{"vulnerability": "CVE-2022-4343", "sightings": [{"uuid": "cb5dd91a-2b80-499a-8893-ebbd3d0c0d52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43437", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11293", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-43437\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The Download function\u2019s parameter of EasyTest has insufficient validation for user input. A remote attacker authenticated as a general user can inject arbitrary SQL command to access, modify or delete database.\n\ud83d\udccf Published: 2023-01-03T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-10T16:46:55.622Z\n\ud83d\udd17 References:\n1. https://www.twcert.org.tw/tw/cp-132-6829-11133-1.html", "creation_timestamp": "2025-04-10T17:49:16.000000Z"}, {"uuid": "12176e6b-f533-4578-a0cc-b0bcb1b8db4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4343", "type": "seen", "source": "https://t.me/cibsecurity/69637", "content": "\u203c CVE-2022-4343 \u203c\n\nAn issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which a project member can leak credentials stored in site profile.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-01T14:14:06.000000Z"}, {"uuid": "78179d7e-235f-481f-ab8c-26a37a9f2a68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43436", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11292", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-43436\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The File Upload function of EasyTest has insufficient filtering for special characters and file type. A remote attacker authenticated as a general user can upload and execute arbitrary files, to manipulate system or disrupt service.\n\ud83d\udccf Published: 2023-01-03T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-10T16:47:43.259Z\n\ud83d\udd17 References:\n1. https://www.twcert.org.tw/tw/cp-132-6828-1e5e4-1.html", "creation_timestamp": "2025-04-10T17:49:12.000000Z"}, {"uuid": "00ca8ac4-04e5-40b1-a96b-8864b95a2632", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43439", "type": "seen", "source": "https://t.me/cibsecurity/52625", "content": "\u203c CVE-2022-43439 \u203c\n\nA vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50). Affected devices do not properly validate the Language-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-08T14:35:14.000000Z"}, {"uuid": "fd29fa33-d17f-4f8d-b743-9172460dfb1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43430", "type": "seen", "source": "https://t.me/cibsecurity/51803", "content": "\u203c CVE-2022-43430 \u203c\n\nJenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-19T20:15:27.000000Z"}, {"uuid": "f6a08659-58d5-485e-90e1-8dc18498b415", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43435", "type": "seen", "source": "https://t.me/cibsecurity/51801", "content": "\u203c CVE-2022-43435 \u203c\n\nJenkins 360 FireLine Plugin 1.7.2 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-19T20:15:25.000000Z"}, {"uuid": "6a53c16d-eff7-4710-83da-6c26de85359f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43434", "type": "seen", "source": "https://t.me/cibsecurity/51800", "content": "\u203c CVE-2022-43434 \u203c\n\nJenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-19T20:15:23.000000Z"}, {"uuid": "5cd74819-e77e-47ff-8b0a-04bdfe35e11c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43433", "type": "seen", "source": "https://t.me/cibsecurity/51796", "content": "\u203c CVE-2022-43433 \u203c\n\nJenkins ScreenRecorder Plugin 0.7 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-19T20:15:19.000000Z"}]}