High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-06-03	CVE-2020-11080	Improper Enforcement of Message or Data Structure vulnerability in multiple products In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. network low complexity nghttp2 debian opensuse fedoraproject oracle nodejs CWE-707	7.5
2020-04-15	CVE-2020-2802	Unspecified vulnerability in Oracle Graalvm 19.3.1/20.0.0 Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: GraalVM Compiler). network low complexity oracle	7.7
2020-03-30	CVE-2019-17561	Improper Verification of Cryptographic Signature vulnerability in multiple products The "Apache NetBeans" autoupdate system does not fully validate code signatures. network low complexity apache oracle CWE-347	7.5
2020-02-07	CVE-2019-15604	Improper Certificate Validation vulnerability in multiple products Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate network low complexity nodejs debian opensuse redhat oracle CWE-295	7.5
2020-01-15	CVE-2020-2604	Deserialization of Untrusted Data vulnerability in multiple products Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). network high complexity oracle redhat debian canonical opensuse netapp mcafee CWE-502	8.1
2019-12-13	CVE-2019-16776	Path Traversal vulnerability in multiple products Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. network low complexity npmjs opensuse oracle fedoraproject redhat CWE-22	8.1
2019-11-26	CVE-2019-16255	Code Injection vulnerability in multiple products Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. network high complexity ruby-lang debian opensuse oracle CWE-94	8.1
2019-10-16	CVE-2019-2986	Unspecified vulnerability in Oracle Graalvm 19.2.0 Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: LLVM Interpreter). network low complexity oracle	7.7
2019-08-13	CVE-2019-9518	Allocation of Resources Without Limits or Throttling vulnerability in multiple products Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. network low complexity apple apache canonical debian synology fedoraproject opensuse redhat oracle mcafee nodejs CWE-770	7.5
2019-08-13	CVE-2019-9517	Allocation of Resources Without Limits or Throttling vulnerability in multiple products Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. network low complexity apple apache canonical debian synology fedoraproject opensuse redhat oracle mcafee netapp nodejs CWE-770	7.5