{"vulnerability": "CVE-2021-4398", "sightings": [{"uuid": "147ad42b-0ee3-482a-9eae-2b0dc3693806", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43980", "type": "seen", "source": "https://t.me/cibsecurity/50597", "content": "\u203c CVE-2021-43980 \u203c\n\nThe simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-28T20:07:49.000000Z"}, {"uuid": "7979c906-7f86-44f7-854b-8e0ef9deb414", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43986", "type": "seen", "source": "https://t.me/cibsecurity/41178", "content": "\u203c CVE-2021-43986 \u203c\n\nThe setup program for the affected product configures its files and folders with full access, which may allow unauthorized users permission to replace original binaries and achieve privilege escalation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-20T20:25:46.000000Z"}, {"uuid": "6275b118-fe38-412b-b701-0a082806b430", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43988", "type": "seen", "source": "https://t.me/cibsecurity/41183", "content": "\u203c CVE-2021-43988 \u203c\n\nThe affected product is vulnerable to a network-based attack by threat actors utilizing crafted naming conventions of files to gain unauthorized access rights.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-21T22:17:45.000000Z"}, {"uuid": "77f7d25f-cd87-4e14-a105-45e14523cf20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43984", "type": "seen", "source": "https://t.me/cibsecurity/34580", "content": "\u203c CVE-2021-43984 \u203c\n\nmySCADA myPRO: Versions 8.20.0 and prior has a feature where the firmware can be updated, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-23T22:19:32.000000Z"}, {"uuid": "2dec9c3a-3cab-4d83-a858-9904ae77b0c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43989", "type": "seen", "source": "https://t.me/cibsecurity/34592", "content": "\u203c CVE-2021-43989 \u203c\n\nmySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, which may allow an attacker to crack the previously retrieved password hashes.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-23T22:19:48.000000Z"}, {"uuid": "6955ffe2-fd2a-4d2e-8879-95ab3c1a5585", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43983", "type": "seen", "source": "https://t.me/cibsecurity/33847", "content": "\u203c CVE-2021-43983 \u203c\n\nWECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to multiple stack-based buffer overflow instances while parsing project files, which may allow an attacker to execute arbitrary code.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-13T18:12:16.000000Z"}]}