Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2022-04-29	CVE-2022-0984	Incorrect Authorization vulnerability in multiple products Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges. network low complexity moodle fedoraproject redhat CWE-863	4.0
2022-04-18	CVE-2021-42778	Double Free vulnerability in multiple products A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo. network low complexity opensc-project fedoraproject redhat CWE-415	5.3
2022-04-18	CVE-2021-42779	Use After Free vulnerability in multiple products A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid. network low complexity opensc-project fedoraproject redhat CWE-416	5.3
2022-04-18	CVE-2021-42780	Unchecked Return Value vulnerability in multiple products A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library. network low complexity opensc-project fedoraproject redhat CWE-252	5.3
2022-04-18	CVE-2021-42781	Out-of-bounds Write vulnerability in multiple products Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library. network low complexity opensc-project fedoraproject redhat CWE-787	5.3
2022-04-04	CVE-2022-27651	Incorrect Default Permissions vulnerability in multiple products A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. network high complexity buildah-project fedoraproject redhat CWE-276	6.8
2022-03-25	CVE-2021-3941	Divide By Zero vulnerability in multiple products In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. local low complexity openexr redhat fedoraproject debian CWE-369	6.5
2022-03-23	CVE-2022-0996	Improper Authentication vulnerability in multiple products A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication. network low complexity redhat fedoraproject CWE-287	6.5
2022-03-16	CVE-2021-20257	Infinite Loop vulnerability in multiple products An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. local low complexity qemu fedoraproject redhat debian CWE-835	6.5
2022-03-10	CVE-2021-3660	Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products Cockpit (and its plugins) do not seem to protect itself against clickjacking. network low complexity cockpit-project redhat CWE-1021	4.3