Vulnerabilities > Oracle > Peoplesoft Enterprise Peopletools > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-02-15 CVE-2020-28500 Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
network
low complexity
lodash oracle siemens
5.3
2020-12-08 CVE-2020-1971 NULL Pointer Dereference vulnerability in multiple products
The X.509 GeneralName type is a generic type for representing different types of names.
5.9
2020-12-02 CVE-2020-13956 Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
network
low complexity
apache quarkus oracle netapp
5.3
2020-11-12 CVE-2020-27193 Cross-site Scripting vulnerability in multiple products
A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs.
network
low complexity
ckeditor oracle CWE-79
6.1
2020-09-04 CVE-2020-24977 Out-of-bounds Read vulnerability in multiple products
GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c.
6.5
2020-07-27 CVE-2020-7017 Cross-site Scripting vulnerability in multiple products
In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw.
network
high complexity
elasticsearch oracle CWE-79
6.7
2020-07-27 CVE-2020-7016 Resource Exhaustion vulnerability in multiple products
Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion.
network
high complexity
elasticsearch oracle CWE-400
4.8
2020-07-15 CVE-2020-14627 Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57/8.58
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Query).
network
low complexity
oracle
6.1
2020-07-15 CVE-2020-14600 Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57/8.58
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal).
network
low complexity
oracle
4.3
2020-07-15 CVE-2020-14592 Cross-site Scripting vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57/8.58
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Rich Text Editor).
network
low complexity
oracle CWE-79
6.1