Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2022-03-23	CVE-2022-0996	Improper Authentication vulnerability in multiple products A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication. network low complexity redhat fedoraproject CWE-287	6.5
2022-03-16	CVE-2021-20180	Information Exposure Through Log Files vulnerability in Redhat Ansible A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. local low complexity redhat CWE-532	5.5
2022-03-16	CVE-2021-20257	Infinite Loop vulnerability in multiple products An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. local low complexity qemu fedoraproject redhat debian CWE-835	6.5
2022-03-10	CVE-2021-3660	Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products Cockpit (and its plugins) do not seem to protect itself against clickjacking. network low complexity cockpit-project redhat CWE-1021	4.3
2022-03-10	CVE-2021-3733	Resource Exhaustion vulnerability in multiple products There's a flaw in urllib's AbstractBasicAuthHandler class. network low complexity python redhat fedoraproject netapp CWE-400	6.5
2022-03-04	CVE-2021-3744	Memory Leak vulnerability in multiple products A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). local low complexity linux fedoraproject debian redhat oracle CWE-401	5.5
2022-03-03	CVE-2021-3602	Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products An information disclosure flaw was found in Buildah, when building containers using chroot isolation. local low complexity buildah-project redhat CWE-212	5.5
2022-03-03	CVE-2021-3620	Information Exposure Through an Error Message vulnerability in Redhat products A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. local low complexity redhat CWE-209	5.5
2022-03-02	CVE-2021-3623	Out-of-bounds Write vulnerability in multiple products A flaw was found in libtpms. local low complexity libtpms-project redhat fedoraproject CWE-787	6.1
2022-03-02	CVE-2021-3631	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. local high complexity redhat netapp CWE-732	6.3