Graalvm@21.2.0 Security Vulnerabilities and Issues — Graalvm@21.2.0 CVE List

Lucene search

OracleGraalvm21.2.0

22 matches found

CVE•added 2021/08/16 7:15 p.m.•404 views

CVE-2021-22931

Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection v...

9.8CVSS9.9AI score0.00738EPSS

CVE•added 2021/10/20 11:16 a.m.•345 views

CVE-2021-35550

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attac...

7.1CVSS5.8AI score0.00089EPSS

CVE•added 2021/08/03 7:15 p.m.•333 views

CVE-2021-32803

The npm package "tar" (aka node-tar) before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in...

8.2CVSS7.6AI score0.00208EPSS

CVE•added 2021/10/20 11:16 a.m.•332 views

CVE-2021-35588

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u311, 8u301; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker wi...

3.1CVSS4.2AI score0.00087EPSS

CVE•added 2021/10/20 11:16 a.m.•326 views

CVE-2021-35578

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker w...

5.3CVSS5.1AI score0.00109EPSS

CVE•added 2021/10/20 11:16 a.m.•320 views

CVE-2021-35561

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Utility). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated ...

5.3CVSS5.1AI score0.00134EPSS

CVE•added 2021/10/20 11:16 a.m.•315 views

CVE-2021-35556

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated at...

5.3CVSS5AI score0.00104EPSS

CVE•added 2021/03/12 10:15 p.m.•311 views

CVE-2021-27290

ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.

7.5CVSS8.2AI score0.02665EPSS

CVE•added 2021/10/20 11:17 a.m.•308 views

CVE-2021-35603

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated a...

4.3CVSS4.2AI score0.00104EPSS

CVE•added 2021/10/20 11:16 a.m.•304 views

CVE-2021-35567

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows low privileged attack...

6.8CVSS6.6AI score0.00168EPSS

CVE•added 2021/08/31 5:15 p.m.•301 views

CVE-2021-37712

The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achiev...

8.6CVSS7.5AI score0.00023EPSS

CVE•added 2021/10/20 11:16 a.m.•298 views

CVE-2021-35564

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Keytool). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated ...

5.3CVSS5AI score0.00081EPSS

CVE•added 2021/08/03 7:15 p.m.•296 views

CVE-2021-32804

The npm package "tar" (aka node-tar) before versions 6.1.1, 5.0.6, 4.4.14, and 3.3.2 has a arbitrary File Creation/Overwrite vulnerability due to insufficient absolute path sanitization. node-tar aims to prevent extraction of absolute file paths by turning absolute paths into relative paths when th...

8.2CVSS7.6AI score0.87249EPSS

CVE•added 2021/10/20 11:16 a.m.•293 views

CVE-2021-35559

5.3CVSS5AI score0.00089EPSS

CVE•added 2021/10/20 11:16 a.m.•292 views

CVE-2021-35586

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated ...

5.3CVSS5.1AI score0.00127EPSS

CVE•added 2021/08/16 7:15 p.m.•289 views

CVE-2021-22939

If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted.

5.3CVSS7.4AI score0.00138EPSS

CVE•added 2021/10/20 11:16 a.m.•287 views

CVE-2021-35565

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacke...

5.3CVSS5AI score0.00116EPSS

CVE•added 2021/08/16 7:15 p.m.•284 views

CVE-2021-22940

Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.

7.5CVSS8.4AI score0.00349EPSS

CVE•added 2021/08/31 5:15 p.m.•273 views

CVE-2021-37701

The npm package "tar" (aka node-tar) before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieve...

8.6CVSS7.5AI score0.00021EPSS

CVE•added 2021/08/31 5:15 p.m.•167 views

CVE-2021-37713

The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be outside of the extraction target directory is not extracted. This is, ...

8.6CVSS7.3AI score0.00938EPSS

CVE•added 2021/08/31 5:15 p.m.•142 views

CVE-2021-39134

@npmcli/arborist, the library that calculates dependency trees and manages the node_modules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder....

8.2CVSS6.5AI score0.01288EPSS

CVE•added 2021/08/31 5:15 p.m.•142 views

CVE-2021-39135

8.2CVSS6.7AI score0.00211EPSS