10 results (0.002 seconds)

CVSS: 7.5EPSS: 8%CPEs: 38EXPL: 1

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. • https://github.com/irsl/CVE-2020-1967 http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.html http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html http://seclists.org/fulldisclosure/2020/May/5 http://www.openwall.com/lists/oss-security/2020/04/22/2 https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=eb563247aef3e83dda7679c43f9649270462e5b1 https:/&# • CWE-476: NULL Pointer Dereference •

CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0

Unspecified vulnerability in the PeopleSoft Enterprise HRMS - ePerformance component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. Vulnerabilidad no especificada en el componente PeopleSoft Enterprise HRMS - ePerformance en Oracle PeopleSoft Enterprise y JD Edwards EnterpriseOne 8.9.18 permite a usuarios remotamente autentificados afectar la confidencialidad e integridad mediante vectores desconocidos. • http://secunia.com/advisories/33525 http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html http://www.securityfocus.com/bid/33177 http://www.securitytracker.com/id?1021570 http://www.vupen.com/english/advisories/2009/0115 •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. Vulnerabildiad no especificada en el componente PeopleSoft Enterprise HRMS en Oracle PeopleSoft Enterprise y JD Edwards EnterpriseOne 8.9.18 permite a usuarios remotamente autentificados afectar la confidencialidad y la integridad, mediante vectores desconocidos. • http://secunia.com/advisories/33525 http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html http://www.securityfocus.com/bid/33177 http://www.securitytracker.com/id?1021570 http://www.vupen.com/english/advisories/2009/0115 •

CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0

Unspecified vulnerability in the JD Edwards Tools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.97.2.5 allows remote authenticated users to affect confidentiality via unknown vectors. Vulnerabilidad no especificada en el componente JD Edwards Tools de Oracle PeopleSoft Enterprise y JD Edwards EnterpriseOne 8.97.2.5, permite a usuarios autenticados en remoto comprometer la confidencialidad a través de vectores desconocidos. • http://secunia.com/advisories/33525 http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html http://www.securityfocus.com/bid/33177 http://www.vupen.com/english/advisories/2009/0115 •

CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0

Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.18 and 8.49.14 allows remote attackers to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the Oracle October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue allows bypass of the lockout mechanism using brute force guessing of credentials and a response discrepancy information leak when the password is correct. Vulnerabilidad no especificada en el componente PeopleTools en Oracle PeopleSoft Enterprise y JD Edwards EnterpriseOne v8.48.18 y v8.49.14 permite a atacantes remotos afectar a la confidencialidad e integridad a través de vectores desconocidos. • http://secunia.com/advisories/32291 http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html http://www.securityfocus.com/archive/1/497543/100/0/threaded http://www.securitytracker.com/id?1021055 http://www.vupen.com/english/advisories/2008/2825 https://exchange.xforce.ibmcloud.com/vulnerabilities/45902 •