| 2022-01-05 | CVE-2021-28711 | Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "driver domains". | 6.5 |
| 2022-01-05 | CVE-2021-28712 | Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "driver domains". | 6.5 |
| 2022-01-05 | CVE-2021-28713 | Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "driver domains". | 6.5 |
| 2022-01-01 | CVE-2021-44717 | Improper Resource Shutdown or Release vulnerability in multiple products
Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion. | 4.8 |
| 2022-01-01 | CVE-2021-45930 | Out-of-bounds Write vulnerability in multiple products
Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps<QPainterPath::Element>::growAppend (called from QPainterPath::addPath and QPathClipper::intersect). | 5.5 |
| 2022-01-01 | CVE-2021-45942 | Out-of-bounds Write vulnerability in multiple products
OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). | 5.5 |
| 2022-01-01 | CVE-2021-45943 | Out-of-bounds Write vulnerability in multiple products
GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile (called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment). | 5.5 |
| 2022-01-01 | CVE-2021-45944 | Use After Free vulnerability in multiple products
Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampled_data_sample (called from sampled_data_continue and interp). | 5.5 |
| 2022-01-01 | CVE-2021-45949 | Out-of-bounds Write vulnerability in multiple products
Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp). | 5.5 |
| 2022-01-01 | CVE-2021-45958 | Out-of-bounds Write vulnerability in multiple products
UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). | 5.5 |