Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2022-02-08	CVE-2022-21713	Authorization Bypass Through User-Controlled Key vulnerability in multiple products Grafana is an open-source platform for monitoring and observability. network low complexity grafana netapp fedoraproject CWE-639	4.3
2022-02-08	CVE-2022-21702	Cross-site Scripting vulnerability in multiple products Grafana is an open-source platform for monitoring and observability. network low complexity grafana netapp fedoraproject CWE-79	5.4
2021-05-25	CVE-2021-32640	Resource Exhaustion vulnerability in multiple products ws is an open source WebSocket client and server library for Node.js. network low complexity ws-project netapp CWE-400	5.3
2021-04-01	CVE-2021-28164	In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. network low complexity eclipse netapp oracle	5.3
2021-03-25	CVE-2021-3449	NULL Pointer Dereference vulnerability in multiple products An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. network high complexity openssl debian freebsd netapp tenable fedoraproject mcafee checkpoint oracle sonicwall siemens nodejs CWE-476	5.9
2020-07-27	CVE-2020-11110	Cross-site Scripting vulnerability in multiple products Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot. network low complexity grafana netapp CWE-79	5.4
2020-07-15	CVE-2020-14621	Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). network low complexity oracle fedoraproject mcafee opensuse canonical debian netapp	5.3
2020-07-15	CVE-2020-14556	Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). network high complexity oracle fedoraproject opensuse debian canonical netapp	4.8
2020-04-15	CVE-2020-2830	Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). network low complexity oracle netapp debian fedoraproject opensuse mcafee canonical	5.3
2020-04-15	CVE-2020-2800	Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). network high complexity oracle netapp debian fedoraproject opensuse canonical	4.8