Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2022-04-18	CVE-2021-42781	Out-of-bounds Write vulnerability in multiple products Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library. network low complexity opensc-project fedoraproject redhat CWE-787	5.3
2022-04-18	CVE-2022-27652	Incorrect Default Permissions vulnerability in multiple products A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. local low complexity kubernetes fedoraproject mobyproject redhat CWE-276	5.3
2022-04-13	CVE-2022-1280	Use After Free vulnerability in multiple products A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. local high complexity linux redhat CWE-416	6.3
2022-04-11	CVE-2022-0552	HTTP Request Smuggling vulnerability in Redhat Origin-Aggregated-Logging 3.11 A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. network high complexity redhat CWE-444	5.9
2022-04-04	CVE-2022-27651	Incorrect Default Permissions vulnerability in multiple products A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. network high complexity buildah-project fedoraproject redhat CWE-276	6.8
2022-03-25	CVE-2021-20323	Cross-site Scripting vulnerability in Redhat Keycloak A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak. network low complexity redhat CWE-79	6.1
2022-03-25	CVE-2021-3941	Divide By Zero vulnerability in multiple products In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. local low complexity openexr redhat fedoraproject debian CWE-369	6.5
2022-03-25	CVE-2021-4147	Improper Locking vulnerability in multiple products A flaw was found in the libvirt libxl driver. local low complexity redhat fedoraproject netapp CWE-667	6.5
2022-03-25	CVE-2022-0897	Improper Locking vulnerability in multiple products A flaw was found in the libvirt nwfilter driver. network low complexity redhat netapp CWE-667	4.3
2022-03-23	CVE-2021-4180	Exposure of Resource to Wrong Sphere vulnerability in multiple products An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. network low complexity redhat openstack CWE-668	4.3