CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-2602
https://notcve.org/view.php?id=CVE-2020-2602
15 Jan 2020 — Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Tree Manager). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional produc... • https://www.oracle.com/security-alerts/cpujan2020.html •
CVSS: 7.6EPSS: 2%CPEs: 7EXPL: 2CVE-2017-18640 – snakeyaml: Billion laughs attack via alias feature
https://notcve.org/view.php?id=CVE-2017-18640
12 Dec 2019 — The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564. La función Alias en SnakeYAML antes de la versión 1.26 permite la expansión de entidades durante una operación de carga, un problema relacionado con CVE-2003-1564 This release of Red Hat Fuse 7.9.0 serves as a replacement for Red Hat Fuse 7.8, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed incl... • https://bitbucket.org/asomov/snakeyaml/issues/377/allow-configuration-for-preventing-billion • CWE-122: Heap-based Buffer Overflow CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 5.3EPSS: 4%CPEs: 18EXPL: 0CVE-2019-1551 – rsaz_512_sqr overflow bug on x86_64
https://notcve.org/view.php?id=CVE-2019-1551
06 Dec 2019 — There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-3014
https://notcve.org/view.php?id=CVE-2019-3014
16 Oct 2019 — Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Performance Monitor). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional... • http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-3015
https://notcve.org/view.php?id=CVE-2019-3015
16 Oct 2019 — Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Integration Broker). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). • http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html •
CVSS: 4.7EPSS: 1%CPEs: 2EXPL: 0CVE-2019-3023
https://notcve.org/view.php?id=CVE-2019-3023
16 Oct 2019 — Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Stylesheet). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products... • http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-2985
https://notcve.org/view.php?id=CVE-2019-2985
16 Oct 2019 — Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Fluid Core). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products... • http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html •
CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2019-2932
https://notcve.org/view.php?id=CVE-2019-2932
16 Oct 2019 — Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Tree Manager). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. While the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critic... • http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-2915
https://notcve.org/view.php?id=CVE-2019-2915
16 Oct 2019 — Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Fluid Core). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products... • http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-2929
https://notcve.org/view.php?id=CVE-2019-2929
16 Oct 2019 — Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Su... • http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html •