Oracle

Graalvm

188 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.9

CVE-2021-23841

  • EPSS 0.96%
  • Veröffentlicht 16.02.2021 17:15:13
  • Zuletzt bearbeitet 21.11.2024 05:51:55

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while...

8.1

CVE-2020-8265

Exploit
  • EPSS 0.76%
  • Veröffentlicht 06.01.2021 21:15:14
  • Zuletzt bearbeitet 21.11.2024 05:38:37

Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap ...

6.5

CVE-2020-8287

Exploit
  • EPSS 11.87%
  • Veröffentlicht 06.01.2021 21:15:14
  • Zuletzt bearbeitet 21.11.2024 05:38:39

Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This c...

5.9

CVE-2020-1971

  • EPSS 0.35%
  • Veröffentlicht 08.12.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 05:11:45

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they...

5.5

CVE-2020-28928

  • EPSS 0.05%
  • Veröffentlicht 24.11.2020 18:15:12
  • Zuletzt bearbeitet 21.11.2024 05:23:18

In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow).

7.5

CVE-2020-8277

  • EPSS 59.17%
  • Veröffentlicht 19.11.2020 01:15:12
  • Zuletzt bearbeitet 21.11.2024 05:38:38

A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number...

9.8

CVE-2020-7774

Exploit
  • EPSS 0.47%
  • Veröffentlicht 17.11.2020 13:15:12
  • Zuletzt bearbeitet 21.11.2024 05:37:46

The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution.

5

CVE-2020-14803

  • EPSS 0.04%
  • Veröffentlicht 21.10.2020 15:15:20
  • Zuletzt bearbeitet 27.05.2025 16:40:04

Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocol...

7.2

CVE-2020-14718

  • EPSS 1.32%
  • Veröffentlicht 15.07.2020 18:15:35
  • Zuletzt bearbeitet 21.11.2024 05:03:58

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: JVMCI). Supported versions that are affected are 19.3.2 and 20.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via ...

7.4

CVE-2020-8172

Exploit
  • EPSS 1.18%
  • Veröffentlicht 08.06.2020 14:15:13
  • Zuletzt bearbeitet 21.11.2024 05:38:26

TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0.