Netapp

Oncommand Api Services

19 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.9

CVE-2021-21409

  • EPSS 4.98%
  • Published 30.03.2021 15:15:14
  • Last modified 21.11.2024 05:48:17

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerabi...

5.9

CVE-2021-21295

  • EPSS 0.96%
  • Published 09.03.2021 19:15:12
  • Last modified 21.11.2024 05:47:57

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerabi...

8.3

CVE-2021-20190

  • EPSS 0.32%
  • Published 19.01.2021 17:15:13
  • Last modified 27.08.2025 21:15:36

A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

7.5

CVE-2020-25649

  • EPSS 0.01%
  • Published 03.12.2020 17:15:12
  • Last modified 21.11.2024 05:18:20

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

9.8

CVE-2020-10683

  • EPSS 1.96%
  • Published 01.05.2020 19:15:12
  • Last modified 21.11.2024 04:55:50

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any a...

7.5

CVE-2020-11612

  • EPSS 1.85%
  • Published 07.04.2020 18:15:13
  • Last modified 21.11.2024 04:58:14

The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free m...

9.8

CVE-2019-14893

  • EPSS 0.7%
  • Published 02.03.2020 21:15:17
  • Last modified 21.11.2024 04:27:37

A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling m...

9.8

CVE-2020-8840

  • EPSS 8.16%
  • Published 10.02.2020 21:56:10
  • Last modified 21.11.2024 05:39:32

FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.

9.8

CVE-2019-20330

  • EPSS 2%
  • Published 03.01.2020 04:15:12
  • Last modified 21.11.2024 04:38:16

FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.

7.5

CVE-2019-17359

  • EPSS 7.63%
  • Published 08.10.2019 14:15:10
  • Last modified 12.05.2025 17:37:16

The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.