{"vulnerability": "cve-2021-3986", "sightings": [{"uuid": "ecb326de-be6d-41cc-86d4-4dbe05552a94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3986", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113486656753282870", "content": "", "creation_timestamp": "2024-11-15T11:09:17.201698Z"}, {"uuid": "08e9e8af-cf53-4937-9b3f-67bce5751118", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39868", "type": "seen", "source": "https://t.me/cibsecurity/29904", "content": "\u203c CVE-2021-39868 \u203c\n\nIn all versions of GitLab CE/EE since version 8.12, an authenticated low-privileged malicious user may create a project with unlimited repository size by modifying values in a project export.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-04T20:23:56.000000Z"}, {"uuid": "ce7e8ca4-b680-4c30-862d-52ef02028015", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3986", "type": "seen", "source": "https://t.me/cvedetector/11069", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2021-3986 - \"Calibre Web Information Disclosure\"\", \n  \"Content\": \"CVE ID : CVE-2021-3986 \nPublished : Nov. 15, 2024, 11:15 a.m. | 36\u00a0minutes ago \nDescription : A vulnerability in janeczku/calibre-web allows unauthorized users to view the names of private shelves belonging to other users. This issue occurs in the file shelf.py at line 221, where the name of the shelf is exposed in an error message when a user attempts to remove a book from a shelf they do not own. This vulnerability discloses private information and affects all versions prior to the fix. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-15T13:15:48.000000Z"}, {"uuid": "40a4a717-68db-4522-841b-78f01dacf26e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39864", "type": "seen", "source": "https://t.me/cibsecurity/30630", "content": "\u203c CVE-2021-39864 \u203c\n\nAdobe Commerce versions 2.4.2-p2 (and earlier), 2.4.3 (and earlier) and 2.3.7p1 (and earlier) are affected by a cross-site request forgery (CSRF) vulnerability via a Wishlist Share Link. Successful exploitation could lead to unauthorized addition to customer cart by an unauthenticated attacker. Access to the admin console is not required for successful exploitation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-15T18:28:41.000000Z"}, {"uuid": "93212167-7812-4352-a2b5-0c929edd20d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39869", "type": "seen", "source": "https://t.me/cibsecurity/29966", "content": "\u203c CVE-2021-39869 \u203c\n\nIn all versions of GitLab CE/EE since version 8.9, project exports may expose trigger tokens configured on that project.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-05T16:30:37.000000Z"}, {"uuid": "2e3ba1df-d79d-4abe-8e0f-7b07c100d4d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39866", "type": "seen", "source": "https://t.me/cibsecurity/29969", "content": "\u203c CVE-2021-39866 \u203c\n\nA business logic error in the project deletion process in GitLab 13.6 and later allows persistent access via project access tokens.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-05T16:30:40.000000Z"}, {"uuid": "51d536af-fde9-4af3-8859-16fbe2f9aaad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39867", "type": "seen", "source": "https://t.me/cibsecurity/29955", "content": "\u203c CVE-2021-39867 \u203c\n\nIn all versions of GitLab CE/EE since version 8.15, a DNS rebinding vulnerability in Gitea Importer may be exploited by an attacker to trigger Server Side Request Forgery (SSRF) attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-05T16:30:25.000000Z"}, {"uuid": "2a685d5c-6ff4-4d68-bf69-622d19464aa4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39863", "type": "seen", "source": "https://t.me/cibsecurity/29662", "content": "\u203c CVE-2021-39863 \u203c\n\nAcrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-29T20:37:16.000000Z"}, {"uuid": "ed112f3a-412c-4e30-8faa-9f80348daff2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39862", "type": "seen", "source": "https://t.me/cibsecurity/29657", "content": "\u203c CVE-2021-39862 \u203c\n\nAdobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-29T20:37:08.000000Z"}, {"uuid": "a4dd45d7-abbb-43d9-adc3-c52cca5ee2e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39865", "type": "seen", "source": "https://t.me/cibsecurity/29656", "content": "\u203c CVE-2021-39865 \u203c\n\nAdobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-29T20:37:07.000000Z"}, {"uuid": "414830be-6cc4-46b6-abf7-4201a8f53b25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39863", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/4451", "content": "#exploit\n#Analytics\n#Threat_Research\nAnalysis of a Heap Buffer-Overflow Vulnerability in Adobe Acrobat Reader DC (CVE-2021-39863)\nhttps://blog.exodusintel.com/2021/10/04/analysis-of-a-heap-buffer-overflow-vulnerability-in-adobe-acrobat-reader-dc-2", "creation_timestamp": "2022-05-28T05:21:52.000000Z"}]}