> Our research has identified numerous critical and high-risk vulnerabilities that your vendor hasn’t patched.

This sort of language strikes me as fear-mongering. I can't tell which issues they have patched in CentOS7 that otherwise remain unpatched. Anyone know what they are talking about?