Oracle

Graalvm

173 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2021-32804

  • EPSS 85.52%
  • Veröffentlicht 03.08.2021 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:07:46

The npm package "tar" (aka node-tar) before versions 6.1.1, 5.0.6, 4.4.14, and 3.3.2 has a arbitrary File Creation/Overwrite vulnerability due to insufficient absolute path sanitization. node-tar aims to prevent extraction of absolute file paths by t...

5.1

CVE-2021-2388

  • EPSS 0.69%
  • Veröffentlicht 21.07.2021 15:15:40
  • Zuletzt bearbeitet 27.05.2025 16:45:29

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult ...

4.3

CVE-2021-2369

  • EPSS 0.32%
  • Veröffentlicht 21.07.2021 15:15:31
  • Zuletzt bearbeitet 27.05.2025 16:44:57

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Library). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Eas...

4.3

CVE-2021-2341

  • EPSS 0.32%
  • Veröffentlicht 21.07.2021 15:15:17
  • Zuletzt bearbeitet 27.05.2025 16:47:32

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. ...

9.8

CVE-2021-29921

Exploit
  • EPSS 1.79%
  • Veröffentlicht 06.05.2021 13:15:12
  • Zuletzt bearbeitet 21.11.2024 06:01:59

In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.

4.3

CVE-2021-2161

  • EPSS 0.27%
  • Veröffentlicht 22.04.2021 22:15:13
  • Zuletzt bearbeitet 21.11.2024 06:02:30

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM E...

2.6

CVE-2021-2163

  • EPSS 0.12%
  • Veröffentlicht 22.04.2021 22:15:13
  • Zuletzt bearbeitet 21.11.2024 06:02:30

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM E...

5.9

CVE-2021-3449

  • EPSS 13.18%
  • Veröffentlicht 25.03.2021 15:15:13
  • Zuletzt bearbeitet 21.11.2024 06:21:33

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but incl...

7.4

CVE-2021-3450

  • EPSS 0.69%
  • Veröffentlicht 25.03.2021 15:15:13
  • Zuletzt bearbeitet 21.11.2024 06:21:33

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly ...

8.6

CVE-2021-21349

Exploit
  • EPSS 6.75%
  • Veröffentlicht 23.03.2021 00:15:13
  • Zuletzt bearbeitet 23.05.2025 17:42:48

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipul...