Vulnerabilities (CVE)

Filtered by CWE-755
Total 496 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-34643 1 Riscv 1 Spike Risc-v Isa Simulator 2024-11-21 N/A 5.5 MEDIUM
RISCV ISA Sim commit ac466a21df442c59962589ba296c702631e041b5 implements the incorrect exception priotrity when accessing memory.
CVE-2022-34641 2 Boom-core, Openhwgroup 2 Riscvc-boom, Cva6 2024-11-21 N/A 5.5 MEDIUM
CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a and RISCV-Boom commit ad64c5419151e5e886daee7084d8399713b46b4b implements the incorrect exception type when a PMP violation occurs during address translation.
CVE-2022-34639 1 Openhwgroup 1 Cva6 2024-11-21 N/A 5.5 MEDIUM
CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a treats non-standard fence instructions as illegal which can affect the function of the application.
CVE-2022-34637 1 Openhwgroup 1 Cva6 2024-11-21 N/A 5.5 MEDIUM
CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a implements an incorrect exception type when an illegal virtual address is loaded.
CVE-2022-34636 1 Openhwgroup 1 Cva6 2024-11-21 N/A 5.5 MEDIUM
CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a and RISCV-Boom commit ad64c5419151e5e886daee7084d8399713b46b4b implements the incorrect exception type when a PMA violation occurs during address translation.
CVE-2022-34634 1 Openhwgroup 1 Cva6 2024-11-21 N/A 5.5 MEDIUM
CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a executes crafted or incorrectly formatted det instructions rather create an exception.
CVE-2022-34633 1 Openhwgroup 1 Cva6 2024-11-21 N/A 5.5 MEDIUM
CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a executes crafted or incorrectly formatted sfence.vma instructions rather create an exception.
CVE-2022-34368 1 Dell 1 Emc Networker 2024-11-21 N/A 6.1 MEDIUM
Dell EMC NetWorker 19.2.1.x 19.3.x, 19.4.x, 19.5.x, 19.6.x and 19.7.0.0 contain an Improper Handling of Insufficient Permissions or Privileges vulnerability. Authenticated non admin user could exploit this vulnerability and gain access to restricted resources.
CVE-2022-33887 1 Autodesk 10 Autocad, Autocad Advance Steel, Autocad Architecture and 7 more 2024-11-21 N/A 7.8 HIGH
A maliciously crafted PDF file when parsed through Autodesk AutoCAD 2023 causes an unhandled exception. An attacker can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code in the context of the current process.
CVE-2022-33886 1 Autodesk 10 Autocad, Autocad Advance Steel, Autocad Architecture and 7 more 2024-11-21 N/A 7.8 HIGH
A maliciously crafted MODEL and SLDPRT file can be used to write beyond the allocated buffer while parsing through Autodesk AutoCAD 2023, 2022, 2021, 2020, and Maya 2023 and 2022. The vulnerability exists because the application fails to handle crafted MODEL and SLDPRT files, which causes an unhandled exception. A malicious actor could leverage this vulnerability to execute arbitrary code.
CVE-2022-33748 3 Debian, Fedoraproject, Xen 3 Debian Linux, Fedora, Xen 2024-11-21 N/A 5.6 MEDIUM
lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not paid attention to. As a result two cooperating guests granting each other transitive grants can cause locks to be acquired nested within one another, but in respectively opposite order. With suitable timing between the involved grant copy operations this may result in the locking up of a CPU.
CVE-2022-32990 1 Gimp 1 Gimp 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
An issue in gimp_layer_invalidate_boundary of GNOME GIMP 2.10.30 allows attackers to trigger an unhandled exception via a crafted XCF file, causing a Denial of Service (DoS).
CVE-2022-32659 2 Mediatek, Thelinuxfoundation 25 Mt7603, Mt7603 Firmware, Mt7613 and 22 more 2024-11-21 N/A 6.7 MEDIUM
In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705066; Issue ID: GN20220705066.
CVE-2022-32658 1 Mediatek 20 Mt7603, Mt7603 Firmware, Mt7613 and 17 more 2024-11-21 N/A 6.7 MEDIUM
In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705059; Issue ID: GN20220705059.
CVE-2022-32657 1 Mediatek 20 Mt7603, Mt7603 Firmware, Mt7613 and 17 more 2024-11-21 N/A 6.7 MEDIUM
In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705042; Issue ID: GN20220705042.
CVE-2022-32655 1 Mediatek 60 Mt5221, Mt5221 Firmware, Mt7603 and 57 more 2024-11-21 N/A 6.7 MEDIUM
In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705028; Issue ID: GN20220705028.
CVE-2022-32264 1 Freebsd 1 Freebsd 2024-11-21 N/A 7.5 HIGH
sys/netinet/tcp_timer.h in FreeBSD before 7.0 contains a denial-of-service (DoS) vulnerability due to improper handling of TSopt on TCP connections. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2022-31799 3 Bottlepy, Debian, Fedoraproject 3 Bottle, Debian Linux, Fedora 2024-11-21 7.5 HIGH 9.8 CRITICAL
Bottle before 0.12.20 mishandles errors during early request binding.
CVE-2022-31152 1 Matrix 1 Synapse 2024-11-21 N/A 6.4 MEDIUM
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of [event authorization rules](https://spec.matrix.org/v1.2/rooms/v9/#authorization-rules) which must be checked when determining if an event should be accepted into a room. In versions of Synapse up to and including version 1.61.0, some of these rules are not correctly applied. An attacker could craft events which would be accepted by Synapse but not a spec-conformant server, potentially causing divergence in the room state between servers. Administrators of homeservers with federation enabled are advised to upgrade to version 1.62.0 or higher. Federation can be disabled by setting [`federation_domain_whitelist`](https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#federation_domain_whitelist) to an empty list (`[]`) as a workaround.
CVE-2022-30727 1 Google 1 Android 2024-11-21 2.1 LOW 6.2 MEDIUM
Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in PersonaManagerService prior to SMR Jun-2022 Release 1 allows local attackers to set some setting value in work space.