Vulnerabilities > Oracle > Peoplesoft Enterprise Peopletools > High

DATE CVE VULNERABILITY TITLE RISK
2024-10-15 CVE-2024-21214 Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.59/8.60/8.61
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Query).
network
low complexity
oracle
8.1
2024-10-15 CVE-2024-21255 Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.59/8.60/8.61
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: XMLPublisher).
network
low complexity
oracle
8.8
2022-03-16 CVE-2022-24729 CKEditor4 is an open source what-you-see-is-what-you-get HTML editor.
network
low complexity
ckeditor drupal oracle fedoraproject
7.5
2022-03-11 CVE-2020-36518 Out-of-bounds Write vulnerability in multiple products
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
network
low complexity
fasterxml oracle debian netapp CWE-787
7.5
2022-02-24 CVE-2021-44531 Improper Certificate Validation vulnerability in multiple products
Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates.
network
high complexity
nodejs oracle CWE-295
7.4
2022-02-24 CVE-2022-21824 Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "__proto__".
network
low complexity
nodejs oracle debian netapp
8.2
2021-10-19 CVE-2021-37136 Resource Exhaustion vulnerability in multiple products
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression).
network
low complexity
netty quarkus oracle netapp debian CWE-400
7.5
2021-10-19 CVE-2021-37137 Resource Exhaustion vulnerability in multiple products
The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage.
network
low complexity
netty oracle quarkus netapp debian CWE-400
7.5
2021-09-29 CVE-2021-22946 Cleartext Transmission of Sensitive Information vulnerability in multiple products
A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl).
7.5
2021-09-19 CVE-2021-40690 All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element.
network
low complexity
apache debian oracle
7.5