Oracle Jdk vulnerabilities
778 known vulnerabilities affecting oracle/jdk.
Total CVEs
778
CISA KEV
8
actively exploited
Public exploits
25
Exploited in wild
10
Severity breakdown
CRITICAL196HIGH119MEDIUM343LOW118
Vulnerabilities
Page 15 of 39
CVE-2017-10114HIGHCVSS 8.3v1.7.0v1.8.02017-08-08
CVE-2017-10114 [HIGH] CVE-2017-10114: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacke
nvd
CVE-2017-10125HIGHCVSS 7.1v1.7.0v1.8.02017-08-08
CVE-2017-10125 [HIGH] CVE-2017-10125: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versi
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows physical access to compromise Java SE. While the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerab
nvd
CVE-2017-10067HIGHCVSS 7.5v1.6.0v1.7.0+1 more2017-08-08
CVE-2017-10067 [HIGH] CVE-2017-10067: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported version
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than t
nvd
CVE-2017-10105MEDIUMCVSS 4.3v1.6.0v1.7.0+1 more2017-08-08
CVE-2017-10105 [MEDIUM] CVE-2017-10105: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versi
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than
nvd
CVE-2017-10108MEDIUMCVSS 5.3v1.6.0v1.7.0+1 more2017-08-08
CVE-2017-10108 [MEDIUM] CVE-2017-10108: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: S
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java
nvd
CVE-2017-10198MEDIUMCVSS 6.8v1.6.0v1.7.0+1 more2017-08-08
CVE-2017-10198 [MEDIUM] CVE-2017-10198: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: S
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE
nvd
CVE-2017-10243MEDIUMCVSS 6.5v1.6.0v1.7.0+1 more2017-08-08
CVE-2017-10243 [MEDIUM] CVE-2017-10243: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: J
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Ja
nvd
CVE-2017-10109MEDIUMCVSS 5.3v1.6.0v1.7.0+1 more2017-08-08
CVE-2017-10109 [MEDIUM] CVE-2017-10109: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: S
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java
nvd
CVE-2017-10135MEDIUMCVSS 5.9v1.6.0v1.7.0+1 more2017-08-08
CVE-2017-10135 [MEDIUM] CVE-2017-10135: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: J
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Jav
nvd
CVE-2017-10053MEDIUMCVSS 5.3v1.6.0v1.7.0+1 more2017-08-08
CVE-2017-10053 [MEDIUM] CVE-2017-10053: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java S
nvd
CVE-2017-10081MEDIUMCVSS 4.3v1.6.0v1.7.0+1 more2017-08-08
CVE-2017-10081 [MEDIUM] CVE-2017-10081: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot).
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful a
nvd
CVE-2017-10193LOWCVSS 3.1v1.6.0v1.7.0+1 more2017-08-08
CVE-2017-10193 [LOW] CVE-2017-10193: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security).
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful
nvd
CVE-2016-9841CRITICALCVSS 9.8v1.6.0v1.7.0+1 more2017-05-23
CVE-2016-9841 [CRITICAL] CVE-2016-9841: inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by levera
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
nvd
CVE-2016-9843CRITICALCVSS 9.8v1.6.0v1.7.0+1 more2017-05-23
CVE-2016-9843 [CRITICAL] CVE-2016-9843: The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unsp
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
nvd
CVE-2016-9842HIGHCVSS 8.8v1.6.0v1.7.0+1 more2017-05-23
CVE-2016-9842 [HIGH] CWE-1335 CVE-2016-9842: The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
nvd
CVE-2016-9840HIGHCVSS 8.8v1.6.0v1.7.0+1 more2017-05-23
CVE-2016-9840 [HIGH] CVE-2016-9840: inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by lever
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
nvd
CVE-2017-3512HIGHCVSS 8.3v1.7.0v1.8.02017-04-24
CVE-2017-3512 [HIGH] CVE-2017-3512: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions tha
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker an
nvd
CVE-2017-3514HIGHCVSS 8.3v1.6v1.7+1 more2017-04-24
CVE-2017-3514 [HIGH] CVE-2017-3514: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions tha
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the atta
nvd
CVE-2017-3511HIGHCVSS 7.7v1.6v1.7+1 more2017-04-24
CVE-2017-3511 [HIGH] CVE-2017-3511: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: J
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit execut
nvd
CVE-2017-3526MEDIUMCVSS 5.9v1.6v1.7+1 more2017-04-24
CVE-2017-3526 [MEDIUM] CVE-2017-3526: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: J
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java
nvd