Oracle

Graalvm

176 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2020-8287

Exploit
  • EPSS 11.87%
  • Veröffentlicht 06.01.2021 21:15:14
  • Zuletzt bearbeitet 21.11.2024 05:38:39

Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This c...

5.9

CVE-2020-1971

  • EPSS 0.34%
  • Veröffentlicht 08.12.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 05:11:45

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they...

5.5

CVE-2020-28928

  • EPSS 0.05%
  • Veröffentlicht 24.11.2020 18:15:12
  • Zuletzt bearbeitet 21.11.2024 05:23:18

In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow).

7.5

CVE-2020-8277

  • EPSS 59.17%
  • Veröffentlicht 19.11.2020 01:15:12
  • Zuletzt bearbeitet 21.11.2024 05:38:38

A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number...

9.8

CVE-2020-7774

Exploit
  • EPSS 0.86%
  • Veröffentlicht 17.11.2020 13:15:12
  • Zuletzt bearbeitet 21.11.2024 05:37:46

The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution.

5

CVE-2020-14803

  • EPSS 0.04%
  • Veröffentlicht 21.10.2020 15:15:20
  • Zuletzt bearbeitet 27.05.2025 16:40:04

Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocol...

7.2

CVE-2020-14718

  • EPSS 1.32%
  • Veröffentlicht 15.07.2020 18:15:35
  • Zuletzt bearbeitet 21.11.2024 05:03:58

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: JVMCI). Supported versions that are affected are 19.3.2 and 20.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via ...

7.4

CVE-2020-8172

Exploit
  • EPSS 1.03%
  • Veröffentlicht 08.06.2020 14:15:13
  • Zuletzt bearbeitet 21.11.2024 05:38:26

TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0.

7.5

CVE-2020-11080

  • EPSS 0.68%
  • Veröffentlicht 03.06.2020 23:15:11
  • Zuletzt bearbeitet 21.11.2024 04:56:44

In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings e...

3.7

CVE-2020-2900

  • EPSS 0.3%
  • Veröffentlicht 15.04.2020 14:15:34
  • Zuletzt bearbeitet 21.11.2024 05:26:35

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: Tools). Supported versions that are affected are 19.3.1 and 20.0.0. Difficult to exploit vulnerability allows low privileged attacker with network access via...