{"vulnerability": "CVE-2021-4339", "sightings": [{"uuid": "fc6ff95c-8b3e-4f92-9fdb-b7f8d405d5f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43396", "type": "seen", "source": "https://bsky.app/profile/lambdawatchdog.bsky.social/post/3lupieul7sl2v", "content": "", "creation_timestamp": "2025-07-24T12:01:25.596742Z"}, {"uuid": "50924ac1-b066-4577-95fc-7fbeef6e740c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43396", "type": "seen", "source": "https://t.me/cibsecurity/31858", "content": "\u203c CVE-2021-43396 \u203c\n\nIn iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-04T23:25:40.000000Z"}, {"uuid": "6410457f-169b-40eb-8444-528256305863", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43395", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11654", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-43395\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue was discovered in illumos before f859e7171bb5db34321e45585839c6c3200ebb90, OmniOS Community Edition r151038, OpenIndiana Hipster 2021.04, and SmartOS 20210923. A local unprivileged user can cause a deadlock and kernel panic via crafted rename and rmdir calls on tmpfs filesystems. Oracle Solaris 10 and 11 is also affected.\n\ud83d\udccf Published: 2022-12-26T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-14T16:10:08.182Z\n\ud83d\udd17 References:\n1. https://github.com/illumos/illumos-gate/blob/069654420de4aade43c63c43cd2896e66945fc8a/usr/src/uts/common/fs/tmpfs/tmp_vnops.c\n2. https://github.com/illumos/illumos-gate/blob/b3403853e80914bd0aade9b5b605da4878078173/usr/src/uts/common/fs/tmpfs/tmp_dir.c\n3. https://www.oracle.com/security-alerts/cpujan2022.html\n4. http://www.tribblix.org/relnotes.html\n5. https://jgardner100.wordpress.com/2022/01/20/security-heads-up/\n6. https://illumos.topicbox.com/groups/developer/T1c9e4f27f8c2f959/security-heads-up-illumos14424\n7. https://www.illumos.org/issues/14424\n8. https://github.com/illumos/illumos-gate/commit/f859e7171bb5db34321e45585839c6c3200ebb90\n9. https://kebe.com/blog/?p=505", "creation_timestamp": "2025-04-14T16:53:53.000000Z"}, {"uuid": "2ad6bdd9-901a-4aa6-bf91-cc77638c7c8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43399", "type": "seen", "source": "https://t.me/cibsecurity/33633", "content": "\u203c CVE-2021-43399 \u203c\n\nThe Yubico YubiHSM YubiHSM2 library 2021.08, included in the yubihsm-shell project, does not properly validate the length of some operations including SSH signing requests, and some data operations received from a YubiHSM 2 device.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-08T22:22:53.000000Z"}, {"uuid": "d26cf5d9-2373-41f4-b0a0-a05343f373e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43390", "type": "seen", "source": "https://t.me/cibsecurity/32391", "content": "\u203c CVE-2021-43390 \u203c\n\nAn Out-of-Bounds Write vulnerability exists when reading a DGN file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DGN files. Crafted data in a DGN file and lack of proper validation of input data can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-15T00:11:47.000000Z"}, {"uuid": "0faf9660-4a78-4001-bad7-22bc39654c77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43391", "type": "seen", "source": "https://t.me/cibsecurity/32382", "content": "\u203c CVE-2021-43391 \u203c\n\nAn Out-of-Bounds Read vulnerability exists when reading a DXF file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF files. Crafted data in a DXF file (an invalid dash counter in line types) can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-15T00:11:33.000000Z"}, {"uuid": "11acd65a-47d0-4f4a-9150-234d957def61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43393", "type": "seen", "source": "https://t.me/cibsecurity/38417", "content": "\u203c CVE-2021-43393 \u203c\n\nSTMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to abuse signature verification. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE-J in closed configuration and J-SIGN (when signature verification is activated) but not for J-SAFE3 EPASS BAC and EAC products. It might also impact other products based on the J-SAFE-3 Java Card platform.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-04T16:26:58.000000Z"}, {"uuid": "41a5035c-b58f-4219-9d27-c69a9af0961e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43392", "type": "seen", "source": "https://t.me/cibsecurity/38413", "content": "\u203c CVE-2021-43392 \u203c\n\nSTMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to obtain information on cryptographic secrets. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE-J in closed configuration and J-SIGN (when signature verification is activated) but not for J-SAFE3 EPASS BAC and EAC products. It might also impact other products based on the J-SAFE-3 Java Card platform.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-04T16:26:52.000000Z"}, {"uuid": "f2d76460-6f99-4eae-9266-c6ff4afac65c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43394", "type": "seen", "source": "https://t.me/cibsecurity/36173", "content": "\u203c CVE-2021-43394 \u203c\n\nUnisys OS 2200 Messaging Integration Services (NTSI) 7R3B IC3 and IC4, 7R3C, and 7R3D has an Incorrect Implementation of an Authentication Algorithm. An LDAP password is not properly validated.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-25T00:17:46.000000Z"}, {"uuid": "3eceee5d-78e2-438d-8a0e-3475909cdee1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43398", "type": "seen", "source": "https://t.me/cibsecurity/31855", "content": "\u203c CVE-2021-43398 \u203c\n\nCrypto++ (aka Cryptopp) 8.6.0 and earlier contains a timing leakage in MakePublicKey(). There is a clear correlation between execution time and private key length, which may cause disclosure of the length information of the private key. This might allow attackers to conduct timing attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-04T23:25:35.000000Z"}]}