Vulnerabilities (CVE)

Filtered by CWE-284
Total 4404 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-43679 1 Owncloud 1 Owncloud 2026-06-17 N/A 4.2 MEDIUM
The Docker image of ownCloud Server through 10.11 contains a misconfiguration that renders the trusted_domains config useless. This could be abused to spoof the URL in password-reset e-mail messages.
CVE-2022-43429 1 Jenkins 2 Compuware Topaz For Total Test, Jenkins 2026-06-17 N/A 7.5 HIGH
Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to read arbitrary files on the Jenkins controller file system.
CVE-2022-43110 2026-06-17 N/A 9.8 CRITICAL
Voltronic Power ViewPower through 1.04-21353 and PowerShield Netguard before 1.04-23292 allows a remote attacker to configure the system via an unspecified web interface. An unauthenticated remote attacker can make changes to the system including: changing the web interface admin password, view/change system configuration, enumerate connected UPS devices and shut down connected UPS devices. This extends to being able to configure operating system commands that should run if the system detects a connected UPS shutting down.
CVE-2022-42865 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2026-06-17 N/A 5.5 MEDIUM
This issue was addressed by enabling hardened runtime. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. An app may be able to bypass Privacy preferences.
CVE-2022-42862 1 Apple 3 Ipados, Iphone Os, Macos 2026-06-17 N/A 5.5 MEDIUM
This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. An app may be able to bypass Privacy preferences.
CVE-2022-42861 1 Apple 3 Ipados, Iphone Os, Macos 2026-06-17 N/A 8.8 HIGH
This issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2. An app may be able to break out of its sandbox.
CVE-2022-42859 1 Apple 4 Ipados, Iphone Os, Macos and 1 more 2026-06-17 N/A 5.5 MEDIUM
Multiple issues were addressed by removing the vulnerable code. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, watchOS 9.2. An app may be able to bypass Privacy preferences.
CVE-2022-42853 1 Apple 1 Macos 2026-06-17 N/A 5.5 MEDIUM
An access issue was addressed with improved access restrictions. This issue is fixed in macOS Ventura 13.1. An app may be able to modify protected parts of the file system.
CVE-2022-42816 1 Apple 1 Macos 2026-06-17 N/A 5.5 MEDIUM
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system.
CVE-2022-42814 1 Apple 1 Macos 2026-06-17 N/A 5.5 MEDIUM
A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data.
CVE-2022-42811 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2026-06-17 N/A 5.5 MEDIUM
An access issue was addressed with additional sandbox restrictions. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be able to access user-sensitive data.
CVE-2022-42717 2 Hashicorp, Linux 2 Vagrant, Linux Kernel 2026-06-17 N/A 7.8 HIGH
An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute arbitrary commands as root.
CVE-2022-42707 1 Mahara 1 Mahara 2026-06-17 N/A 7.5 HIGH
In Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0, embedded images are accessible without a sufficient permission check under certain conditions.
CVE-2022-42327 2 Fedoraproject, Xen 2 Fedora, Xen 2026-06-17 N/A 7.1 HIGH
x86: unintended memory sharing between guests On Intel systems that support the "virtualize APIC accesses" feature, a guest can read and write the global shared xAPIC page by moving the local APIC out of xAPIC mode. Access to this shared page bypasses the expected isolation that should exist between two guests.
CVE-2022-42126 1 Liferay 2 Digital Experience Platform, Liferay Portal 2026-06-17 N/A 4.3 MEDIUM
The Asset Libraries module in Liferay Portal 7.3.5 through 7.4.3.28, and Liferay DXP 7.3 before update 8, and DXP 7.4 before update 29 does not properly check permissions of asset libraries, which allows remote authenticated users to view asset libraries via the UI.
CVE-2022-41654 1 Ghost 1 Ghost 2026-06-17 N/A 4.3 MEDIUM
An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2022-41652 1 Expresstech 1 Quiz And Survey Master 2026-06-17 N/A 6.5 MEDIUM
Bypass vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress.
CVE-2022-41324 2026-06-17 N/A 6.5 MEDIUM
Northern.tech Mender 3.3.x before 3.3.2 and 3.4.x before 3.4.0 has Incorrect Access Control and allows low-privileged users default read access to some sensitive device information.
CVE-2022-41235 1 Jenkins 1 Wildfly Deployer 2026-06-17 N/A 5.3 MEDIUM
Jenkins WildFly Deployer Plugin 1.0.2 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system.
CVE-2022-41155 1 Webence 1 Iq Block Country 2026-06-17 N/A 5.3 MEDIUM
Block BYPASS vulnerability in iQ Block Country plugin <= 1.2.18 on WordPress.