Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2022-03-25	CVE-2021-3933	Integer Overflow or Wraparound vulnerability in multiple products An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. local low complexity openexr fedoraproject debian CWE-190	5.5
2022-03-25	CVE-2021-3941	Divide By Zero vulnerability in multiple products In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. local low complexity openexr redhat fedoraproject debian CWE-369	6.5
2022-03-25	CVE-2022-0494	Use of Uninitialized Resource vulnerability in multiple products A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. local low complexity linux debian CWE-908	4.4
2022-03-24	CVE-2022-24769	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Moby is an open-source project created by Docker to enable and accelerate software containerization. local low complexity mobyproject fedoraproject linuxfoundation debian CWE-732	5.9
2022-03-23	CVE-2021-4149	Improper Locking vulnerability in multiple products A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. local low complexity linux debian CWE-667	5.5
2022-03-23	CVE-2022-0854	Memory Leak vulnerability in multiple products A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. local low complexity linux debian CWE-401	5.5
2022-03-17	CVE-2022-24302	Race Condition vulnerability in multiple products In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure. network high complexity paramiko debian fedoraproject CWE-362	5.9
2022-03-17	CVE-2022-24761	HTTP Request Smuggling vulnerability in multiple products Waitress is a Web Server Gateway Interface server for Python 2 and 3. network low complexity agendaless debian CWE-444	5.0
2022-03-16	CVE-2021-20257	Infinite Loop vulnerability in multiple products An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. local low complexity qemu fedoraproject redhat debian CWE-835	6.5
2022-03-13	CVE-2022-23960	Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. local high complexity xen arm debian	5.6