Oracle Peoplesoft Enterprise Peopletools vulnerabilities

CVE-2019-2597 [MEDIUM] CVE-2019-2597: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks requi

CVE-2019-2637 [MEDIUM] CVE-2019-2637: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks requi

CVE-2019-11358 [MEDIUM] CWE-1321 CVE-2019-11358: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(t jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.

CVE-2019-0228 [CRITICAL] CWE-611 CVE-2019-0228: Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent att Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF.

CVE-2019-3856 [HIGH] CWE-190 CVE-2019-3856: An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 befo An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

CVE-2019-3857 [HIGH] CWE-190 CVE-2019-3857: An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

CVE-2019-3855 [HIGH] CWE-190 CVE-2019-3855: An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

CVE-2019-1559 [MEDIUM] CWE-203 CVE-2019-1559: If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to sen If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behave

CVE-2019-2416 [HIGH] CVE-2019-2416: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Application Server). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this v

CVE-2019-2405 [HIGH] CVE-2019-2405: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Security). Supported versions that are affected are 8.55, 8.56 and 8.57. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerabi

CVE-2019-2443 [HIGH] CVE-2019-2443: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: XML Publisher). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulne

CVE-2019-2433 [HIGH] CVE-2019-2433: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: XML Publisher). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulne

CVE-2019-2408 [MEDIUM] CVE-2019-2408: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Feeds). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human inter

CVE-2019-2423 [MEDIUM] CVE-2019-2423: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Search). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human

CVE-2019-2499 [MEDIUM] CVE-2019-2499: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Search Functionality). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks

CVE-2019-2442 [MEDIUM] CVE-2019-2442: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Fluid Core). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human

CVE-2019-2439 [MEDIUM] CVE-2019-2439: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human inte

CVE-2019-2417 [MEDIUM] CVE-2019-2417: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Performance Monitor). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of th

CVE-2019-2404 [MEDIUM] CVE-2019-2404: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerabil

CVE-2019-2471 [MEDIUM] CVE-2019-2471: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human inte