E Series Performance Analyzer

DATE	CVE	VULNERABILITY TITLE	RISK
2021-05-28	CVE-2021-33587	The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input. network low complexity css-what-project netapp	7.5
2021-05-28	CVE-2021-33623	Resource Exhaustion vulnerability in multiple products The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method. network low complexity trim-newlines-project netapp debian CWE-400	7.5
2021-05-25	CVE-2021-32640	Resource Exhaustion vulnerability in multiple products ws is an open source WebSocket client and server library for Node.js. network low complexity ws-project netapp CWE-400	5.3
2021-05-04	CVE-2021-23383	The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source. network low complexity handlebarsjs netapp	7.5
2021-04-01	CVE-2021-28165	Improper Handling of Exceptional Conditions vulnerability in multiple products In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. network low complexity eclipse oracle jenkins netapp CWE-755	7.5
2021-04-01	CVE-2021-28164	In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. network low complexity eclipse netapp oracle	5.3
2021-04-01	CVE-2021-28163	Link Following vulnerability in multiple products In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory. network low complexity eclipse fedoraproject apache netapp oracle CWE-59	2.7
2021-03-25	CVE-2021-3449	NULL Pointer Dereference vulnerability in multiple products An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. network high complexity openssl debian freebsd netapp tenable fedoraproject mcafee checkpoint oracle sonicwall siemens nodejs CWE-476	5.9
2021-03-19	CVE-2021-21267	Resource Exhaustion vulnerability in multiple products Schema-Inspector is an open-source tool to sanitize and validate JS objects (npm package schema-inspector). network low complexity schema-inspector-project netapp CWE-400	5.0
2021-03-18	CVE-2021-27358	The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set. network low complexity grafana netapp	5.0