Vulnerabilities > Oracle > Graalvm
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-19 | CVE-2020-8277 | Resource Exhaustion vulnerability in multiple products A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. | 7.5 |
| 2020-11-17 | CVE-2020-7774 | The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution. | 9.8 |
| 2020-10-21 | CVE-2020-14803 | Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). | 5.3 |
| 2020-07-15 | CVE-2020-14718 | Unspecified vulnerability in Oracle Graalvm 19.3.2/20.1.0 Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: JVMCI). | 7.2 |
| 2020-06-08 | CVE-2020-8172 | Improper Certificate Validation vulnerability in multiple products TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0. | 7.4 |
| 2020-06-03 | CVE-2020-11080 | Improper Enforcement of Message or Data Structure vulnerability in multiple products In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. | 7.5 |
| 2020-04-15 | CVE-2020-2900 | Unspecified vulnerability in Oracle Graalvm 19.3.1/20.0.0 Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: Tools). | 3.7 |
| 2020-04-15 | CVE-2020-2802 | Unspecified vulnerability in Oracle Graalvm 19.3.1/20.0.0 Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: GraalVM Compiler). | 7.7 |
| 2020-04-15 | CVE-2020-2799 | Unspecified vulnerability in Oracle Graalvm 19.3.1/20.0.0 Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: GraalVM Compiler). | 6.3 |
| 2020-03-30 | CVE-2019-17561 | Improper Verification of Cryptographic Signature vulnerability in multiple products The "Apache NetBeans" autoupdate system does not fully validate code signatures. | 7.5 |