Vulnerabilities > Oracle > Peoplesoft Enterprise Peopletools > 8.58

DATE	CVE	VULNERABILITY TITLE	RISK
2019-10-08	CVE-2019-17359	Allocation of Resources Without Limits or Throttling vulnerability in multiple products The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. network low complexity bouncycastle apache netapp oracle CWE-770	7.5
2019-09-06	CVE-2019-16056	An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. network low complexity python fedoraproject debian canonical redhat oracle opensuse	7.5
2019-06-19	CVE-2019-2729	Improper Access Control vulnerability in Oracle products Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). network low complexity oracle CWE-284 critical	9.8
2019-05-01	CVE-2019-0227	Server-Side Request Forgery (SSRF) vulnerability in multiple products A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. high complexity apache oracle CWE-918	7.5
2019-04-26	CVE-2019-2725	Injection vulnerability in Oracle products Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). network low complexity oracle CWE-74 critical	9.8
2019-04-20	CVE-2019-11358	jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. network low complexity jquery debian drupal backdropcms fedoraproject opensuse netapp redhat oracle joomla juniper	6.1
2019-04-17	CVE-2019-0228	XXE vulnerability in multiple products Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF. network low complexity apache fedoraproject oracle CWE-611 critical	9.8
2018-08-02	CVE-2018-8032	Cross-site Scripting vulnerability in multiple products Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services. network low complexity apache oracle debian CWE-79	6.1
2017-11-13	CVE-2016-8610	A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. network low complexity openssl debian redhat netapp paloaltonetworks oracle fujitsu	7.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.