Graalvm

DATE	CVE	VULNERABILITY TITLE	RISK
2020-03-30	CVE-2019-17560	Improper Certificate Validation vulnerability in multiple products The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads. network low complexity apache oracle CWE-295 critical	9.1
2020-02-07	CVE-2019-15606	Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons network low complexity nodejs oracle debian redhat opensuse critical	9.8
2020-02-07	CVE-2019-15605	HTTP Request Smuggling vulnerability in multiple products HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed network low complexity nodejs debian fedoraproject opensuse redhat oracle CWE-444 critical	9.8
2020-02-07	CVE-2019-15604	Improper Certificate Validation vulnerability in multiple products Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate network low complexity nodejs debian opensuse redhat oracle CWE-295	7.5
2020-01-15	CVE-2020-2604	Deserialization of Untrusted Data vulnerability in multiple products Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). network high complexity oracle redhat debian canonical opensuse netapp mcafee CWE-502	8.1
2020-01-15	CVE-2020-2595	Unspecified vulnerability in Oracle Graalvm 19.3.0.2 Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: GraalVM Compiler). network low complexity oracle	5.8
2020-01-15	CVE-2020-2581	Unspecified vulnerability in Oracle Graalvm 19.3.0.2 Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: LLVM Interpreter). local low complexity oracle	4.0
2019-12-13	CVE-2019-16777	Improper Privilege Management vulnerability in multiple products Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. network low complexity npmjs opensuse oracle fedoraproject redhat CWE-269	6.5
2019-12-13	CVE-2019-16776	Path Traversal vulnerability in multiple products Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. network low complexity npmjs opensuse oracle fedoraproject redhat CWE-22	8.1
2019-12-13	CVE-2019-16775	UNIX Symbolic Link (Symlink) Following vulnerability in multiple products Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. network low complexity redhat npmjs opensuse oracle fedoraproject CWE-61	6.5