Vulnerabilities > Oracle > Peoplesoft Enterprise Peopletools
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-20 | CVE-2021-35609 | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.57/8.58/8.59 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: SQR). | 6.5 |
| 2021-10-20 | CVE-2021-35568 | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.57/8.58/8.59 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Rich Text Editor). | 6.1 |
| 2021-10-19 | CVE-2021-37136 | Resource Exhaustion vulnerability in multiple products The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). | 7.5 |
| 2021-10-19 | CVE-2021-37137 | Resource Exhaustion vulnerability in multiple products The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. | 7.5 |
| 2021-09-29 | CVE-2021-22946 | Cleartext Transmission of Sensitive Information vulnerability in multiple products A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). | 7.5 |
| 2021-09-29 | CVE-2021-22947 | Insufficient Verification of Data Authenticity vulnerability in multiple products When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. | 5.9 |
| 2021-09-19 | CVE-2021-40690 | Information Exposure vulnerability in multiple products All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. | 7.5 |
| 2021-09-16 | CVE-2021-34798 | NULL Pointer Dereference vulnerability in multiple products Malformed requests may cause the server to dereference a NULL pointer. | 7.5 |
| 2021-09-16 | CVE-2021-36160 | Out-of-bounds Read vulnerability in multiple products A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). | 7.5 |
| 2021-08-24 | CVE-2021-3711 | Classic Buffer Overflow vulnerability in multiple products In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). | 9.8 |