Vulnerabilities > Oracle > Graalvm > High

DATE CVE VULNERABILITY TITLE RISK
2020-07-15 CVE-2020-14718 Unspecified vulnerability in Oracle Graalvm 19.3.2/20.1.0
Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: JVMCI).
network
low complexity
oracle
7.2
2020-06-08 CVE-2020-8172 Improper Certificate Validation vulnerability in multiple products
TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0.
network
high complexity
nodejs oracle CWE-295
7.4
2020-06-03 CVE-2020-11080 In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. 7.5
2020-04-15 CVE-2020-2802 Unspecified vulnerability in Oracle Graalvm 19.3.1/20.0.0
Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: GraalVM Compiler).
network
low complexity
oracle
7.7
2020-03-30 CVE-2019-17561 Improper Verification of Cryptographic Signature vulnerability in multiple products
The "Apache NetBeans" autoupdate system does not fully validate code signatures.
network
low complexity
apache oracle CWE-347
7.5
2020-02-07 CVE-2019-15604 Improper Certificate Validation vulnerability in multiple products
Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate
network
low complexity
nodejs debian opensuse redhat oracle CWE-295
7.5
2020-01-15 CVE-2020-2604 Deserialization of Untrusted Data vulnerability in multiple products
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).
8.1
2019-12-13 CVE-2019-16776 Path Traversal vulnerability in multiple products
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write.
network
low complexity
npmjs opensuse oracle fedoraproject redhat CWE-22
8.1
2019-11-26 CVE-2019-16255 Code Injection vulnerability in multiple products
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data.
network
high complexity
ruby-lang debian opensuse oracle CWE-94
8.1
2019-10-16 CVE-2019-2986 Unspecified vulnerability in Oracle Graalvm 19.2.0
Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: LLVM Interpreter).
network
low complexity
oracle
7.7