Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-04-01	CVE-2021-28164	In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. network low complexity eclipse netapp oracle	5.3
2020-10-21	CVE-2020-14803	Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). network low complexity oracle netapp debian opensuse	5.0
2020-10-21	CVE-2020-14797	Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). network oracle netapp opensuse debian	4.3
2020-10-21	CVE-2020-14792	Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). network oracle debian netapp mcafee opensuse	5.8
2020-10-21	CVE-2020-14781	Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). network oracle netapp debian opensuse	4.3
2019-01-30	CVE-2018-17189	Resource Exhaustion vulnerability in multiple products In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. network low complexity apache netapp fedoraproject debian oracle canonical redhat CWE-400	5.3
2018-03-26	CVE-2018-1302	NULL Pointer Dereference vulnerability in multiple products When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. network high complexity apache canonical netapp CWE-476	5.9
2018-03-26	CVE-2018-1301	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. network high complexity apache debian canonical netapp redhat CWE-119	5.9
2018-03-26	CVE-2018-1283	In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. network high complexity apache debian canonical netapp redhat	5.3
2018-01-18	CVE-2018-2581	Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). network low complexity oracle redhat netapp	4.7