Oncommand api services

This hub aggregates every CVE we track for Oncommand api services, a product in the hardware firmware space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Oncommand api services.

• CVE-2021-21409Possible request smuggling in HTTP/2 due missing validation of content-length5.9Mar 30, 2021
• CVE-2021-21295Possible request smuggling in HTTP/2 due missing validation5.9Mar 9, 2021
• CVE-2021-20190A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidenti...8.1Jan 19, 2021
• CVE-2020-25649A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from...7.5Dec 3, 2020
• CVE-2020-10683dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing ...9.8May 1, 2020
• CVE-2020-11612The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty ser...7.5Apr 7, 2020
• CVE-2019-14893A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when...9.8Mar 2, 2020
• CVE-2020-8840FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.9.8Feb 10, 2020
• CVE-2019-20330FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.9.8Jan 3, 2020
• CVE-2019-17359The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.7.5Oct 8, 2019
• CVE-2019-17267A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.9.8Oct 6, 2019
• CVE-2019-16943A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed J...9.8Oct 1, 2019
• CVE-2019-16942A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed J...9.8Oct 1, 2019
• CVE-2019-16335A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.9.8Sep 15, 2019
• CVE-2019-14540A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.9.8Sep 15, 2019