Oracle

Peoplesoft Enterprise Peopletools

339 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2020-14558

  • EPSS 0.77%
  • Veröffentlicht 15.07.2020 18:15:20
  • Zuletzt bearbeitet 21.11.2024 05:03:32

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network acces...

7.4

CVE-2020-8203

Exploit
  • EPSS 2.44%
  • Veröffentlicht 15.07.2020 17:15:11
  • Zuletzt bearbeitet 21.11.2024 05:38:29

Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.

6.1

CVE-2020-7656

Exploit
  • EPSS 1.11%
  • Veröffentlicht 19.05.2020 21:15:10
  • Zuletzt bearbeitet 21.11.2024 05:37:33

jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be...

6.1

CVE-2020-11022

Exploit
  • EPSS 22.55%
  • Veröffentlicht 29.04.2020 22:15:11
  • Zuletzt bearbeitet 21.11.2024 04:56:36

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This prob...

4.3

CVE-2020-9488

  • EPSS 0.01%
  • Veröffentlicht 27.04.2020 16:15:12
  • Zuletzt bearbeitet 21.11.2024 05:40:45

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Lo...

7.5

CVE-2020-1967

Exploit
  • EPSS 66.69%
  • Veröffentlicht 21.04.2020 14:15:11
  • Zuletzt bearbeitet 21.11.2024 05:11:45

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occur...

6.1

CVE-2020-2868

  • EPSS 0.8%
  • Veröffentlicht 15.04.2020 14:15:32
  • Zuletzt bearbeitet 21.11.2024 05:26:29

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Diagnostic Framework). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with...

7.5

CVE-2020-2859

  • EPSS 1.8%
  • Veröffentlicht 15.04.2020 14:15:31
  • Zuletzt bearbeitet 21.11.2024 05:26:28

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: nVision). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network acce...

7.1

CVE-2020-2782

  • EPSS 0.89%
  • Veröffentlicht 15.04.2020 14:15:27
  • Zuletzt bearbeitet 21.11.2024 05:26:15

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Query). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access...

6.1

CVE-2020-2797

  • EPSS 0.8%
  • Veröffentlicht 15.04.2020 14:15:27
  • Zuletzt bearbeitet 21.11.2024 05:26:17

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Process Scheduler). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with ne...