Oracle Jdk vulnerabilities
778 known vulnerabilities affecting oracle/jdk.
Total CVEs
778
CISA KEV
8
actively exploited
Public exploits
23
Exploited in wild
10
Severity breakdown
CRITICAL196HIGH119MEDIUM343LOW118
Vulnerabilities
Page 13 of 39
CVE-2018-2663MEDIUMCVSS 4.3v1.6.0v1.7.0+2 more2018-01-18
CVE-2018-2663 [MEDIUM] CVE-2018-2663: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: L
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Jav
nvd
CVE-2018-2618MEDIUMCVSS 5.9v1.6.0v1.7.0+2 more2018-01-18
CVE-2018-2618 [MEDIUM] CVE-2018-2618: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: J
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE
nvd
CVE-2018-2677MEDIUMCVSS 4.3v1.6.0v1.7.0+2 more2018-01-18
CVE-2018-2677 [MEDIUM] CVE-2018-2677: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supp
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful
nvd
CVE-2018-2634MEDIUMCVSS 6.8v1.7.0v1.8.0+1 more2018-01-18
CVE-2018-2634 [MEDIUM] CVE-2018-2634: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JGSS). Sup
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vuln
nvd
CVE-2018-2629MEDIUMCVSS 5.3v1.6.0v1.7.0+2 more2018-01-18
CVE-2018-2629 [MEDIUM] CVE-2018-2629: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: J
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java S
nvd
CVE-2018-2582MEDIUMCVSS 6.5v1.8.0v9.0.12018-01-18
CVE-2018-2582 [MEDIUM] CVE-2018-2582: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot).
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks re
nvd
CVE-2018-2579LOWCVSS 3.7v1.6.0v1.7.0+2 more2018-01-18
CVE-2018-2579 [LOW] CVE-2018-2579: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: L
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java
nvd
CVE-2013-4578MEDIUMCVSS 5.3v1.7.0≤ 1.7.02017-12-29
CVE-2013-4578 [MEDIUM] CWE-74 CVE-2013-4578: jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing
jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation.
nvd
CVE-2017-10346CRITICALCVSS 9.6v1.6.0v1.7.0+2 more2017-10-19
CVE-2017-10346 [CRITICAL] CVE-2017-10346: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot).
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Success
nvd
CVE-2017-10285CRITICALCVSS 9.6v1.6.0v1.7.0+2 more2017-10-19
CVE-2017-10285 [CRITICAL] CVE-2017-10285: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supp
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful
nvd
CVE-2017-10388HIGHCVSS 7.5v1.6.0v1.7.0+2 more2017-10-19
CVE-2017-10388 [HIGH] CVE-2017-10388: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries)
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attac
nvd
CVE-2017-10309HIGHCVSS 7.1PoCv1.8.0v1.9.02017-10-19
CVE-2017-10309 [HIGH] CVE-2017-10309: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versi
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker
nvd
CVE-2017-10357MEDIUMCVSS 5.3v1.6.0v1.7.0+2 more2017-10-19
CVE-2017-10357 [MEDIUM] CVE-2017-10357: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serializat
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Su
nvd
CVE-2017-10350MEDIUMCVSS 5.3v1.7.0v1.8.0+1 more2017-10-19
CVE-2017-10350 [MEDIUM] CVE-2017-10350: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS). S
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attac
nvd
CVE-2017-10349MEDIUMCVSS 5.3v1.6.0v1.7.0+2 more2017-10-19
CVE-2017-10349 [MEDIUM] CVE-2017-10349: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Sup
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful
nvd
CVE-2017-10281MEDIUMCVSS 5.3v1.6.0v1.7.0+2 more2017-10-19
CVE-2017-10281 [MEDIUM] CVE-2017-10281: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: S
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise J
nvd
CVE-2017-10293MEDIUMCVSS 6.1v1.6.0v1.7.0+2 more2017-10-19
CVE-2017-10293 [MEDIUM] CVE-2017-10293: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Javadoc). Supported versions
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Javadoc). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE. Successful attacks require human interaction from a person other than the attacker
nvd
CVE-2017-10274MEDIUMCVSS 6.8v1.6.0v1.7.0+2 more2017-10-19
CVE-2017-10274 [MEDIUM] CVE-2017-10274: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Smart Card IO). Supported ve
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Smart Card IO). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person ot
nvd
CVE-2017-10355MEDIUMCVSS 5.3PoCv1.6.0v1.7.0+2 more2017-10-19
CVE-2017-10355 [MEDIUM] CVE-2017-10355: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: N
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java
nvd
CVE-2017-10295MEDIUMCVSS 4.0v1.6.0v1.7.0+2 more2017-10-19
CVE-2017-10295 [MEDIUM] CVE-2017-10295: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: N
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE, Java SE
nvd