Lista CVE 2022/4xxx

CVE nel gruppo: 4xxx

CVE-2022-4042 (N/A)

CVE-2022-4043 (Paytium < 4.3.7 - Admin+ Stored XSS)

CVE-2022-4044 (WP Custom Admin Interface < 7.29 - Admin+ PHP Object Injection)

CVE-2022-4045 (Authenticated user could send multiple requests containing a large Auto Responder Message payload and can crash a Mattermost server)

CVE-2022-4046 (Authenticated user could send multiple requests containing a parameter which could fetch a large amount of data and can crash a Mattermost server)

CVE-2022-4047 (CODESYS: Improper memory restrictions fro CODESYS Control)

CVE-2022-4048 (Return Refund and Exchange For WooCommerce < 4.0.9 - Unauthenticated Arbitrary File Upload)

CVE-2022-4049 (CODESYS V3 prone to Inadequate Encryption Stregth)

CVE-2022-4050 (WP User <= 7.0 - Unauthenticated SQLi)

CVE-2022-4051 (JoomSport < 5.2.8 - Unauthenticated SQLi)

CVE-2022-4052 (Hostel Searching Project view-property.php sql injection)

CVE-2022-4053 (Student Attendance Management System createClass.php sql injection)

CVE-2022-4054 (Student Attendance Management System createClass.php cross site scripting)

CVE-2022-4055 (N/A)

CVE-2022-4057 (N/A)

CVE-2022-4058 (Autoptimize < 3.1.0 - Sensitive Data Disclosure)

CVE-2022-4059 (Photo Gallery < 1.8.3 - Stored XSS via CSRF)

CVE-2022-4060 (Cryptocurrency Widgets Pack < 2.0 - Unauthenticated SQLi)

CVE-2022-4061 (User Post Gallery <= 2.19 - Unauthenticated RCE)

CVE-2022-4062 (JobBoardWP < 1.2.2 - Unauthenticated Arbitrary File Upload)

CVE-2022-4063 (N/A)

CVE-2022-4064 (InPost Gallery < 2.1.4.1 - Unauthenticated LFI to RCE)

CVE-2022-4065 (Dalli Meta Protocol request_formatter.rb self.meta_set injection)

CVE-2022-4066 (cbeust testng XML File Parser JarFileUtils.java testngXmlExistsInJar path traversal)

CVE-2022-4067 (davidmoreno onion Log response.c onion_response_flush allocation of resources)

CVE-2022-4068 (Cross-site Scripting (XSS) – Stored in librenms/librenms)

CVE-2022-4069 (Improperly Controlled Modification of Dynamically-Determined Object Attributes in librenms/librenms)

CVE-2022-4070 (Cross-site Scripting (XSS) – Generic in librenms/librenms)

CVE-2022-4071 (Insufficient Session Expiration in librenms/librenms)

CVE-2022-4072 (N/A)

CVE-2022-4073 (N/A)

CVE-2022-4074 (N/A)

CVE-2022-4075 (N/A)

CVE-2022-4076 (N/A)

CVE-2022-4077 (N/A)

CVE-2022-4078 (N/A)

CVE-2022-4079 (N/A)

CVE-2022-4080 (N/A)

CVE-2022-4081 (N/A)

CVE-2022-4082 (N/A)

CVE-2022-4083 (N/A)

CVE-2022-4084 (N/A)

CVE-2022-4085 (N/A)

CVE-2022-4086 (N/A)

CVE-2022-4087 (N/A)

CVE-2022-4088 (iPXE TLS tls.c tls_new_ciphertext information exposure)

CVE-2022-4089 (rickxy Stock Management System processlogin.php sql injection)

CVE-2022-4090 (rickxy Stock Management System processlogin.php cross site scripting)

CVE-2022-4091 (rickxy Stock Management System cross-site request forgery)

CVE-2022-4092 (SourceCodester Canteen Management System food.php query cross site scripting)

CVE-2022-4093 (N/A)

CVE-2022-4095 ( SQL Injection in dolibarr/dolibarr)

CVE-2022-4096 (N/A)

CVE-2022-4097 (Server-Side Request Forgery (SSRF) in appsmithorg/appsmith)

CVE-2022-4098 (All In One WP Security & Firewall < 5.0.8 - IP Spoofing)

CVE-2022-4099 (Wiesemann & Theis: Multiple products prone to missing authentication through spoofing)

CVE-2022-4100 (Joy Of Text Lite < 2.3.1 - Unauthenticated SQLi)

CVE-2022-4101 (WP Cerber Security <= 9.4 - IP Protection Bypass)

CVE-2022-4102 (Images Optimize and Upload CF7 <= 2.1.4 - Unauthenticated Arbitrary File Deletion)

CVE-2022-4103 (Royal Elementor Addons < 1.3.56 - Subscriber+ Arbitrary Post Deletion)