VulnerableCode Package Details - pkg:rpm/redhat/tfm-rubygem-fog-vsphere@3.2.1.1-1?arch=el7sat

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:rpm/redhat/tfm-rubygem-fog-vsphere@3.2.1.1-1?arch=el7sat

Essentials
History (12)

purl	pkg:rpm/redhat/tfm-rubygem-fog-vsphere@3.2.1.1-1?arch=el7sat

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.5

Vulnerabilities affecting this package (12)

Vulnerability	Summary	Fixed by
VCID-3qjf-azsa-fbek Aliases: CVE-2020-14060 GHSA-j823-4qch-3rgm	Deserialization of untrusted data in Jackson Databind FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).	There are no reported fixed by versions.
VCID-3wa1-khqf-x7fv Aliases: CVE-2020-10968 GHSA-rf6r-2c4q-2vwg	jackson-databind mishandles the interaction between serialization gadgets and typing FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).	There are no reported fixed by versions.
VCID-96pq-m4f3-zbad Aliases: CVE-2019-20330 GHSA-gww7-p5w4-wrfv	Deserialization of Untrusted Data in jackson-databind FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.	There are no reported fixed by versions.
VCID-9qdt-7p83-4yd8 Aliases: CVE-2020-10969 GHSA-758m-v56v-grj4	jackson-databind mishandles the interaction between serialization gadgets and typing FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.	There are no reported fixed by versions.
VCID-a5sk-5grx-eyaf Aliases: CVE-2020-11619 GHSA-27xj-rqx5-2255	jackson-databind mishandles the interaction between serialization gadgets and typing FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).	There are no reported fixed by versions.
VCID-bydt-bkf4-rbh2 Aliases: CVE-2020-9546 GHSA-5p34-5m6p-p58g	jackson-databind mishandles the interaction between serialization gadgets and typing FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).	There are no reported fixed by versions.
VCID-jvp6-892x-nkc7 Aliases: CVE-2020-9548 GHSA-p43x-xfjf-5jhr	jackson-databind mishandles the interaction between serialization gadgets and typing FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).	There are no reported fixed by versions.
VCID-pnt3-1ssq-tqau Aliases: CVE-2020-14061 GHSA-c2q3-4qrh-fm48	Deserialization of untrusted data in Jackson Databind FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).	There are no reported fixed by versions.
VCID-ruae-hqdg-m7ek Aliases: CVE-2020-9547 GHSA-q93h-jc49-78gg	jackson-databind mishandles the interaction between serialization gadgets and typing FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).	There are no reported fixed by versions.
VCID-uygc-h93v-vuh8 Aliases: CVE-2020-14062 GHSA-c265-37vj-cwcc	Deserialization of untrusted data in Jackson Databind FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).	There are no reported fixed by versions.
VCID-xnyb-nuwm-pkdr Aliases: CVE-2020-8840 GHSA-4w82-r329-3q67	Deserialization of Untrusted Data in jackson-databind FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.	There are no reported fixed by versions.
VCID-ze79-6kcg-nfcp Aliases: CVE-2020-14195 GHSA-mc6h-4qgp-37qh	Deserialization of untrusted data in Jackson Databind FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:14:32.088121+00:00	RedHat Importer	Affected by	VCID-96pq-m4f3-zbad	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20330.json	38.0.0
2026-04-01T14:11:43.407150+00:00	RedHat Importer	Affected by	VCID-jvp6-892x-nkc7	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9548.json	38.0.0
2026-04-01T14:11:19.048412+00:00	RedHat Importer	Affected by	VCID-ruae-hqdg-m7ek	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9547.json	38.0.0
2026-04-01T14:10:54.841461+00:00	RedHat Importer	Affected by	VCID-bydt-bkf4-rbh2	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9546.json	38.0.0
2026-04-01T14:10:30.715016+00:00	RedHat Importer	Affected by	VCID-xnyb-nuwm-pkdr	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8840.json	38.0.0
2026-04-01T14:10:15.941293+00:00	RedHat Importer	Affected by	VCID-9qdt-7p83-4yd8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10969.json	38.0.0
2026-04-01T14:09:34.352190+00:00	RedHat Importer	Affected by	VCID-3wa1-khqf-x7fv	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10968.json	38.0.0
2026-04-01T14:09:15.713122+00:00	RedHat Importer	Affected by	VCID-a5sk-5grx-eyaf	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11619.json	38.0.0
2026-04-01T14:06:58.022349+00:00	RedHat Importer	Affected by	VCID-pnt3-1ssq-tqau	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14061.json	38.0.0
2026-04-01T14:06:49.500424+00:00	RedHat Importer	Affected by	VCID-uygc-h93v-vuh8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14062.json	38.0.0
2026-04-01T14:06:47.240824+00:00	RedHat Importer	Affected by	VCID-3qjf-azsa-fbek	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14060.json	38.0.0
2026-04-01T14:06:18.325900+00:00	RedHat Importer	Affected by	VCID-ze79-6kcg-nfcp	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14195.json	38.0.0