Oracle PeopleSoft 安全漏洞

Oracle PeopleSoft is a suite of enterprise human capital management solutions from Oracle Corporation USA. The product provides human capital management, financial management, vendor relationship management, and other capabilities. A security vulnerability exists in Oracle PeopleSoft's PeopleSoft...

Linux Distros Unpatched Vulnerability : CVE-2022-21485

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 7.4.35 and prior, 7.5.25 and...

OpenJDK: Pack200 excessive memory allocation (8322114)

A flaw was found in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Concurrency. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition...

OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

SUSE CVE-2021-35586

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: ImageIO. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

PT-2022-16903 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to the latest stable, beta and tests-passed versions Description: The issue affects Discourse, an open source platform for community discussion. An attacker can poison the cache for anonymous users, causing them to se...

OpenJDK: Insufficient checks when deserializing exceptions in ObjectInputStream (Serialization, 8272236)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability...

UBUNTU-CVE-2021-2010

Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise...

CVE-2020-2630

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Extensibility Framework. Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to...

CVE-2020-2558

Vulnerability in the Oracle Solaris product of Oracle Systems component: Kernel. The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMB to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris,...

CVE-2018-2774

Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products subcomponent: SQR. Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...

JDK: unspecified vulnerability fixed in 8u151 and 9.0.1 (Deployment)

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Deployment. Supported versions that are affected are Java SE: 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks...

CVE-2016-2515

Hawk before 3.1.3 and 4.x before 4.1.1 allow remote attackers to cause a denial of service CPU consumption or partial outage via a long 1 header or 2 URI that is matched against an improper regular expression...

CVE-2015-0217

filter/mediaplugin/filter.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to cause a denial of service CPU consumption or partial outage via a crafted string that is matched against an improper regular expression...

Input validation

filter/mediaplugin/filter.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to cause a denial of service CPU consumption or partial outage via a crafted string that is matched against an improper regular expression...

CVE-2015-2268

CVE-2015-2268 affects Moodle’s filter/urltolink/filter.php across multiple branches (2.5.9, 2.6.x prior to 2.6.9, 2.7.x prior to 2.7.6, 2.8.x prior to 2.8.4). The vulnerability allows remote authenticated users to cause a denial of service (CPU consumption or partial outage) via a crafted string ...