CVSS: 5.7EPSS: 0%CPEs: 2EXPL: 0CVE-2021-35606
https://notcve.org/view.php?id=CVE-2021-35606
20 Oct 2021 — Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft (component: Notification Framework). Supported versions that are affected are 9.0 and 9.2. Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the PeopleSoft Enterprise CS Campus Community executes to compromise PeopleSoft Enterprise CS Campus Community. Successful attacks of this vulnerability can result in unauthorized acce... • https://www.oracle.com/security-alerts/cpuoct2021.html •
CVSS: 5.7EPSS: 0%CPEs: 2EXPL: 0CVE-2021-35601
https://notcve.org/view.php?id=CVE-2021-35601
20 Oct 2021 — Vulnerability in the PeopleSoft Enterprise CS SA Integration Pack product of Oracle PeopleSoft (component: Students Administration). Supported versions that are affected are 9.0 and 9.2. Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the PeopleSoft Enterprise CS SA Integration Pack executes to compromise PeopleSoft Enterprise CS SA Integration Pack. Successful attacks of this vulnerability can result in unautho... • https://www.oracle.com/security-alerts/cpuoct2021.html •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-35595
https://notcve.org/view.php?id=CVE-2021-35595
20 Oct 2021 — Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Business Interlink). Supported versions that are affected are 8.57, 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact addit... • https://www.oracle.com/security-alerts/cpuoct2021.html •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-35571
https://notcve.org/view.php?id=CVE-2021-35571
20 Oct 2021 — Vulnerability in the PeopleSoft Enterprise CS Academic Advisement product of Oracle PeopleSoft (component: Advising Notes). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CS Academic Advisement. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise CS Academic Advisement accessible data as well as unaut... • https://www.oracle.com/security-alerts/cpuoct2021.html •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-35568
https://notcve.org/view.php?id=CVE-2021-35568
20 Oct 2021 — Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Rich Text Editor). Supported versions that are affected are 8.57, 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additio... • https://www.oracle.com/security-alerts/cpuoct2021.html •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-35553
https://notcve.org/view.php?id=CVE-2021-35553
20 Oct 2021 — Vulnerability in the PeopleSoft Enterprise CS Student Records product of Oracle PeopleSoft (component: Class Search). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CS Student Records. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise CS Student Records, attacks may significantly impact additi... • https://www.oracle.com/security-alerts/cpuoct2021.html •
CVSS: 8.1EPSS: 1%CPEs: 1EXPL: 0CVE-2021-35543
https://notcve.org/view.php?id=CVE-2021-35543
20 Oct 2021 — Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Activity Guide Composer). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CC Common Application Objects. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise CC Common... • https://www.oracle.com/security-alerts/cpuoct2021.html •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-35541
https://notcve.org/view.php?id=CVE-2021-35541
20 Oct 2021 — Vulnerability in the PeopleSoft Enterprise SCM product of Oracle PeopleSoft (component: Supplier Portal). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise SCM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise SCM, attacks may significantly impact additional products. Successful attacks of this ... • https://www.oracle.com/security-alerts/cpuoct2021.html •
CVSS: 7.5EPSS: 0%CPEs: 38EXPL: 0CVE-2021-37136 – netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data
https://notcve.org/view.php?id=CVE-2021-37136
19 Oct 2021 — The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack La función Bzip2 decompression decoder no permite establecer restricciones de tamaño en los datos de salida descomprimidos (lo que afecta al tamaño de asignación usado durante la descompresión). Todos los usuarios de Bzip2Decoder están ... • https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 0CVE-2021-37137 – netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way
https://notcve.org/view.php?id=CVE-2021-37137
19 Oct 2021 — The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk. La función Snappy frame decoder no restringe la longitud de los trozos, lo que puede co... • https://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363 • CWE-400: Uncontrolled Resource Consumption •