U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:oracle:banking_virtual_account_managemen:14.5:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 12 matching records.
Displaying matches 1 through 12.
Vuln ID Summary CVSS Severity
CVE-2020-36183

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.

Published: January 06, 2021; 7:15:15 PM -0500
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-36182

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.

Published: January 06, 2021; 7:15:14 PM -0500
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-36180

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.

Published: January 06, 2021; 7:15:14 PM -0500
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-36179

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.

Published: January 06, 2021; 7:15:14 PM -0500
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-36188

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource.

Published: January 06, 2021; 6:15:13 PM -0500
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-36187

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.

Published: January 06, 2021; 6:15:13 PM -0500
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-36186

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.

Published: January 06, 2021; 6:15:13 PM -0500
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-36185

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource.

Published: January 06, 2021; 6:15:13 PM -0500
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-36184

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.

Published: January 06, 2021; 6:15:13 PM -0500
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-36181

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.

Published: January 06, 2021; 6:15:12 PM -0500
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-35728

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).

Published: December 27, 2020; 12:15:11 AM -0500
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-26217

XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14.

Published: November 16, 2020; 4:15:12 PM -0500
V3.1: 8.8 HIGH
V2.0: 9.3 HIGH