{"vulnerability": "cve-2022-2332", "sightings": [{"uuid": "3f381251-ad4e-4697-933b-c9754aeddaf3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23328", "type": "seen", "source": "https://t.me/cibsecurity/38408", "content": "\u203c CVE-2022-23328 \u203c\n\nA design flaw in all versions of Go-Ethereum allows an attacker node to send 5120 pending transactions of a high gas price from one account that all fully spend the full balance of the account to a victim Geth node, which can purge all of pending transactions in a victim node's memory pool and then occupy the memory pool to prevent new transactions from entering the pool, resulting in a denial of service (DoS).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-04T14:26:51.000000Z"}, {"uuid": "e9c1e11d-5493-4c76-a97b-5e2e3edb547a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23327", "type": "seen", "source": "https://t.me/cibsecurity/38406", "content": "\u203c CVE-2022-23327 \u203c\n\nA design flaw in Go-Ethereum 1.10.12 and older versions allows an attacker node to send 5120 future transactions with a high gas price in one message, which can purge all of pending transactions in a victim node's memory pool, causing a denial of service (DoS).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-04T14:26:49.000000Z"}, {"uuid": "1bbd1c96-3bf0-4502-a19c-3b16f0f0762f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23321", "type": "seen", "source": "https://t.me/cibsecurity/37253", "content": "\u203c CVE-2022-23321 \u203c\n\nA persistent cross-site scripting (XSS) vulnerability exists on two input fields within the administrative panel when editing users in the XMPie UStore application on version 12.3.7244.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-10T22:14:06.000000Z"}, {"uuid": "6b85a73a-d127-4b88-a2e8-7398b1f1d11b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23329", "type": "seen", "source": "https://t.me/cibsecurity/36885", "content": "\u203c CVE-2022-23329 \u203c\n\nA vulnerability in ${\"freemarker.template.utility.Execute\"?new() of UJCMS Jspxcms v10.2.0 allows attackers to execute arbitrary commands via uploading malicious files.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-05T00:31:13.000000Z"}, {"uuid": "d100393b-644b-4d39-89e4-3192b141eaf0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23320", "type": "seen", "source": "https://t.me/cibsecurity/36930", "content": "\u203c CVE-2022-23320 \u203c\n\nXMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries. Since the application ships with default administrative credentials, an attacker may authenticate into the application and exfiltrate sensitive information from the database.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-07T14:34:59.000000Z"}]}