{"vulnerability": "CVE-2021-3744", "sightings": [{"uuid": "5c78d69e-660d-4f4a-b77a-de4093747e4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-3744", "type": "seen", "source": "https://t.me/cibsecurity/38430", "content": "\u203c CVE-2021-3744 \u203c\n\nA memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-04T18:27:07.000000Z"}, {"uuid": "c8b58881-bf86-4249-8e29-5ca89d8eb09a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-37447", "type": "seen", "source": "https://t.me/cibsecurity/26456", "content": "\u203c CVE-2021-37447 \u203c\n\nIn NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentdelete?file=/.. for file deletion.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-26T02:40:28.000000Z"}, {"uuid": "90230dfb-387d-409f-9c65-c629b69d3de6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-37449", "type": "seen", "source": "https://t.me/cibsecurity/26465", "content": "\u203c CVE-2021-37449 \u203c\n\nCross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmlist?folder= (reflected).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-26T02:40:39.000000Z"}, {"uuid": "3c927f0d-11e8-4a1a-aa7d-37ad3e6e9701", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-37443", "type": "seen", "source": "https://t.me/cibsecurity/26464", "content": "\u203c CVE-2021-37443 \u203c\n\nNCH IVM Attendant v5.12 and earlier allows path traversal via the logdeleteselected check0 parameter for file deletion.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-26T02:40:38.000000Z"}, {"uuid": "183684c0-e032-4ce4-b43f-4f3fbdb182af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-37448", "type": "seen", "source": "https://t.me/cibsecurity/26462", "content": "\u203c CVE-2021-37448 \u203c\n\nCross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via the Mailbox name (stored).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-26T02:40:36.000000Z"}, {"uuid": "c1cd9d36-da24-4682-ad2d-4440ca80f654", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-37446", "type": "seen", "source": "https://t.me/cibsecurity/26461", "content": "\u203c CVE-2021-37446 \u203c\n\nIn NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentprop?file=/.. for file reading.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-26T02:40:35.000000Z"}, {"uuid": "e447f418-35f6-4e66-9a65-3871b0aafe80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-37440", "type": "seen", "source": "https://t.me/cibsecurity/26460", "content": "\u203c CVE-2021-37440 \u203c\n\nNCH Axon PBX v2.22 and earlier allows path traversal for file disclosure via the logprop?file=/.. substring.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-26T02:40:32.000000Z"}, {"uuid": "92d2baff-e1a2-43d1-8594-889a75fe5f66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-37445", "type": "seen", "source": "https://t.me/cibsecurity/26459", "content": "\u203c CVE-2021-37445 \u203c\n\nIn NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via logprop?file=/.. for file reading.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-26T02:40:31.000000Z"}, {"uuid": "325e0046-5b31-443e-ae7b-b991563aebfc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-37442", "type": "seen", "source": "https://t.me/cibsecurity/26458", "content": "\u203c CVE-2021-37442 \u203c\n\nNCH IVM Attendant v5.12 and earlier allows path traversal via viewfile?file=/.. to read files.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-26T02:40:30.000000Z"}, {"uuid": "6dbb7f28-3b4c-4886-af6a-7b42228ef03c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-37441", "type": "seen", "source": "https://t.me/cibsecurity/26457", "content": "\u203c CVE-2021-37441 \u203c\n\nNCH Axon PBX v2.22 and earlier allows path traversal for file deletion via the logdelete?file=/.. substring.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-26T02:40:29.000000Z"}, {"uuid": "5aaf1438-a863-4928-9578-b54143ac4d56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-37444", "type": "seen", "source": "https://t.me/cibsecurity/26466", "content": "\u203c CVE-2021-37444 \u203c\n\nNCH IVM Attendant v5.12 and earlier suffers from a directory traversal weakness upon uploading plugins in a ZIP archive. This can lead to code execution if a ZIP element's pathname is set to a Windows startup folder, a file for the inbuilt Out-Going Message function, or a file for the the inbuilt Autodial function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-26T02:40:43.000000Z"}]}