Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-07-15	CVE-2020-14621	Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). network low complexity oracle fedoraproject mcafee opensuse canonical debian netapp	5.3
2020-06-29	CVE-2020-14002	Information Exposure Through Discrepancy vulnerability in multiple products PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. network high complexity putty netapp fedoraproject CWE-203	5.9
2020-04-02	CVE-2020-1927	Open Redirect vulnerability in multiple products In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. network low complexity apache fedoraproject debian canonical opensuse netapp broadcom oracle CWE-601	6.1
2019-02-27	CVE-2019-1559	Information Exposure Through Discrepancy vulnerability in multiple products If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. network high complexity openssl canonical debian netapp f5 tenable opensuse fedoraproject mcafee redhat oracle paloaltonetworks nodejs CWE-203	5.9
2017-10-26	CVE-2017-15906	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. network low complexity openbsd oracle debian netapp redhat CWE-732	5.3
2017-05-26	CVE-2017-7439	Information Exposure vulnerability in Netapp Oncommand Unified Manager Core Package NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 might allow remote attackers to obtain sensitive information via vectors involving error messages. network low complexity netapp CWE-200	5.0
2017-05-26	CVE-2017-7236	SQL Injection vulnerability in Netapp Oncommand Unified Manager Core Package SQL injection vulnerability in NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. network low complexity netapp CWE-89	5.0