs/generateImage.php index parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-03T20:28:59.000000Z"}, {"uuid": "39946bc9-375b-467b-a916-1ce3e2ecb3de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37558", "type": "seen", "source": "https://t.me/cibsecurity/26763", "content": "\u203c CVE-2021-37558 \u203c\n\nA SQL injection vulnerability in a MediaWiki script in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote unauthenticated attackers to execute arbitrary SQL commands via the host_name and service_description parameters. The vulnerability can be exploited only when a valid Knowledge Base URL is configured on the Knowledge Base configuration page and points to a MediaWiki instance. This relates to the proxy feature in class/centreon-knowledge/ProceduresProxy.class.php and include/configuration/configKnowledge/proxy/proxy.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-03T20:28:57.000000Z"}, {"uuid": "d96031b8-aa9c-4bb8-ac47-8cef5840da30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37556", "type": "seen", "source": "https://t.me/cibsecurity/26751", "content": "\u203c CVE-2021-37556 \u203c\n\nA SQL injection vulnerability in reporting export in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the include/reporting/dashboard/csvExport/csv_HostGroupLogs.php start and end parameters.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-03T20:28:39.000000Z"}, {"uuid": "54e7a068-c792-44ad-9087-f6e73c1edfef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37553", "type": "seen", "source": "https://t.me/cibsecurity/26944", "content": "\u203c CVE-2021-37553 \u203c\n\nIn JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-06T18:32:38.000000Z"}, {"uuid": "cd6d44d5-940c-4fef-8652-72cd863b4b39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37555", "type": "seen", "source": "https://t.me/cibsecurity/26519", "content": "\u203c CVE-2021-37555 \u203c\n\nTX9 Automatic Food Dispenser v3.2.57 devices allow access to a shell as root/superuser, a related issue to CVE-2019-16734. To connect, the telnet service is used on port 23 with the default password of 059AnkJ for the root account. The user can then download the filesystem through preinstalled BusyBox utilities (e.g., tar and nc).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-27T00:11:42.000000Z"}]}