{"vulnerability": "CVE-2021-4197", "sightings": [{"uuid": "65d3f970-ae41-4100-a8bd-29d0c017be8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41973", "type": "seen", "source": "https://t.me/cibsecurity/31536", "content": "\u203c CVE-2021-41973 \u203c\n\nIn Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-01T11:21:20.000000Z"}, {"uuid": "4e630a96-2944-46bd-a489-d66d0d0572f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41972", "type": "seen", "source": "https://t.me/cibsecurity/32328", "content": "\u203c CVE-2021-41972 \u203c\n\nApache Superset up to and including 1.3.1 allowed for database connections password leak for authenticated users. This information could be accessed in a non-trivial way.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-12T22:39:09.000000Z"}, {"uuid": "fe0e2966-d373-4605-bec9-a131f09c7ba9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41976", "type": "seen", "source": "https://t.me/cibsecurity/30263", "content": "\u203c CVE-2021-41976 \u203c\n\nTad Uploader edit book list function is vulnerable to authorization bypass, thus remote attackers can use the function to amend the folder names in the book list without logging in.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-08T20:40:31.000000Z"}, {"uuid": "d6f7574e-9297-4a0c-bda3-6555aed64767", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41971", "type": "seen", "source": "https://t.me/cibsecurity/30715", "content": "\u203c CVE-2021-41971 \u203c\n\nApache Superset up to and including 1.3.0 when configured with ENABLE_TEMPLATE_PROCESSING on (disabled by default) allowed SQL injection when a malicious authenticated user sends an http request with a custom URL.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-18T18:32:20.000000Z"}, {"uuid": "2bb63ea8-6aa0-4054-9a04-29f26265e485", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41975", "type": "seen", "source": "https://t.me/cibsecurity/30256", "content": "\u203c CVE-2021-41975 \u203c\n\nTadTools special page is vulnerable to authorization bypass, thus remote attackers can use the specific parameter to delete arbitrary files in the system without logging in.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-08T20:40:23.000000Z"}, {"uuid": "a8e8a3c8-2e50-4017-8258-2d207e2744a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41974", "type": "seen", "source": "https://t.me/cibsecurity/30271", "content": "\u203c CVE-2021-41974 \u203c\n\nTad Book3 editing book page does not perform identity verification. Remote attackers can use the vulnerability to view and modify arbitrary content of books without permission.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-08T20:40:40.000000Z"}]}