Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Graalvm
(Oracle)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 138 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-02-24 | CVE-2021-44531 | Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js did not match the URI correctly.Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a... | Node\.js, Graalvm, Mysql_cluster, Mysql_connectors, Mysql_enterprise_monitor, Mysql_server, Mysql_workbench, Peoplesoft_enterprise_peopletools | 7.4 | ||
| 2022-01-19 | CVE-2022-21349 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 7u321, 8u311; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause... | Debian_linux, 7\-Mode_transition_tool, Cloud_insights, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Hci_management_node, Oncommand_insight, Oncommand_workflow_automation, Santricity_unified_manager, Snapmanager, Solidfire, Graalvm, Jdk, Jre, Openjdk | 5.3 | ||
| 2021-07-21 | CVE-2021-2388 | Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker.... | Debian_linux, Graalvm, Jdk | 7.5 | ||
| 2020-01-15 | CVE-2020-2595 | Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: GraalVM Compiler). The supported version that is affected is 19.3.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in... | Graalvm | 5.8 | ||
| 2021-08-03 | CVE-2021-32803 | The npm package "tar" (aka node-tar) before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. `node-tar` aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary `stat` calls to determine whether a given path is a directory, paths are... | Graalvm, Sinec_infrastructure_network_services, Tar | 8.1 | ||
| 2021-03-12 | CVE-2021-27290 | ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option. | Graalvm, Sinec_infrastructure_network_services, Ssri | 7.5 | ||
| 2019-10-16 | CVE-2019-2989 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this... | E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_unified_manager, E\-Series_santricity_web_services_proxy, Oncommand_workflow_automation, Snapmanager, Graalvm, Jdk, Jre, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 6.8 | ||
| 2020-06-08 | CVE-2020-8172 | TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0. | Node\.js, Banking_extensibility_workbench, Blockchain_platform, Graalvm, Mysql_cluster | 7.4 | ||
| 2020-01-15 | CVE-2020-2581 | Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: LLVM Interpreter). The supported version that is affected is 19.3.0.2. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle GraalVM Enterprise Edition executes to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle... | Graalvm | 4.0 | ||
| 2020-03-30 | CVE-2019-17561 | The "Apache NetBeans" autoupdate system does not fully validate code signatures. An attacker could modify the downloaded nbm and include additional code. "Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability. | Netbeans, Graalvm | 7.5 |