CVE-2022-21470
- EPSS 0.8%
- Veröffentlicht 19.04.2022 21:15:17
- Zuletzt bearbeitet 21.11.2024 06:44:46
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Process Scheduler). Supported versions that are affected are 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network ...
CVE-2022-21456
- EPSS 0.63%
- Veröffentlicht 19.04.2022 21:15:16
- Zuletzt bearbeitet 21.11.2024 06:44:44
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Navigation Pages, Portal, Query). Supported versions that are affected are 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker...
CVE-2022-21458
- EPSS 0.77%
- Veröffentlicht 19.04.2022 21:15:16
- Zuletzt bearbeitet 21.11.2024 06:44:44
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Navigation Pages, Portal, Query). Supported versions that are affected are 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker...
CVE-2022-24729
- EPSS 2.45%
- Veröffentlicht 16.03.2022 17:15:07
- Zuletzt bearbeitet 21.11.2024 06:50:57
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a ...
CVE-2022-24728
- EPSS 1.16%
- Veröffentlicht 16.03.2022 16:15:10
- Zuletzt bearbeitet 21.11.2024 06:50:57
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to in...
CVE-2020-36518
- EPSS 4.86%
- Veröffentlicht 11.03.2022 07:15:07
- Zuletzt bearbeitet 27.08.2025 21:15:36
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
CVE-2022-21824
- EPSS 21.51%
- Veröffentlicht 24.02.2022 19:15:10
- Zuletzt bearbeitet 21.11.2024 06:45:30
Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, whi...
CVE-2021-44531
- EPSS 8.37%
- Veröffentlicht 24.02.2022 19:15:09
- Zuletzt bearbeitet 21.11.2024 06:31:10
Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting U...
CVE-2021-44532
- EPSS 10.36%
- Veröffentlicht 24.02.2022 19:15:09
- Zuletzt bearbeitet 21.11.2024 06:31:10
Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an inje...
CVE-2021-44533
- EPSS 9.36%
- Veröffentlicht 24.02.2022 19:15:09
- Zuletzt bearbeitet 21.11.2024 06:31:10
Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a m...