Vulnerabilities > Oracle > Graalvm

DATE CVE VULNERABILITY TITLE RISK
2020-07-15 CVE-2020-14718 Unspecified vulnerability in Oracle Graalvm 19.3.2/20.1.0
Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: JVMCI).
network
low complexity
oracle
7.2
2020-06-08 CVE-2020-8172 Improper Certificate Validation vulnerability in multiple products
TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0.
network
high complexity
nodejs oracle CWE-295
7.4
2020-06-03 CVE-2020-11080 In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. 7.5
2020-04-15 CVE-2020-2900 Unspecified vulnerability in Oracle Graalvm 19.3.1/20.0.0
Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: Tools).
network
high complexity
oracle
3.7
2020-04-15 CVE-2020-2802 Unspecified vulnerability in Oracle Graalvm 19.3.1/20.0.0
Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: GraalVM Compiler).
network
low complexity
oracle
7.7
2020-04-15 CVE-2020-2799 Unspecified vulnerability in Oracle Graalvm 19.3.1/20.0.0
Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: GraalVM Compiler).
network
high complexity
oracle
6.3
2020-03-30 CVE-2019-17561 Improper Verification of Cryptographic Signature vulnerability in multiple products
The "Apache NetBeans" autoupdate system does not fully validate code signatures.
network
low complexity
apache oracle CWE-347
7.5
2020-03-30 CVE-2019-17560 Improper Certificate Validation vulnerability in multiple products
The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads.
network
low complexity
apache oracle CWE-295
critical
9.1
2020-02-07 CVE-2019-15606 Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons
network
low complexity
nodejs oracle debian redhat opensuse
critical
9.8
2020-02-07 CVE-2019-15605 HTTP Request Smuggling vulnerability in multiple products
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed
network
low complexity
nodejs debian fedoraproject opensuse redhat oracle CWE-444
critical
9.8