{"vulnerability": "CVE-2021-4357", "sightings": [{"uuid": "ca272b53-bbd7-4913-b9fd-77895e6ea5d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43579", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lz2qayqpvb2s", "content": "", "creation_timestamp": "2025-09-17T21:02:36.759970Z"}, {"uuid": "63d8cd35-c2ec-4e89-8ec8-84693bf08050", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43578", "type": "seen", "source": "https://t.me/cibsecurity/32296", "content": "\u203c CVE-2021-43578 \u203c\n\nJenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier implements an agent-to-controller message that does not implement any validation of its input, allowing attackers able to control agent processes to replace arbitrary files on the Jenkins controller file system with an attacker-controlled JSON string.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-12T14:38:49.000000Z"}, {"uuid": "1395f519-6085-4611-a3e9-edc3c52c67c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43576", "type": "seen", "source": "https://t.me/cibsecurity/32295", "content": "\u203c CVE-2021-43576 \u203c\n\nJenkins pom2config Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers with Overall/Read and Item/Read permissions to have Jenkins parse a crafted XML file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-12T14:38:47.000000Z"}, {"uuid": "3da13a32-1d30-4d0e-983b-38a9bb749b5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43572", "type": "seen", "source": "https://t.me/cibsecurity/32123", "content": "\u203c CVE-2021-43572 \u203c\n\nThe verify function in the Stark Bank Python ECDSA library (ecdsa-python) 2.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-10T00:35:24.000000Z"}, {"uuid": "33a86050-ca36-4f46-8fb9-5fa7fe680b31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43570", "type": "seen", "source": "https://t.me/cibsecurity/32122", "content": "\u203c CVE-2021-43570 \u203c\n\nThe verify function in the Stark Bank Java ECDSA library (ecdsa-java) 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-10T00:35:23.000000Z"}, {"uuid": "2efdfc33-4a45-4c1c-a4e7-12dfe9d3cf4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43577", "type": "seen", "source": "https://t.me/cibsecurity/32299", "content": "\u203c CVE-2021-43577 \u203c\n\nJenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-12T14:38:53.000000Z"}, {"uuid": "80b57858-03a1-44ca-9aee-156f53b4858e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43574", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-43574.yaml", "content": "", "creation_timestamp": "2023-04-27T09:58:59.000000Z"}, {"uuid": "1b4e3ac1-7ed3-41b6-8fff-54b8d4cc6b95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43575", "type": "seen", "source": "https://t.me/cibsecurity/32128", "content": "\u203c CVE-2021-43575 \u203c\n\n** DISPUTED ** KNX ETS6 through 6.0.0 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information, a similar issue to CVE-2021-36799. NOTE: The vendor disputes this because it is not the responsibility of the ETS to securely store cryptographic key material when it is not being exported.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-10T02:35:27.000000Z"}, {"uuid": "0615a454-8db6-46c9-8e18-ad40a4298fb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43571", "type": "seen", "source": "https://t.me/cibsecurity/32125", "content": "\u203c CVE-2021-43571 \u203c\n\nThe verify function in the Stark Bank Node.js ECDSA library (ecdsa-node) 1.1.2 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-10T00:35:26.000000Z"}]}