2021-12-02 | CVE-2021-44227 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes. | 8.8 |
2021-12-01 | CVE-2021-3984 | Heap-based Buffer Overflow vulnerability in multiple products vim is vulnerable to Heap-based Buffer Overflow | 7.8 |
2021-12-01 | CVE-2021-4019 | Heap-based Buffer Overflow vulnerability in multiple products vim is vulnerable to Heap-based Buffer Overflow | 7.8 |
2021-11-29 | CVE-2019-8922 | Out-of-bounds Write vulnerability in multiple products A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48. | 8.8 |
2021-11-24 | CVE-2021-28705 | Improper Handling of Exceptional Conditions vulnerability in multiple products issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. | 7.8 |
2021-11-24 | CVE-2021-28709 | Improper Handling of Exceptional Conditions vulnerability in multiple products issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. | 7.8 |
2021-11-24 | CVE-2021-28704 | PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. | 8.8 |
2021-11-24 | CVE-2021-28706 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of memory, it may be able to issue hypercalls to increase its memory allocation beyond the administrator established limit. | 8.6 |
2021-11-24 | CVE-2021-28707 | PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. | 8.8 |
2021-11-24 | CVE-2021-28708 | PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. | 8.8 |