Oracle

Peoplesoft Enterprise Peopletools

339 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.9

CVE-2021-23841

  • EPSS 0.67%
  • Published 16.02.2021 17:15:13
  • Last modified 21.11.2024 05:51:55

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while...

7.2

CVE-2021-23337

Exploit
  • EPSS 0.86%
  • Published 15.02.2021 13:15:12
  • Last modified 21.11.2024 05:51:31

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.

5.3

CVE-2020-28500

Exploit
  • EPSS 0.2%
  • Published 15.02.2021 11:15:12
  • Last modified 21.11.2024 05:22:55

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.

6.8

CVE-2021-2071

  • EPSS 1.23%
  • Published 20.01.2021 15:15:50
  • Last modified 21.11.2024 06:02:18

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). Supported versions that are affected are 8.56, 8.57 and 8.58. Difficult to exploit vulnerability allows unauthenticated attacker with net...

4.6

CVE-2021-2063

  • EPSS 0.15%
  • Published 20.01.2021 15:15:49
  • Last modified 21.11.2024 06:02:17

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with logon to the ...

5.8

CVE-2021-2043

  • EPSS 0.58%
  • Published 20.01.2021 15:15:48
  • Last modified 21.11.2024 06:02:15

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network acces...

9.1

CVE-2021-23926

  • EPSS 0.32%
  • Published 14.01.2021 15:15:13
  • Last modified 21.11.2024 05:52:03

The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0.

8.1

CVE-2020-28052

Exploit
  • EPSS 3.78%
  • Published 18.12.2020 01:15:12
  • Last modified 12.05.2025 17:37:16

An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previous...

7.5

CVE-2020-8286

Exploit
  • EPSS 0.28%
  • Published 14.12.2020 20:15:14
  • Last modified 21.11.2024 05:38:39

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.

4.3

CVE-2020-8284

  • EPSS 0.1%
  • Published 14.12.2020 20:15:13
  • Last modified 21.11.2024 05:38:39

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed,...