Oracle

Peoplesoft Enterprise Peopletools

339 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.9

CVE-2021-23841

  • EPSS 0.67%
  • Veröffentlicht 16.02.2021 17:15:13
  • Zuletzt bearbeitet 21.11.2024 05:51:55

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while...

7.2

CVE-2021-23337

Exploit
  • EPSS 0.86%
  • Veröffentlicht 15.02.2021 13:15:12
  • Zuletzt bearbeitet 21.11.2024 05:51:31

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.

5.3

CVE-2020-28500

Exploit
  • EPSS 0.2%
  • Veröffentlicht 15.02.2021 11:15:12
  • Zuletzt bearbeitet 21.11.2024 05:22:55

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.

6.8

CVE-2021-2071

  • EPSS 1.23%
  • Veröffentlicht 20.01.2021 15:15:50
  • Zuletzt bearbeitet 21.11.2024 06:02:18

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). Supported versions that are affected are 8.56, 8.57 and 8.58. Difficult to exploit vulnerability allows unauthenticated attacker with net...

4.6

CVE-2021-2063

  • EPSS 0.15%
  • Veröffentlicht 20.01.2021 15:15:49
  • Zuletzt bearbeitet 21.11.2024 06:02:17

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with logon to the ...

5.8

CVE-2021-2043

  • EPSS 0.58%
  • Veröffentlicht 20.01.2021 15:15:48
  • Zuletzt bearbeitet 21.11.2024 06:02:15

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network acces...

9.1

CVE-2021-23926

  • EPSS 0.32%
  • Veröffentlicht 14.01.2021 15:15:13
  • Zuletzt bearbeitet 21.11.2024 05:52:03

The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0.

8.1

CVE-2020-28052

Exploit
  • EPSS 3.78%
  • Veröffentlicht 18.12.2020 01:15:12
  • Zuletzt bearbeitet 12.05.2025 17:37:16

An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previous...

7.5

CVE-2020-8286

Exploit
  • EPSS 0.28%
  • Veröffentlicht 14.12.2020 20:15:14
  • Zuletzt bearbeitet 21.11.2024 05:38:39

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.

4.3

CVE-2020-8284

  • EPSS 0.1%
  • Veröffentlicht 14.12.2020 20:15:13
  • Zuletzt bearbeitet 21.11.2024 05:38:39

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed,...