Vulnerabilities > Oracle > JD Edwards Enterpriseone Tools > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-04-23 CVE-2019-2564 Unspecified vulnerability in Oracle JD Edwards Enterpriseone Tools 9.2
Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime).
network
low complexity
oracle
4.3
2019-04-20 CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. 6.1
2019-02-27 CVE-2019-1559 Information Exposure Through Discrepancy vulnerability in multiple products
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC.
5.9
2018-08-31 CVE-2018-11057 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption.
network
high complexity
dell oracle CWE-327
5.9
2018-08-31 CVE-2018-11056 Resource Exhaustion vulnerability in multiple products
RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing ASN.1 data.
network
low complexity
dell oracle CWE-400
6.5
2018-08-31 CVE-2018-11055 Improper Resource Shutdown or Release vulnerability in multiple products
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability.
local
low complexity
dell oracle CWE-404
5.5
2018-07-18 CVE-2018-3006 Unspecified vulnerability in Oracle JD Edwards Enterpriseone Tools 9.2
Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime).
network
low complexity
oracle
6.1
2018-07-18 CVE-2018-2999 Unspecified vulnerability in Oracle JD Edwards Enterpriseone Tools 9.2
Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime).
network
low complexity
oracle
6.1
2018-07-18 CVE-2018-2950 Unspecified vulnerability in Oracle JD Edwards Enterpriseone Tools 9.2
Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime).
network
low complexity
oracle
6.1
2018-07-18 CVE-2018-2949 Unspecified vulnerability in Oracle JD Edwards Enterpriseone Tools 9.2
Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime).
network
low complexity
oracle
6.1