CVSS: 5.9EPSS: 4%CPEs: 180EXPL: 0CVE-2019-1559 – 0-byte record padding oracle
https://notcve.org/view.php?id=CVE-2019-1559
26 Feb 2019 — If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order ... • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html • CWE-203: Observable Discrepancy CWE-325: Missing Cryptographic Step •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2019-2404
https://notcve.org/view.php?id=CVE-2019-2404
16 Jan 2019 — Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality i... • http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2019-2405
https://notcve.org/view.php?id=CVE-2019-2405
16 Jan 2019 — Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Security). Supported versions that are affected are 8.55, 8.56 and 8.57. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2019-2408
https://notcve.org/view.php?id=CVE-2019-2408
16 Jan 2019 — Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Feeds). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft... • http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html •
CVSS: 8.8EPSS: 2%CPEs: 3EXPL: 0CVE-2019-2416
https://notcve.org/view.php?id=CVE-2019-2416
16 Jan 2019 — Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Application Server). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impact... • http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-2417
https://notcve.org/view.php?id=CVE-2019-2417
16 Jan 2019 — Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Performance Monitor). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as una... • http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2019-2423
https://notcve.org/view.php?id=CVE-2019-2423
16 Jan 2019 — Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Search). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact... • http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html •
CVSS: 7.2EPSS: 1%CPEs: 3EXPL: 0CVE-2019-2433
https://notcve.org/view.php?id=CVE-2019-2433
16 Jan 2019 — Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: XML Publisher). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2019-2439
https://notcve.org/view.php?id=CVE-2019-2439
16 Jan 2019 — Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact add... • http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2019-2442
https://notcve.org/view.php?id=CVE-2019-2442
16 Jan 2019 — Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Fluid Core). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact... • http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html •