📦 Peoplesoft Enterprise Peopletools

CVE-2022-21543 is a critical vulnerability in Oracle PeopleSoft Enterprise PeopleTools that allows unauthenticated attackers to remotely execute arbitrary code via HTTP. This affects PeopleSoft Enterp...

Node.js DNS library vulnerability allows remote code execution, XSS, and application crashes due to improper validation of DNS responses. Attackers can inject malicious hostnames leading to domain hij...

This vulnerability in XMLBeans XML parsers allows attackers to perform XML Entity Expansion (XXE) attacks by submitting malicious XML input. It affects all applications using XMLBeans up to version 2....

This vulnerability allows unauthenticated attackers to cause denial of service (DoS) attacks against Oracle PeopleSoft Enterprise PeopleTools by sending specially crafted HTTP requests to the OpenSear...

This vulnerability in Oracle PeopleSoft Enterprise PeopleTools allows authenticated attackers with low privileges to perform unauthorized data manipulation and access via HTTP. It affects PeopleSoft E...

CVE-2020-36518 is a denial-of-service vulnerability in Jackson Databind where processing deeply nested JSON objects causes a Java StackOverflowError, crashing the application. This affects any Java ap...

This CVE describes a prototype pollution vulnerability in Node.js's console.table() function when user-controlled input is passed to the 'properties' parameter alongside an object with '__proto__' as ...

This vulnerability in Node.js allows attackers to bypass certificate name constraints by using arbitrary Subject Alternative Name (SAN) types, particularly URI SANs. It affects Node.js applications th...

CVE-2021-37136 is a denial-of-service vulnerability in Netty's Bzip2Decoder that allows attackers to trigger out-of-memory errors by sending specially crafted Bzip2 compressed data. The vulnerability ...

CVE-2021-36160 is an out-of-bounds read vulnerability in Apache HTTP Server's mod_proxy_uwsgi module. A specially crafted URI path can cause the server to read beyond allocated memory boundaries, lead...

This OpenSSL vulnerability allows attackers to cause buffer overruns when applications directly construct ASN.1 strings without proper NUL termination. Exploitation can lead to denial of service or me...

CVE-2021-22940 is a use-after-free vulnerability in Node.js that allows memory corruption attacks. An attacker could exploit this to potentially execute arbitrary code or crash the Node.js process. Th...

CVE-2021-37695 is a cross-site scripting (XSS) vulnerability in CKEditor 4's Fake Objects plugin that allows attackers to inject malicious HTML that can execute JavaScript code in victims' browsers. I...

CVE-2021-32808 is a cross-site scripting (XSS) vulnerability in CKEditor 4 that allows attackers to execute arbitrary JavaScript code by exploiting a flaw in the clipboard Widget plugin when used with...

This vulnerability allows attackers to trick libcurl applications into using a malicious client certificate instead of the intended one when running in writable directories like /tmp. It affects appli...

This vulnerability in Oracle Database's Advanced Networking Option allows attackers to bypass network encryption protections and potentially compromise the component. It affects Oracle Database Server...

CVE-2021-35515 is a denial-of-service vulnerability in Apache Commons Compress's 7Z archive handling. When processing a specially crafted 7Z file, the codec list construction can enter an infinite loo...

CVE-2021-35517 is a denial-of-service vulnerability in Apache Commons Compress where specially crafted TAR archives can trigger excessive memory allocation, leading to out-of-memory errors. This affec...

A use-after-free vulnerability in libxml2 versions before 2.9.11 allows attackers to submit crafted XML files to applications using this library, potentially leading to arbitrary code execution. This ...

This OpenSSL vulnerability allows certificate chain validation to be bypassed when the X509_V_FLAG_X509_STRICT flag is explicitly set. It affects applications using OpenSSL 1.1.1h-1.1.1j that enable s...

Node.js servers are vulnerable to denial of service attacks when attackers establish numerous connections with unknown protocols, causing file descriptor leaks. This can exhaust system resources, prev...

Lodash versions before 4.17.21 contain a command injection vulnerability in the template function that allows attackers to execute arbitrary commands on the host system. This affects any application u...

This vulnerability in Oracle PeopleSoft Enterprise PeopleTools allows authenticated attackers with low privileges to read sensitive data they shouldn't have access to. It affects PeopleSoft Enterprise...

This vulnerability in Oracle PeopleSoft Enterprise PeopleTools allows unauthenticated attackers with network access via HTTP to compromise the system. It requires human interaction (like clicking a ma...

This vulnerability in Oracle PeopleSoft Enterprise PeopleTools allows authenticated high-privilege attackers to modify or read sensitive data via HTTP requests. It affects PeopleSoft Enterprise People...

This vulnerability in Oracle PeopleSoft Enterprise PeopleTools allows authenticated attackers with low privileges to perform unauthorized data manipulation and limited data reading. It affects PeopleS...

This vulnerability in Oracle PeopleSoft Enterprise PeopleTools allows high-privileged attackers with network access via HTTP to gain unauthorized access to critical data. It affects PeopleSoft Enterpr...

This vulnerability in Oracle PeopleSoft Enterprise PeopleTools allows unauthenticated attackers with network access via HTTP to compromise the system. It requires human interaction from someone other ...

This vulnerability in Oracle PeopleSoft Enterprise PeopleTools allows authenticated attackers with low privileges to manipulate data via the Rich Text Editor component. Successful exploitation require...

This vulnerability in Oracle PeopleSoft Enterprise PeopleTools allows unauthenticated attackers to read sensitive data by tricking users into clicking malicious links. It affects PeopleSoft Enterprise...

This vulnerability in Oracle PeopleSoft Enterprise PeopleTools allows authenticated attackers with low privileges to read sensitive data they shouldn't have access to. It affects PeopleSoft Enterprise...

This vulnerability in Google Guava's createTempDir() method creates temporary directories with world-readable permissions on Unix-like systems, allowing any user on the same machine to potentially rea...