Vulnerabilities > Redhat > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-24 | CVE-2021-3629 | Resource Exhaustion vulnerability in multiple products A flaw was found in Undertow. | 5.9 |
| 2022-05-18 | CVE-2022-30597 | A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field. | 5.3 |
| 2022-05-18 | CVE-2022-30598 | A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it. | 4.3 |
| 2022-05-18 | CVE-2022-30596 | Cross-site Scripting vulnerability in multiple products A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk. | 5.4 |
| 2022-05-17 | CVE-2022-1706 | Incorrect Authorization vulnerability in multiple products A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. | 6.5 |
| 2022-05-11 | CVE-2021-3611 | A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. | 6.5 |
| 2022-05-10 | CVE-2022-0866 | Incorrect Authorization vulnerability in Redhat products This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. | 5.3 |
| 2022-04-29 | CVE-2022-0984 | Incorrect Authorization vulnerability in multiple products Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges. | 4.3 |
| 2022-04-26 | CVE-2022-1466 | Incorrect Authorization vulnerability in Redhat Keycloak Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. | 6.5 |
| 2022-04-18 | CVE-2021-3503 | Unspecified vulnerability in Redhat Wildfly A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data. | 4.3 |