Product:

Peoplesoft_enterprise_peopletools

(Oracle)
Repositories https://github.com/bcgit/bc-java
https://github.com/jquery/jquery
#Vulnerabilities 330
Date Id Summary Products Score Patch Annotated
2017-11-13 CVE-2016-8610 A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. Debian_linux, M10\-1_firmware, M10\-4_firmware, M10\-4s_firmware, M12\-1_firmware, M12\-2_firmware, M12\-2s_firmware, Clustered_data_ontap, Clustered_data_ontap_antivirus_connector, Cn1610_firmware, Data_ontap, Data_ontap_edge, E\-Series_santricity_os_controller, Host_agent, Oncommand_balance, Oncommand_unified_manager, Oncommand_workflow_automation, Ontap_select_deploy, Service_processor, Smi\-S_provider, Snapcenter_server, Snapdrive, Storagegrid, Storagegrid_webscale, Openssl, Adaptive_access_manager, Application_testing_suite, Communications_analytics, Communications_ip_service_activator, Core_rdbms, Enterprise_manager_ops_center, Goldengate_application_adapters, Jd_edwards_enterpriseone_tools, Peoplesoft_enterprise_peopletools, Retail_predictive_application_server, Timesten_in\-Memory_database, Weblogic_server, Pan\-Os, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Jboss_enterprise_application_platform 7.5
2018-07-09 CVE-2018-1000613 Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes... Legion\-Of\-The\-Bouncy\-Castle\-Java\-Crytography\-Api, Oncommand_workflow_automation, Leap, Api_gateway, Banking_platform, Business_process_management_suite, Business_transaction_management, Communications_application_session_controller, Communications_converged_application_server, Communications_convergence, Communications_diameter_signaling_router, Communications_webrtc_session_controller, Data_integrator, Enterprise_manager_base_platform, Enterprise_manager_for_fusion_middleware, Enterprise_repository, Managed_file_transfer, Peoplesoft_enterprise_peopletools, Retail_convenience_and_fuel_pos_software, Retail_xstore_point_of_service, Soa_suite, Utilities_network_management_system, Webcenter_portal, Weblogic_server 9.8
2020-07-15 CVE-2020-8203 Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20. Lodash, Banking_corporate_lending_process_management, Banking_credit_facilities_process_management, Banking_extensibility_workbench, Banking_liquidity_management, Banking_supply_chain_finance, Banking_trade_finance_process_management, Banking_virtual_account_management, Blockchain_platform, Communications_billing_and_revenue_management, Communications_cloud_native_core_policy, Communications_session_border_controller, Communications_session_router, Communications_subscriber\-Aware_load_balancer, Enterprise_communications_broker, Jd_edwards_enterpriseone_tools, Peoplesoft_enterprise_peopletools, Primavera_gateway 7.4
2021-08-16 CVE-2021-22931 Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library. Active_iq_unified_manager, Nextgen_api, Oncommand_insight, Oncommand_workflow_automation, Snapcenter, Node\.js, Graalvm, Mysql_cluster, Peoplesoft_enterprise_peopletools, Sinec_infrastructure_network_services 9.8
2021-08-16 CVE-2021-22939 If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted. Debian_linux, Nextgen_api, Node\.js, Graalvm, Jd_edwards_enterpriseone_tools, Mysql_cluster, Peoplesoft_enterprise_peopletools, Sinec_infrastructure_network_services 5.3
2021-08-16 CVE-2021-22940 Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. Debian_linux, Nextgen_api, Node\.js, Graalvm, Jd_edwards_enterpriseone_tools, Peoplesoft_enterprise_peopletools, Sinec_infrastructure_network_services 7.5
2020-01-21 CVE-2019-20388 xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. Debian_linux, Fedora, Cloud_backup, Clustered_data_ontap, H300e_firmware, H300s_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Ontap_select_deploy_administration_utility, Plug\-In_for_symantec_netbackup, Smi\-S_provider, Snapdrive, Steelstore_cloud_integrated_storage, Leap, Communications_cloud_native_core_network_function_cloud_native_environment, Enterprise_manager_base_platform, Enterprise_manager_ops_center, Mysql_workbench, Peoplesoft_enterprise_peopletools, Real_user_experience_insight, Libxml2 7.5
2016-02-15 CVE-2015-3197 ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions. Openssl, Exalogic_infrastructure, Oss_support_tools, Peoplesoft_enterprise_peopletools, Tuxedo, Vm_virtualbox 5.9
2017-12-11 CVE-2017-15708 In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). So Apache Synapse 3.0.1 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows remote code execution attacks that can be performed by injecting specially crafted serialized objects. And the presence of Apache Commons Collections 3.2.1 (commons-collections-3.2.1.jar) or previous versions in Synapse distribution makes this exploitable. To mitigate the issue, we need to limit... Synapse, Financial_services_market_risk_measurement_and_management, Peoplesoft_enterprise_peopletools 9.8
2018-01-18 CVE-2015-9251 jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. Jquery, Agile_product_lifecycle_management_for_process, Banking_platform, Business_process_management_suite, Communications_converged_application_server, Communications_interactive_session_recorder, Communications_services_gatekeeper, Communications_webrtc_session_controller, Endeca_information_discovery_studio, Enterprise_manager_ops_center, Enterprise_operations_monitor, Financial_services_analytical_applications_infrastructure, Financial_services_asset_liability_management, Financial_services_data_integration_hub, Financial_services_funds_transfer_pricing, Financial_services_hedge_management_and_ifrs_valuations, Financial_services_liquidity_risk_management, Financial_services_loan_loss_forecasting_and_provisioning, Financial_services_market_risk_measurement_and_management, Financial_services_profitability_management, Financial_services_reconciliation_framework, Fusion_middleware_mapviewer, Healthcare_foundation, Healthcare_translational_research, Hospitality_cruise_fleet_management, Hospitality_guest_access, Hospitality_materials_control, Hospitality_reporting_and_analytics, Insurance_insbridge_rating_and_underwriting, Jd_edwards_enterpriseone_tools, Jdeveloper, Oss_support_tools, Peoplesoft_enterprise_peopletools, Primavera_gateway, Primavera_unifier, Real\-Time_scheduler, Retail_allocation, Retail_customer_insights, Retail_invoice_matching, Retail_sales_audit, Retail_workforce_management_software, Service_bus, Siebel_ui_framework, Utilities_framework, Utilities_mobile_workforce_management, Webcenter_sites, Weblogic_server 6.1