Product:

Peoplesoft_enterprise_peopletools

(Oracle)
Repositories https://github.com/bcgit/bc-java
https://github.com/jquery/jquery
#Vulnerabilities 317
Date Id Summary Products Score Patch Annotated
2021-11-17 CVE-2021-41164 CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter (ACF) module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been recognized and patched. The fix will be available in version 4.17.0. Ckeditor, Drupal, Fedora, Agile_plm, Application_express, Banking_apis, Banking_digital_experience, Commerce_guided_search, Peoplesoft_enterprise_peopletools, Webcenter_portal 5.4
2022-03-16 CVE-2022-24728 CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. This problem has been patched in version 4.18.0. There are currently no known workarounds. Ckeditor, Drupal, Fedora, Application_express, Commerce_merchandising, Financial_services_analytical_applications_infrastructure, Financial_services_behavior_detection_platform, Financial_services_trade\-Based_anti_money_laundering, Peoplesoft_enterprise_peopletools 5.4
2022-03-16 CVE-2022-24729 CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds. Ckeditor, Drupal, Fedora, Application_express, Commerce_merchandising, Financial_services_analytical_applications_infrastructure, Financial_services_behavior_detection_platform, Financial_services_trade\-Based_anti_money_laundering, Peoplesoft_enterprise_peopletools 7.5
2021-08-18 CVE-2021-37714 jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available... Jsoup, Management_services_for_element_software_and_netapp_hci, Banking_trade_finance, Banking_treasury_management, Business_process_management_suite, Communications_messaging_server, Financial_services_crime_and_compliance_management_studio, Flexcube_universal_banking, Hospitality_token_proxy_service, Middleware_common_libraries_and_tools, Peoplesoft_enterprise_peopletools, Primavera_unifier, Retail_customer_management_and_segmentation_foundation, Stream_analytics, Webcenter_portal, Quarkus 7.5
2021-01-14 CVE-2021-23926 The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0. Xmlbeans, Debian_linux, Oncommand_unified_manager_core_package, Snap_creator_framework, Snapmanager, Middleware_common_libraries_and_tools, Peoplesoft_enterprise_peopletools 9.1
2021-08-24 CVE-2021-3712 ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the... Debian_linux, Epolicy_orchestrator, Clustered_data_ontap, Clustered_data_ontap_antivirus_connector, E\-Series_santricity_os_controller, Hci_management_node, Manageability_software_development_kit, Santricity_smi\-S_provider, Solidfire, Storage_encryption, Openssl, Communications_cloud_native_core_console, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_unified_data_repository, Communications_session_border_controller, Communications_unified_session_manager, Enterprise_communications_broker, Enterprise_session_border_controller, Essbase, Health_sciences_inform_publisher, Jd_edwards_enterpriseone_tools, Jd_edwards_world_security, Mysql_connectors, Mysql_enterprise_monitor, Mysql_server, Mysql_workbench, Peoplesoft_enterprise_peopletools, Secure_backup, Zfs_storage_appliance_kit, Sinec_infrastructure_network_services, Nessus_network_monitor, Tenable\.sc 7.4
2021-08-24 CVE-2021-3711 In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out"... Debian_linux, Active_iq_unified_manager, Clustered_data_ontap, Clustered_data_ontap_antivirus_connector, E\-Series_santricity_os_controller, Hci_management_node, Manageability_software_development_kit, Oncommand_insight, Oncommand_workflow_automation, Santricity_smi\-S_provider, Snapcenter, Solidfire, Storage_encryption, Openssl, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_unified_data_repository, Communications_session_border_controller, Communications_unified_session_manager, Enterprise_communications_broker, Enterprise_session_border_controller, Essbase, Health_sciences_inform_publisher, Jd_edwards_enterpriseone_tools, Jd_edwards_world_security, Mysql_connectors, Mysql_enterprise_monitor, Mysql_server, Peoplesoft_enterprise_peopletools, Zfs_storage_appliance_kit, Nessus_network_monitor, Tenable\.sc 9.8
2022-01-24 CVE-2022-23437 There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions. Xerces\-J, Active_iq_unified_manager, Agile_engineering_data_management, Agile_plm, Banking_deposits_and_lines_of_credit_servicing, Banking_party_management, Communications_asap, Communications_element_manager, Communications_session_report_manager, Communications_session_route_manager, Financial_services_analytical_applications_infrastructure, Financial_services_behavior_detection_platform, Financial_services_crime_and_compliance_management_studio, Financial_services_enterprise_case_management, Flexcube_universal_banking, Global_lifecycle_management_nextgen_oui_framework, Global_lifecycle_management_opatch, Health_sciences_information_manager, Ilearning, Peoplesoft_enterprise_peopletools, Primavera_gateway, Product_lifecycle_analytics, Retail_bulk_data_integration, Retail_extract_transform_and_load, Retail_financial_integration, Retail_integration_bus, Retail_merchandising_system, Retail_service_backbone, Weblogic_server 6.5
2022-03-11 CVE-2020-36518 jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. Debian_linux, Jackson\-Databind, Active_iq_unified_manager, Cloud_insights_acquisition_unit, Oncommand_insight, Oncommand_workflow_automation, Snap_creator_framework, Big_data_spatial_and_graph, Coherence, Commerce_platform, Communications_billing_and_revenue_management, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_console, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_network_slice_selection_function, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_service_communication_proxy, Communications_cloud_native_core_unified_data_repository, Financial_services_analytical_applications_infrastructure, Financial_services_behavior_detection_platform, Financial_services_crime_and_compliance_management_studio, Financial_services_enterprise_case_management, Financial_services_trade\-Based_anti_money_laundering, Global_lifecycle_management_nextgen_oui_framework, Global_lifecycle_management_opatch, Graph_server_and_client, Health_sciences_empirica_signal, Peoplesoft_enterprise_peopletools, Primavera_gateway, Primavera_p6_enterprise_project_portfolio_management, Primavera_unifier, Retail_sales_audit, Sd\-Wan_edge, Spatial_studio, Utilities_framework, Weblogic_server 7.5
2020-09-09 CVE-2020-1968 The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH... Ubuntu_linux, Debian_linux, M10\-1_firmware, M10\-4_firmware, M10\-4s_firmware, M12\-1_firmware, M12\-2_firmware, M12\-2s_firmware, Openssl, Ethernet_switch_es1\-24_firmware, Ethernet_switch_es2\-64_firmware, Ethernet_switch_es2\-72_firmware, Ethernet_switch_tor\-72_firmware, Jd_edwards_world_security, Peoplesoft_enterprise_peopletools 3.7