CPE-72CADAA8-36E6-47DC-B9D6-3B73A9D9035E Detail

CPE Details

Oracle GraalVM 19.3.2 Enterprise Edition

Vendor

oracle

Product

graalvm

Version

19.3.2

Created

2020-04-16
16h02 +00:00

Modified

2020-04-16
16h02 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:oracle:graalvm:19.3.2::::enterprise:::

Informations

Vendor

oracle

Product

graalvm

Version

19.3.2

Software Edition

enterprise

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2020-14718	2020-07-15 15h34 +00:00	Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: JVMCI). Supported versions that are affected are 19.3.2 and 20.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle GraalVM Enterprise Edition. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).	7.2	High
CVE-2020-8172	2020-06-08 11h08 +00:00	TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0.	7.4	High
CVE-2020-11080	2020-06-02 22h00 +00:00	In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection.	7.5	High
CVE-2019-17561	2020-03-30 16h44 +00:00	The "Apache NetBeans" autoupdate system does not fully validate code signatures. An attacker could modify the downloaded nbm and include additional code. "Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability.	7.5	High
CVE-2019-17560	2020-03-30 16h39 +00:00	The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads. This allows an attacker to intercept downloads of autoupdates and modify the download, potentially injecting malicious code. “Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability.	9.1	Critical

Oracle GraalVM 19.3.2 Enterprise Edition

CPE Details

CPE Name: cpe:2.3:a:oracle:graalvm:19.3.2:*:*:*:enterprise:*:*:*

Informations

Vendor

Product

Version

Software Edition

Related CVE

CPE Name: cpe:2.3:a:oracle:graalvm:19.3.2::::enterprise:::