Vulnerabilities > Oracle > Peoplesoft Enterprise Peopletools
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-03-25 | CVE-2021-3450 | Improper Certificate Validation vulnerability in multiple products The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. | 7.4 |
2021-03-25 | CVE-2021-3449 | NULL Pointer Dereference vulnerability in multiple products An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. | 5.9 |
2021-03-23 | CVE-2021-21345 | OS Command Injection vulnerability in multiple products XStream is a Java library to serialize objects to XML and back again. | 9.9 |
2021-03-19 | CVE-2021-27906 | A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. | 5.5 |
2021-03-15 | CVE-2021-28363 | Improper Certificate Validation vulnerability in multiple products The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. | 6.5 |
2021-03-03 | CVE-2021-22884 | Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. | 7.5 |
2021-03-03 | CVE-2021-22883 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. | 7.5 |
2021-02-23 | CVE-2021-27568 | Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. | 5.9 |
2021-02-16 | CVE-2021-23841 | NULL Pointer Dereference vulnerability in multiple products The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. | 5.9 |
2021-02-15 | CVE-2021-23337 | Code Injection vulnerability in multiple products Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. | 7.2 |