Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34640 | 1 Openhwgroup | 1 Cva6 | 2022-07-26 | N/A | 5.5 MEDIUM |
| The *tval of ecall/ebreak in CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a was discovered to be incorrect. | |||||
| CVE-2022-34632 | 1 Linuxfoundation | 1 Rocket Chip Generator | 2022-07-26 | N/A | 9.1 CRITICAL |
| Rocket-Chip commit 4f8114374d8824dfdec03f576a8cd68bebce4e56 was discovered to contain insufficient cryptography via the component /rocket/RocketCore.scala. | |||||
| CVE-2022-34642 | 1 Riscv | 1 Spike Risc-v Isa Simulator | 2022-07-26 | N/A | 5.5 MEDIUM |
| The component mcontrol.action in RISCV ISA Sim commit ac466a21df442c59962589ba296c702631e041b5 contains the incorrect mask which can cause a Denial of Service (DoS). | |||||
| CVE-2022-34639 | 1 Openhwgroup | 1 Cva6 | 2022-07-26 | N/A | 5.5 MEDIUM |
| CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a treats non-standard fence instructions as illegal which can affect the function of the application. | |||||
| CVE-2022-34643 | 1 Riscv | 1 Spike Risc-v Isa Simulator | 2022-07-26 | N/A | 5.5 MEDIUM |
| RISCV ISA Sim commit ac466a21df442c59962589ba296c702631e041b5 implements the incorrect exception priotrity when accessing memory. | |||||
| CVE-2022-34637 | 1 Openhwgroup | 1 Cva6 | 2022-07-26 | N/A | 5.5 MEDIUM |
| CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a implements an incorrect exception type when an illegal virtual address is loaded. | |||||
| CVE-2022-34633 | 1 Openhwgroup | 1 Cva6 | 2022-07-26 | N/A | 5.5 MEDIUM |
| CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a executes crafted or incorrectly formatted sfence.vma instructions rather create an exception. | |||||
| CVE-2022-34634 | 1 Openhwgroup | 1 Cva6 | 2022-07-26 | N/A | 5.5 MEDIUM |
| CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a executes crafted or incorrectly formatted det instructions rather create an exception. | |||||
| CVE-2022-34641 | 1 Openhwgroup | 1 Cva6 | 2022-07-26 | N/A | 5.5 MEDIUM |
| CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a and RISCV-Boom commit ad64c5419151e5e886daee7084d8399713b46b4b implements the incorrect exception type when a PMP violation occurs during address translation. | |||||
| CVE-2022-34635 | 1 Openhwgroup | 1 Cva6 | 2022-07-26 | N/A | 9.8 CRITICAL |
| The mstatus.sd field in CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a does not update when the mstatus.fs field is set to Dirty. | |||||
| CVE-2022-34636 | 1 Openhwgroup | 1 Cva6 | 2022-07-26 | N/A | 5.5 MEDIUM |
| CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a and RISCV-Boom commit ad64c5419151e5e886daee7084d8399713b46b4b implements the incorrect exception type when a PMA violation occurs during address translation. | |||||
| CVE-2022-21559 | 1 Oracle | 1 Commerce Platform | 2022-07-26 | N/A | 5.5 MEDIUM |
| Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Application Framework). Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Commerce Platform executes to compromise Oracle Commerce Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Commerce Platform accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). | |||||
| CVE-2022-21561 | 1 Oracle | 1 Jd Edwards Enterpriseone Tools | 2022-07-26 | N/A | 6.5 MEDIUM |
| Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime). Supported versions that are affected are 9.2.6.3 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). | |||||
| CVE-2022-34537 | 1 Dw | 2 Megapix, Megapix Firmware | 2022-07-26 | N/A | 5.4 MEDIUM |
| Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered to contain a cross-site scripting (XSS) vulnerability via the component bia_oneshot.cgi. | |||||
| CVE-2022-21562 | 1 Oracle | 1 Soa Suite | 2022-07-26 | N/A | 7.5 HIGH |
| Vulnerability in the Oracle SOA Suite product of Oracle Fusion Middleware (component: Fabric Layer). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SOA Suite. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle SOA Suite accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). | |||||
| CVE-2022-34539 | 1 Dw | 2 Megapix, Megapix Firmware | 2022-07-26 | N/A | 8.8 HIGH |
| Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered to contain a command injection vulnerability in the component /admin/curltest.cgi. This vulnerability is exploitable via a crafted POST request. | |||||
| CVE-2022-34538 | 1 Dw | 2 Megapix, Megapix Firmware | 2022-07-26 | N/A | 8.8 HIGH |
| Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered to contain a command injection vulnerability in the component /admin/vca/bia/addacph.cgi. This vulnerability is exploitable via a crafted POST request. | |||||
| CVE-2022-34540 | 1 Dw | 2 Megapix, Megapix Firmware | 2022-07-26 | N/A | 8.8 HIGH |
| Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered to contain a command injection vulnerability in the component /admin/vca/license/license_tok.cgi. This vulnerability is exploitable via a crafted POST request. | |||||
| CVE-2022-34599 | 1 H3c | 2 Magic R200, Magic R200 Firmware | 2022-07-26 | N/A | 9.8 CRITICAL |
| H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the EdittriggerList interface at /goform/aspForm. | |||||
| CVE-2022-34601 | 1 H3c | 2 Magic R200, Magic R200 Firmware | 2022-07-26 | N/A | 9.8 CRITICAL |
| H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the Delstlist interface at /goform/aspForm. | |||||