Graalvm@20.3.1.2 Security Vulnerabilities and Issues — Graalvm@20.3.1.2 CVE List

Lucene search

OracleGraalvm20.3.1.2

10 matches found

CVE•added 2021/02/16 5:15 p.m.•1913 views

CVE-2021-23841

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if t...

5.9CVSS7AI score0.0065EPSS

CVE•added 2021/04/22 10:15 p.m.•774 views

CVE-2021-2163

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2....

5.3CVSS4.8AI score0.00109EPSS

CVE•added 2021/03/25 3:15 p.m.•750 views

CVE-2021-3449

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a...

5.9CVSS6.7AI score0.11133EPSS

CVE•added 2021/02/16 5:15 p.m.•719 views

CVE-2021-23840

Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating succ...

7.5CVSS8AI score0.00891EPSS

CVE•added 2021/03/25 3:15 p.m.•518 views

CVE-2021-3450

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an...

7.4CVSS7.6AI score0.00547EPSS

CVE•added 2020/11/17 1:15 p.m.•353 views

CVE-2020-7774

The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution.

9.8CVSS8.5AI score0.00676EPSS

CVE•added 2021/04/22 10:15 p.m.•350 views

CVE-2021-2161

5.9CVSS5.3AI score0.00325EPSS

CVE•added 2021/03/03 6:15 p.m.•308 views

CVE-2021-22884

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS ...

7.5CVSS7.5AI score0.01088EPSS

CVE•added 2021/03/03 6:15 p.m.•304 views

CVE-2021-22883

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable ...

7.8CVSS7.4AI score0.87361EPSS

CVE•added 2021/02/16 5:15 p.m.•228 views

CVE-2021-23839

OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater than...

4.3CVSS5.5AI score0.00257EPSS