Oracle

Peoplesoft Enterprise Peopletools

354 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2021-27906

  • EPSS 0.65%
  • Veröffentlicht 19.03.2021 16:15:13
  • Zuletzt bearbeitet 21.11.2024 05:58:45

A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.

6.5

CVE-2021-28363

  • EPSS 0.11%
  • Veröffentlicht 15.03.2021 18:15:19
  • Zuletzt bearbeitet 21.11.2024 05:59:35

The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn't given via proxy_config) doesn't verify the hostname...

7.8

CVE-2021-22883

  • EPSS 89.43%
  • Veröffentlicht 03.03.2021 18:15:14
  • Zuletzt bearbeitet 21.11.2024 05:50:49

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is con...

7.5

CVE-2021-22884

Exploit
  • EPSS 0.27%
  • Veröffentlicht 03.03.2021 18:15:14
  • Zuletzt bearbeitet 21.11.2024 05:50:50

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over ne...

5.9

CVE-2021-27568

Exploit
  • EPSS 0.7%
  • Veröffentlicht 23.02.2021 02:15:12
  • Zuletzt bearbeitet 21.11.2024 05:58:12

An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs us...

5.9

CVE-2021-23841

  • EPSS 0.96%
  • Veröffentlicht 16.02.2021 17:15:13
  • Zuletzt bearbeitet 21.11.2024 05:51:55

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while...

7.2

CVE-2021-23337

Exploit
  • EPSS 3.29%
  • Veröffentlicht 15.02.2021 13:15:12
  • Zuletzt bearbeitet 21.11.2024 05:51:31

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.

5.3

CVE-2020-28500

Exploit
  • EPSS 0.25%
  • Veröffentlicht 15.02.2021 11:15:12
  • Zuletzt bearbeitet 21.11.2024 05:22:55

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.

6.8

CVE-2021-2071

  • EPSS 1.23%
  • Veröffentlicht 20.01.2021 15:15:50
  • Zuletzt bearbeitet 21.11.2024 06:02:18

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). Supported versions that are affected are 8.56, 8.57 and 8.58. Difficult to exploit vulnerability allows unauthenticated attacker with net...

4.6

CVE-2021-2063

  • EPSS 0.15%
  • Veröffentlicht 20.01.2021 15:15:49
  • Zuletzt bearbeitet 21.11.2024 06:02:17

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with logon to the ...