High

DATE	CVE	VULNERABILITY TITLE	RISK
2022-04-29	CVE-2022-1227	Improper Privilege Management vulnerability in multiple products A privilege escalation flaw was found in Podman. network low complexity podman-project psgo-project redhat fedoraproject CWE-269	8.8
2022-04-29	CVE-2022-1353	A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. local low complexity linux debian redhat netapp	7.1
2022-04-27	CVE-2021-3523	Improper Preservation of Permissions vulnerability in Redhat Apicast 2.0.0 A flaw was found in 3Scale APICast in versions prior to 2.11.0, where it incorrectly identified connections for reuse. network low complexity redhat CWE-281	7.5
2022-04-14	CVE-2022-1304	An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. local low complexity e2fsprogs-project redhat fedoraproject	7.8
2022-04-11	CVE-2021-4047	Unspecified vulnerability in Redhat Openshift 4.9 The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch for CVE-2021-39242 was missing. network low complexity redhat	7.5
2022-04-08	CVE-2022-28796	Race Condition vulnerability in multiple products jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition. local high complexity linux redhat fedoraproject netapp CWE-362	7.0
2022-04-04	CVE-2022-27649	Incorrect Default Permissions vulnerability in multiple products A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. network high complexity podman-project redhat fedoraproject CWE-276	7.5
2022-04-04	CVE-2022-27650	Incorrect Default Permissions vulnerability in multiple products A flaw was found in crun where containers were incorrectly started with non-empty default permissions. network high complexity crun-project fedoraproject redhat CWE-276	7.5
2022-04-01	CVE-2019-14839	Information Exposure vulnerability in Redhat products It was observed that while login into Business-central console, HTTP request discloses sensitive information like username and password when intercepted using some tool like burp suite etc. network low complexity redhat CWE-200	7.5
2022-04-01	CVE-2021-3461	Insufficient Session Expiration vulnerability in Redhat Keycloak and Single Sign-On A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute [Name]. local low complexity redhat CWE-613	7.1