Latest CVE Feed
-
7.8
HIGHCVE-2021-28792
The unofficial Swift Development Environment extension before 2.12.1 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted sourcekit-lsp.serverPath, swift.languageServerPath, swift.pa... Read more
Affected Products : swift_development_environment- EPSS Score: %2.78
- Published: Mar. 18, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-28791
The unofficial SwiftFormat extension before 1.3.7 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted swiftformat.path configuration value that triggers execution upon opening the w... Read more
Affected Products : swiftformat- EPSS Score: %2.70
- Published: Mar. 18, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-28790
The unofficial SwiftLint extension before 1.4.5 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted swiftlint.path configuration value that triggers execution upon opening the works... Read more
Affected Products : swiftlint- EPSS Score: %2.78
- Published: Mar. 18, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-28789
The unofficial apple/swift-format extension before 1.1.2 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted apple-swift-format.path configuration value that triggers execution upon... Read more
Affected Products : apple-swift-format- EPSS Score: %2.78
- Published: Mar. 18, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-28714
Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kern... Read more
- EPSS Score: %0.02
- Published: Jan. 06, 2022
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-28713
Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivil... Read more
- EPSS Score: %0.05
- Published: Jan. 05, 2022
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-28712
Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivil... Read more
- EPSS Score: %0.05
- Published: Jan. 05, 2022
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-28711
Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivil... Read more
- EPSS Score: %0.05
- Published: Jan. 05, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-28710
certain VT-d IOMMUs may not work in shared page table mode For efficiency reasons, address translation control structures (page tables) may (and, on suitable hardware, by default will) be shared between CPUs, for second-level translation (EPT), and IOMMUs... Read more
- EPSS Score: %0.13
- Published: Nov. 21, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-28709
issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to... Read more
- EPSS Score: %0.09
- Published: Nov. 24, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-28708
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for... Read more
- EPSS Score: %0.09
- Published: Nov. 24, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-28707
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for... Read more
- EPSS Score: %0.09
- Published: Nov. 24, 2021
- Modified: Nov. 21, 2024
-
8.6
HIGHCVE-2021-28706
guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of memory, it may be able to issue hypercalls to increase its memory allocation beyond the administrator established limit. This is a result of a calculation ... Read more
- EPSS Score: %0.16
- Published: Nov. 24, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-28705
issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to... Read more
- EPSS Score: %0.12
- Published: Nov. 24, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-28704
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for... Read more
- EPSS Score: %0.09
- Published: Nov. 24, 2021
- Modified: Nov. 21, 2024
-
7.0
HIGHCVE-2021-28703
grant table v2 status pages may remain accessible after de-allocation (take two) Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2... Read more
Affected Products : xen- EPSS Score: %0.11
- Published: Dec. 07, 2021
- Modified: Nov. 21, 2024
-
7.6
HIGHCVE-2021-28702
PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR"). These are typically used for platform tasks such as legacy USB emulation. I... Read more
- EPSS Score: %0.09
- Published: Oct. 06, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-28701
Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-... Read more
- EPSS Score: %0.06
- Published: Sep. 08, 2021
- Modified: Nov. 21, 2024
-
6.8
MEDIUMCVE-2021-28700
xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. Unfortunately, the memory limit from them is not set. This allow a domain to allocate memory beyond what an... Read more
- EPSS Score: %2.13
- Published: Aug. 27, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-28699
inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant status. That is, when operating in this mode, a guest has two tables. As a result, guests also need to be able to retrieve the addresse... Read more
- EPSS Score: %0.07
- Published: Aug. 27, 2021
- Modified: Nov. 21, 2024