Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2022-02-08	CVE-2022-21713	Authorization Bypass Through User-Controlled Key vulnerability in multiple products Grafana is an open-source platform for monitoring and observability. network low complexity grafana netapp fedoraproject CWE-639	4.3
2022-02-08	CVE-2022-21702	Cross-site Scripting vulnerability in multiple products Grafana is an open-source platform for monitoring and observability. network low complexity grafana netapp fedoraproject CWE-79	5.4
2021-05-25	CVE-2021-32640	Resource Exhaustion vulnerability in multiple products ws is an open source WebSocket client and server library for Node.js. network low complexity ws-project netapp CWE-400	5.3
2021-04-01	CVE-2021-28164	In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. network low complexity eclipse netapp oracle	5.3
2021-03-25	CVE-2021-3449	NULL Pointer Dereference vulnerability in multiple products An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. network high complexity openssl debian freebsd netapp tenable fedoraproject mcafee checkpoint oracle sonicwall siemens nodejs CWE-476	5.9
2021-03-19	CVE-2021-21267	Resource Exhaustion vulnerability in multiple products Schema-Inspector is an open-source tool to sanitize and validate JS objects (npm package schema-inspector). network low complexity schema-inspector-project netapp CWE-400	5.0
2021-03-18	CVE-2021-27358	The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set. network low complexity grafana netapp	5.0
2020-10-21	CVE-2020-14782	Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). network oracle debian netapp mcafee opensuse	4.3
2020-07-27	CVE-2020-11110	Cross-site Scripting vulnerability in multiple products Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot. network low complexity grafana netapp CWE-79	5.4
2020-07-15	CVE-2020-14621	Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). network low complexity oracle fedoraproject mcafee opensuse canonical debian netapp	5.3