Vulnerabilities > Oracle > Peoplesoft Enterprise PT Peopletools > 8.58

DATE	CVE	VULNERABILITY TITLE	RISK
2020-12-02	CVE-2020-13956	Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. network low complexity apache quarkus oracle netapp	5.3
2019-12-12	CVE-2017-18640	XML Entity Expansion vulnerability in multiple products The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564. network low complexity snakeyaml-project fedoraproject quarkus oracle CWE-776	7.5
2019-08-30	CVE-2019-12402	Infinite Loop vulnerability in multiple products The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. network low complexity apache fedoraproject oracle CWE-835	7.5
2019-08-20	CVE-2019-10086	Deserialization of Untrusted Data vulnerability in multiple products In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. network low complexity apache debian opensuse fedoraproject redhat oracle CWE-502	7.3

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.