7 results (0.018 seconds)

CVSS: 7.5EPSS: 8%CPEs: 38EXPL: 1

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. • https://github.com/irsl/CVE-2020-1967 http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.html http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html http://seclists.org/fulldisclosure/2020/May/5 http://www.openwall.com/lists/oss-security/2020/04/22/2 https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=eb563247aef3e83dda7679c43f9649270462e5b1 https:/&# • CWE-476: NULL Pointer Dereference •

CVSS: 3.2EPSS: 0%CPEs: 4EXPL: 0

Unspecified vulnerability in the JDE EnterpriseOne Business Service Server component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.97.2.2 and 8.98.0.1 allows local users to affect confidentiality and integrity via unknown vectors. Una vulnerabilidad sin especificar en el componente JDE EnterpriseOne Business Service Server de Oracle PeopleSoft Enterprise, y de JD Edwards EnterpriseOne 8.97.2.2 y 8.98.0.1 permite a un usuario local comprometer la integridad de los datos por medio de un ataque desconocido. • http://secunia.com/advisories/32291 http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html http://www.securitytracker.com/id?1021055 http://www.vupen.com/english/advisories/2008/2825 https://exchange.xforce.ibmcloud.com/vulnerabilities/45906 •

CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0

Unspecified vulnerability in the PeopleSoft HCM ePerformance component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9 and 9.0 has unknown impact and remote attack vectors, aka PSE03. Vulnerabilidad no especificada en el componente PeopleSoft HCM ePerformance en Oracle PeopleSoft Enterprise y JD Edwards EnterpriseOne 8.9 y 9.0 tiene impacto y vectores de ataque remoto desconocidos, también conocida como PSE03. • http://secunia.com/advisories/29829 http://secunia.com/advisories/29874 http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html http://www.securityfocus.com/archive/1/491024/100/0/threaded http://www.securitytracker.com/id?1019855 http://www.vupen.com/english/advisories/2008/1233/references http://www.vupen.com/english/advisories/2008/1267/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41858 https://exchange.xforce.ibmcloud.com/vulnerabilities/42067 •

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0

Unspecified vulnerability in the HTML Server in Oracle JD Edwards EnterpriseOne SP23_Q1 and 8.96.I1 has unknown impact and local attack vectors, aka JDE01. Vulnerabilidad no especificada en el Servidor HTML de Oracle JD Edwards EnterpriseOne SP23_Q1 y 8.96.I1 tiene impacto y vectores de ataque desconocidos, también conocido como JDE01. • http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html http://www.securityfocus.com/archive/1/466329/100/200/threaded http://www.securityfocus.com/bid/23532 http://www.securitytracker.com/id?1017927 http://www.us-cert.gov/cas/techalerts/TA07-108A.html http://www.vupen.com/english/advisories/2007/1426 •

CVSS: 9.0EPSS: 1%CPEs: 3EXPL: 0

Unspecified vulnerability in JD Edwards HTML Server in JD Edwards EnterpriseOne SP23_O2, 8.95.P1, and 8.96.D1 has unknown impact and remote authenticated attack vectors, aka Vuln# JDE01. Vulnerabilidad no especificada en JD Edwards HTML Server en JD Edwards EnterpriseOne SP23_O2, 8.95.P1, y 8.96.D1 tiene impacto y vectores de ataque remotos autenticados desconocidos, también conocido como Vuln# JDE01. • http://secunia.com/advisories/22396 http://securitytracker.com/id?1017077 http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html http://www.securityfocus.com/archive/1/449711/100/0/threaded http://www.securityfocus.com/bid/20588 http://www.us-cert.gov/cas/techalerts/TA06-291A.html http://www.vupen.com/english/advisories/2006/4065 •