Vulnerabilities (CVE)

Filtered by vendor Oracle Subscribe
Filtered by product Peoplesoft Enterprise Peopletools
Total 328 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-1000122 5 Canonical, Debian, Haxx and 2 more 9 Ubuntu Linux, Debian Linux, Curl and 6 more 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage
CVE-2018-1000121 5 Canonical, Debian, Haxx and 2 more 9 Ubuntu Linux, Debian Linux, Curl and 6 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service
CVE-2018-1000120 5 Canonical, Debian, Haxx and 2 more 9 Ubuntu Linux, Debian Linux, Curl and 6 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.
CVE-2018-0735 6 Canonical, Debian, Netapp and 3 more 23 Ubuntu Linux, Debian Linux, Cloud Backup and 20 more 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).
CVE-2018-0734 6 Canonical, Debian, Netapp and 3 more 20 Ubuntu Linux, Debian Linux, Cloud Backup and 17 more 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).
CVE-2017-10301 1 Oracle 1 Peoplesoft Enterprise Peopletools 2024-11-21 5.5 MEDIUM 8.1 HIGH
Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: Enterprise Portal). The supported version that is affected is 9.1.00. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL Interaction Hub. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise PRTL Interaction Hub accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise PRTL Interaction Hub accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).
CVE-2015-9251 2 Jquery, Oracle 47 Jquery, Agile Product Lifecycle Management For Process, Banking Platform and 44 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
CVE-2024-21214 1 Oracle 1 Peoplesoft Enterprise Peopletools 2024-10-18 N/A 8.1 HIGH
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Query). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).