Oracle

Peoplesoft Enterprise Peopletools

355 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 2.8%
  • Veröffentlicht 29.09.2021 20:15:08
  • Zuletzt bearbeitet 16.04.2026 15:16:44

When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not ...

  • EPSS 10.45%
  • Veröffentlicht 19.09.2021 18:15:07
  • Zuletzt bearbeitet 21.11.2024 06:24:34

All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacke...

  • EPSS 64.51%
  • Veröffentlicht 16.09.2021 15:15:07
  • Zuletzt bearbeitet 21.11.2024 06:11:13

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.

  • EPSS 62.89%
  • Veröffentlicht 16.09.2021 15:15:07
  • Zuletzt bearbeitet 01.05.2025 15:40:05

A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).

  • EPSS 87.82%
  • Veröffentlicht 24.08.2021 15:15:09
  • Zuletzt bearbeitet 21.11.2024 06:22:12

In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen...

Warnung
  • EPSS 50.45%
  • Veröffentlicht 24.08.2021 15:15:09
  • Zuletzt bearbeitet 16.04.2026 15:16:45

ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the s...

  • EPSS 6.87%
  • Veröffentlicht 18.08.2021 15:15:08
  • Zuletzt bearbeitet 21.11.2024 06:15:46

jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the par...

Exploit
  • EPSS 21.95%
  • Veröffentlicht 16.08.2021 19:15:13
  • Zuletzt bearbeitet 21.11.2024 05:50:57

Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostna...

Exploit
  • EPSS 14.73%
  • Veröffentlicht 16.08.2021 19:15:13
  • Zuletzt bearbeitet 21.11.2024 05:50:58

If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted.

  • EPSS 13.86%
  • Veröffentlicht 16.08.2021 19:15:13
  • Zuletzt bearbeitet 21.11.2024 05:50:58

Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.