Oracle

Graalvm

173 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2021-32804

  • EPSS 85.52%
  • Published 03.08.2021 19:15:08
  • Last modified 21.11.2024 06:07:46

The npm package "tar" (aka node-tar) before versions 6.1.1, 5.0.6, 4.4.14, and 3.3.2 has a arbitrary File Creation/Overwrite vulnerability due to insufficient absolute path sanitization. node-tar aims to prevent extraction of absolute file paths by t...

5.1

CVE-2021-2388

  • EPSS 0.69%
  • Published 21.07.2021 15:15:40
  • Last modified 27.05.2025 16:45:29

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult ...

4.3

CVE-2021-2369

  • EPSS 0.32%
  • Published 21.07.2021 15:15:31
  • Last modified 27.05.2025 16:44:57

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Library). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Eas...

4.3

CVE-2021-2341

  • EPSS 0.32%
  • Published 21.07.2021 15:15:17
  • Last modified 27.05.2025 16:47:32

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. ...

9.8

CVE-2021-29921

Exploit
  • EPSS 1.79%
  • Published 06.05.2021 13:15:12
  • Last modified 21.11.2024 06:01:59

In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.

4.3

CVE-2021-2161

  • EPSS 0.27%
  • Published 22.04.2021 22:15:13
  • Last modified 21.11.2024 06:02:30

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM E...

2.6

CVE-2021-2163

  • EPSS 0.12%
  • Published 22.04.2021 22:15:13
  • Last modified 21.11.2024 06:02:30

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM E...

5.9

CVE-2021-3449

  • EPSS 13.18%
  • Published 25.03.2021 15:15:13
  • Last modified 21.11.2024 06:21:33

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but incl...

7.4

CVE-2021-3450

  • EPSS 0.69%
  • Published 25.03.2021 15:15:13
  • Last modified 21.11.2024 06:21:33

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly ...

8.6

CVE-2021-21349

Exploit
  • EPSS 6.75%
  • Published 23.03.2021 00:15:13
  • Last modified 23.05.2025 17:42:48

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipul...