Oracle

Jd Edwards Enterpriseone Tools

147 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.9

CVE-2021-21409

  • EPSS 4.98%
  • Veröffentlicht 30.03.2021 15:15:14
  • Zuletzt bearbeitet 21.11.2024 05:48:17

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerabi...

5.9

CVE-2021-3449

  • EPSS 13.18%
  • Veröffentlicht 25.03.2021 15:15:13
  • Zuletzt bearbeitet 21.11.2024 06:21:33

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but incl...

7.4

CVE-2021-3450

  • EPSS 0.69%
  • Veröffentlicht 25.03.2021 15:15:13
  • Zuletzt bearbeitet 21.11.2024 06:21:33

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly ...

5.5

CVE-2021-20227

  • EPSS 0.21%
  • Veröffentlicht 23.03.2021 17:15:13
  • Zuletzt bearbeitet 21.11.2024 05:46:10

A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-afte...

7.8

CVE-2021-22883

  • EPSS 87.36%
  • Veröffentlicht 03.03.2021 18:15:14
  • Zuletzt bearbeitet 21.11.2024 05:50:49

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is con...

7.5

CVE-2021-22884

Exploit
  • EPSS 0.27%
  • Veröffentlicht 03.03.2021 18:15:14
  • Zuletzt bearbeitet 21.11.2024 05:50:50

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over ne...

7.5

CVE-2021-23840

  • EPSS 0.57%
  • Veröffentlicht 16.02.2021 17:15:13
  • Zuletzt bearbeitet 21.11.2024 05:51:55

Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value ...

7.2

CVE-2021-23337

Exploit
  • EPSS 0.86%
  • Veröffentlicht 15.02.2021 13:15:12
  • Zuletzt bearbeitet 21.11.2024 05:51:31

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.

5.3

CVE-2020-28500

Exploit
  • EPSS 0.2%
  • Veröffentlicht 15.02.2021 11:15:12
  • Zuletzt bearbeitet 21.11.2024 05:22:55

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.

6.5

CVE-2021-26271

  • EPSS 0.64%
  • Veröffentlicht 26.01.2021 21:15:12
  • Zuletzt bearbeitet 21.11.2024 05:56:00

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin).