Vulnerabilities > Redhat > Enterprise Linux > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-04-29 | CVE-2022-0984 | Incorrect Authorization vulnerability in multiple products Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges. | 4.0 |
2022-04-18 | CVE-2021-42778 | Double Free vulnerability in multiple products A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo. | 5.3 |
2022-04-18 | CVE-2021-42779 | Use After Free vulnerability in multiple products A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid. | 5.3 |
2022-04-18 | CVE-2021-42780 | Unchecked Return Value vulnerability in multiple products A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library. | 5.3 |
2022-04-18 | CVE-2021-42781 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library. | 5.3 |
2022-04-04 | CVE-2022-27651 | Incorrect Default Permissions vulnerability in multiple products A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. | 6.8 |
2022-03-25 | CVE-2021-3941 | Divide By Zero vulnerability in multiple products In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. | 6.5 |
2022-03-23 | CVE-2022-0996 | Improper Authentication vulnerability in multiple products A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication. | 6.5 |
2022-03-16 | CVE-2021-20257 | Infinite Loop vulnerability in multiple products An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. | 6.5 |
2022-03-10 | CVE-2021-3660 | Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products Cockpit (and its plugins) do not seem to protect itself against clickjacking. | 4.3 |