High

DATE	CVE	VULNERABILITY TITLE	RISK
2022-04-27	CVE-2021-3523	Improper Preservation of Permissions vulnerability in Redhat Apicast 2.0.0 A flaw was found in 3Scale APICast in versions prior to 2.11.0, where it incorrectly identified connections for reuse. network low complexity redhat CWE-281	7.5
2022-04-14	CVE-2022-1304	An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. local low complexity e2fsprogs-project redhat fedoraproject	7.8
2022-04-11	CVE-2021-4047	Unspecified vulnerability in Redhat Openshift 4.9 The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch for CVE-2021-39242 was missing. network low complexity redhat	7.5
2022-04-08	CVE-2022-28796	Race Condition vulnerability in multiple products jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition. local high complexity linux redhat fedoraproject netapp CWE-362	7.0
2022-04-04	CVE-2022-27649	Incorrect Default Permissions vulnerability in multiple products A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. network high complexity podman-project redhat fedoraproject CWE-276	7.5
2022-04-04	CVE-2022-27650	Incorrect Default Permissions vulnerability in multiple products A flaw was found in crun where containers were incorrectly started with non-empty default permissions. network high complexity crun-project fedoraproject redhat CWE-276	7.5
2022-04-01	CVE-2019-14839	Information Exposure vulnerability in Redhat products It was observed that while login into Business-central console, HTTP request discloses sensitive information like username and password when intercepted using some tool like burp suite etc. network low complexity redhat CWE-200	7.5
2022-04-01	CVE-2021-3461	Insufficient Session Expiration vulnerability in Redhat Keycloak and Single Sign-On A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute [Name]. local low complexity redhat CWE-613	7.1
2022-03-29	CVE-2022-1055	Use After Free vulnerability in multiple products A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. local low complexity linux redhat fedoraproject canonical netapp CWE-416	7.8
2022-03-25	CVE-2021-3814	Missing Authorization vulnerability in Redhat 3Scale It was found that 3scale's APIdocs does not validate the access token, in the case of invalid token, it uses session auth instead. network low complexity redhat CWE-862	7.5