High

DATE	CVE	VULNERABILITY TITLE	RISK
2022-12-21	CVE-2022-38065	Improper Privilege Management vulnerability in Redhat Openstack A privilege escalation vulnerability exists in the oslo.privsep functionality of OpenStack git master 05194e7618 and prior. network low complexity redhat CWE-269	8.8
2022-03-04	CVE-2021-3656	Missing Authorization vulnerability in multiple products A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. local low complexity linux fedoraproject redhat CWE-862	8.8
2022-02-18	CVE-2020-25717	Improper Input Validation vulnerability in multiple products A flaw was found in the way Samba maps domain users to local users. network low complexity samba debian fedoraproject redhat canonical CWE-20	8.1
2021-05-06	CVE-2021-31918	Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Openstack 16.1 A flaw was found in tripleo-ansible version as shipped in Red Hat Openstack 16.1. network low complexity redhat CWE-732	7.5
2021-03-18	CVE-2020-27827	Resource Exhaustion vulnerability in multiple products A flaw was found in multiple versions of OpenvSwitch. network low complexity lldpd-project openvswitch redhat fedoraproject siemens CWE-400	7.5
2020-08-07	CVE-2020-9490	HTTP Request Smuggling vulnerability in multiple products Apache HTTP Server versions 2.4.20 to 2.4.43. network low complexity apache oracle opensuse debian fedoraproject canonical redhat CWE-444	7.5
2020-03-24	CVE-2020-10684	Missing Authorization vulnerability in multiple products A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. local low complexity redhat debian fedoraproject CWE-862	7.1
2020-02-08	CVE-2015-5741	HTTP Request Smuggling vulnerability in multiple products The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields. network low complexity golang redhat CWE-444	7.5
2019-12-26	CVE-2019-16789	HTTP Request Smuggling vulnerability in multiple products In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. network low complexity agendaless oracle debian fedoraproject redhat CWE-444	8.2
2019-12-20	CVE-2019-16786	HTTP Request Smuggling vulnerability in multiple products Waitress through version 1.3.1 would parse the Transfer-Encoding header and only look for a single string value, if that value was not chunked it would fall through and use the Content-Length header instead. network low complexity agendaless oracle debian fedoraproject redhat CWE-444	7.5