{"vulnerability": "CVE-2021-4009", "sightings": [{"uuid": "f21600c5-adf6-4825-aaf5-f79e88a4fd4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40094", "type": "seen", "source": "https://t.me/cibsecurity/33455", "content": "\u203c CVE-2021-40094 \u203c\n\nA DOM-based XSS vulnerability affects SquaredUp for SCOM 5.2.1.6654. If successfully exploited, this vulnerability may allow attackers to inject malicious code into a user's device.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-07T16:22:06.000000Z"}, {"uuid": "38dcc6c0-cc5d-4157-b836-ce908656d8c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-4009", "type": "seen", "source": "https://t.me/cibsecurity/34219", "content": "\u203c CVE-2021-4009 \u203c\n\nA flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcXFixesCreatePointerBarrier function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-17T20:37:10.000000Z"}, {"uuid": "9373f347-8750-4071-af32-95440c1f501e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40091", "type": "seen", "source": "https://t.me/cibsecurity/33411", "content": "\u203c CVE-2021-40091 \u203c\n\nAn SSRF issue was discovered in SquaredUp for SCOM 5.2.1.6654.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-07T00:22:31.000000Z"}, {"uuid": "22ab1829-ba34-4666-b483-4e76a28e2e75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40095", "type": "seen", "source": "https://t.me/cibsecurity/33438", "content": "\u203c CVE-2021-40095 \u203c\n\nAn issue was discovered in SquaredUp for SCOM 5.2.1.6654. The Download Log feature in System / Maintenance was susceptible to a local file inclusion vulnerability (when processing remote input in the log files downloaded by an authenticated administrator user), leading to the ability to read arbitrary files on the server filesystems.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-07T16:21:42.000000Z"}, {"uuid": "c659671c-35c3-4c0e-82e7-e2025260ad88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40096", "type": "seen", "source": "https://t.me/cibsecurity/33454", "content": "\u203c CVE-2021-40096 \u203c\n\nA cross-site scripting (XSS) vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via modification of the authorisationUrl in some integration configurations.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-07T16:22:05.000000Z"}, {"uuid": "7b9de413-e982-4b53-8070-1a2a6f9e98cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40093", "type": "seen", "source": "https://t.me/cibsecurity/33450", "content": "\u203c CVE-2021-40093 \u203c\n\nA cross-site scripting (XSS) vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via dashboard actions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-07T16:21:58.000000Z"}, {"uuid": "af43ffff-2dcb-48d9-9eca-d469a5e6ad69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40092", "type": "seen", "source": "https://t.me/cibsecurity/33448", "content": "\u203c CVE-2021-40092 \u203c\n\nA cross-site scripting (XSS) vulnerability in Image Tile in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via an SVG file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-07T16:21:57.000000Z"}, {"uuid": "ca2482c6-0e10-40c6-a231-5f28a330ffbe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40099", "type": "seen", "source": "https://t.me/cibsecurity/29386", "content": "\u203c CVE-2021-40099 \u203c\n\nAn issue was discovered in Concrete CMS through 8.5.5. Fetching the update json scheme over HTTP leads to remote code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-24T18:30:51.000000Z"}, {"uuid": "cb635d10-5697-4ef9-bc85-11a44d54699b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40097", "type": "seen", "source": "https://t.me/cibsecurity/29451", "content": "\u203c CVE-2021-40097 \u203c\n\nAn issue was discovered in Concrete CMS through 8.5.5. Authenticated path traversal leads to to remote code execution via uploaded PHP code, related to the bFilename parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-27T16:34:50.000000Z"}, {"uuid": "7d553a69-a859-45bb-9a87-6d710eb7aece", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40098", "type": "seen", "source": "https://t.me/cibsecurity/29447", "content": "\u203c CVE-2021-40098 \u203c\n\nAn issue was discovered in Concrete CMS through 8.5.5. Path Traversal leading to RCE via external form by adding a regular expression.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-27T16:34:45.000000Z"}]}