| 2022-01-06 | CVE-2021-28715 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. | 6.5 |
| 2022-01-06 | CVE-2022-22707 | Out-of-bounds Write vulnerability in multiple products
In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. | 5.9 |
| 2022-01-06 | CVE-2021-46144 | Cross-site Scripting vulnerability in multiple products
Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML e-mail message with crafted Cascading Style Sheets (CSS) token sequences. | 6.1 |
| 2022-01-06 | CVE-2021-46141 | Use After Free vulnerability in multiple products
An issue was discovered in uriparser before 0.9.6. | 5.5 |
| 2022-01-06 | CVE-2021-46142 | Use After Free vulnerability in multiple products
An issue was discovered in uriparser before 0.9.6. | 5.5 |
| 2022-01-05 | CVE-2021-28711 | Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "driver domains". | 6.5 |
| 2022-01-05 | CVE-2021-28712 | Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "driver domains". | 6.5 |
| 2022-01-05 | CVE-2021-28713 | Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "driver domains". | 6.5 |
| 2022-01-01 | CVE-2021-44717 | Improper Resource Shutdown or Release vulnerability in multiple products
Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion. | 4.8 |
| 2022-01-01 | CVE-2021-45930 | Out-of-bounds Write vulnerability in multiple products
Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps<QPainterPath::Element>::growAppend (called from QPainterPath::addPath and QPathClipper::intersect). | 5.5 |