4 matches found
CVE-2026-29648
In OpenXiangShan NEMU, when Smstateen is enabled, clearing mstateen0.ENVCFG does not correctly restrict access to henvcfg and senvcfg. As a result, less-privileged code may read or write these CSRs without the required exception, potentially bypassing intended state-enable based isolation control...
CVE-2026-29647
In OpenXiangShan NEMU, insufficient Smstateen permission enforcement allows lower-privileged code to access IMSIC state via stopei/vstopei CSRs even when mstateen0.IMSIC is cleared, potentially enabling cross-context information leakage or disruption of interrupt handling...
CVE-2026-29648
In OpenXiangShan NEMU, when Smstateen is enabled, clearing mstateen0.ENVCFG does not correctly restrict access to henvcfg and senvcfg. As a result, less-privileged code may read or write these CSRs without the required exception, potentially bypassing intended state-enable based isolation control...
PT-2024-27926 · R Hub · R-Hub Turbomeeting
Name of the Vulnerable Software and Affected Versions: R-HUB TurboMeeting versions prior to 9.x Description: A command-injection issue in the Certificate Signing Request CSR functionality allows authenticated attackers with administrator privileges to execute arbitrary commands on the underlying...