CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0CVE-2020-14564 – Gentoo Linux Security Advisory 202105-27
https://notcve.org/view.php?id=CVE-2020-14564
15 Jul 2020 — Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Environment Mgmt Console). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 2.... • https://security.gentoo.org/glsa/202105-27 •
CVSS: 6.9EPSS: 2%CPEs: 206EXPL: 6CVE-2020-11022 – Potential XSS vulnerability in jQuery
https://notcve.org/view.php?id=CVE-2020-11022
29 Apr 2020 — In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. En las versiones de jQuery mayores o iguales a 1.2 y anteriores a la versión 3.5.0, se puede ejecutar HTML desde fuentes no seguras, incluso después de desinfectarlo, a uno de los métodos de manipulación DOM de jQuery (es decir .h... • https://packetstorm.news/files/id/162159 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 101EXPL: 0CVE-2020-9488 – log4j: improper validation of certificate with host mismatch in SMTP appender
https://notcve.org/view.php?id=CVE-2020-9488
27 Apr 2020 — Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1 Validación incorrecta del certificado con desajuste de host en el apéndice SMTP de Apache Log4j. Esto podría permitir que una conexión SMTPS fuera interceptada por un ataque de tipo man-in-the-middle que podría filtrar cualquier mensaje de ... • https://issues.apache.org/jira/browse/LOG4J2-2819 • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 60%CPEs: 38EXPL: 2CVE-2020-1967 – Segmentation fault in SSL_check_chain
https://notcve.org/view.php?id=CVE-2020-1967
21 Apr 2020 — Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL ver... • https://packetstorm.news/files/id/157527 • CWE-476: NULL Pointer Dereference •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2020-2868
https://notcve.org/view.php?id=CVE-2020-2868
15 Apr 2020 — Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Diagnostic Framework). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact add... • https://www.oracle.com/security-alerts/cpuapr2020.html •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2020-2859
https://notcve.org/view.php?id=CVE-2020-2859
15 Apr 2020 — Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: nVision). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.0 Base Score 7.5 (... • https://www.oracle.com/security-alerts/cpuapr2020.html •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2020-2782
https://notcve.org/view.php?id=CVE-2020-2782
15 Apr 2020 — Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Query). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional product... • https://www.oracle.com/security-alerts/cpuapr2020.html •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2020-2797
https://notcve.org/view.php?id=CVE-2020-2797
15 Apr 2020 — Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Process Scheduler). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additi... • https://www.oracle.com/security-alerts/cpuapr2020.html •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-2775
https://notcve.org/view.php?id=CVE-2020-2775
15 Apr 2020 — Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). • https://www.oracle.com/security-alerts/cpuapr2020.html •
CVSS: 8.6EPSS: 1%CPEs: 2EXPL: 0CVE-2020-2776
https://notcve.org/view.php?id=CVE-2020-2776
15 Apr 2020 — Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. While the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a ... • https://www.oracle.com/security-alerts/cpuapr2020.html •