Oracle Jdk vulnerabilities

778 known vulnerabilities affecting oracle/jdk.

Total CVEs

778

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL196HIGH119MEDIUM343LOW118

Vulnerabilities

Page 27 of 39

CVE-2014-0417CRITICALCVSS 9.3v1.5.0v1.6.02014-01-15

CVE-2014-0417 [CRITICAL] CVE-2014-0417: Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JavaFX 2.2.45; and Java SE Embed Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JavaFX 2.2.45; and Java SE Embedded 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

nvd

CVE-2013-5889CRITICALCVSS 9.3v1.6.02014-01-15

CVE-2013-5889 [CRITICAL] CVE-2013-5889: Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confiden Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5902, CVE-2014-0410, CVE-2014-0415, CVE-2014-0418, and CVE-2014-0424.

nvd

CVE-2014-0410CRITICALCVSS 10.0v1.6.02014-01-15

CVE-2014-0410 [CRITICAL] CVE-2014-0410: Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confiden Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-0415, CVE-2014-0418, and CVE-2014-0424.

nvd

CVE-2014-0422CRITICALCVSS 10.0v1.5.0v1.6.02014-01-15

CVE-2014-0422 [CRITICAL] CVE-2014-0422: Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJ Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to missing p

nvd

CVE-2014-0424HIGHCVSS 7.5v1.6.02014-01-15

CVE-2014-0424 [HIGH] CVE-2014-0424: Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confiden Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-0410, CVE-2014-0415, and CVE-2014-0418.

nvd

CVE-2013-5878HIGHCVSS 7.5v1.6.02014-01-15

CVE-2013-5878 [HIGH] CVE-2013-5878: Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allo Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the Security component does not pr

nvd

CVE-2014-0387HIGHCVSS 7.6v1.6.02014-01-15

CVE-2014-0387 [HIGH] CVE-2014-0387: Unspecified vulnerability in Oracle Java SE 6u65 and Java SE 7u45, when running on Firefox, allows r Unspecified vulnerability in Oracle Java SE 6u65 and Java SE 7u45, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

nvd

CVE-2014-0373HIGHCVSS 7.5v1.5.0v1.6.02014-01-15

CVE-2014-0373 [HIGH] CVE-2014-0373: Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and OpenJDK 7, allows remote att Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serviceability. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to throwing of an in

nvd

CVE-2014-0411MEDIUMCVSS 4.0v1.5.0v1.6.02014-01-15

CVE-2014-0411 [MEDIUM] CVE-2014-0411: Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Jav Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that this issue allows rem

nvd

CVE-2013-5905MEDIUMCVSS 5.1v1.5.0v1.6.0+1 more2014-01-15

CVE-2013-5905 [MEDIUM] CVE-2013-5905: Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45 allows remote attackers to affect Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install, a different vulnerability than CVE-2013-5906.

nvd

CVE-2014-0368MEDIUMCVSS 5.0v1.5.0v1.6.0+1 more2014-01-15

CVE-2014-0368 [MEDIUM] CVE-2014-0368: Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and Java SE Embedded 7u45, allow Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and Java SE Embedded 7u45, allows remote attackers to affect confidentiality via unknown vectors related to Networking. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to incorrect permission checks when lis

nvd

CVE-2013-5898MEDIUMCVSS 4.0v1.7.0v1.6.02014-01-15

CVE-2013-5898 [MEDIUM] CVE-2013-5898: Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confiden Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-0375 and CVE-2014-0403.

nvd

CVE-2013-5887MEDIUMCVSS 5.0v1.6.02014-01-15

CVE-2013-5887 [MEDIUM] CVE-2013-5887: Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect availabi Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect availability via unknown vectors related to Deployment.

nvd

CVE-2013-5902MEDIUMCVSS 5.1v1.7.0v1.6.02014-01-15

CVE-2013-5902 [MEDIUM] CVE-2013-5902: Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confiden Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2014-0410, CVE-2014-0415, CVE-2014-0418, and CVE-2014-0424.

nvd

CVE-2013-5888MEDIUMCVSS 4.6v1.6.02014-01-15

CVE-2013-5888 [MEDIUM] CVE-2013-5888: Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, when running with GNOME, allows local use Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, when running with GNOME, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

nvd

CVE-2013-5896MEDIUMCVSS 5.0v1.7.0v1.6.0+1 more2014-01-15

CVE-2013-5896 [MEDIUM] CVE-2013-5896: Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJ Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that com.sun.corba.se and its sub-packages are not included on the rest

nvd

CVE-2014-0376MEDIUMCVSS 5.0v1.7.0v1.6.0+1 more2014-01-15

CVE-2014-0376 [MEDIUM] CVE-2014-0376: Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJ Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAXP. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to an improper check for "code permissions when c

nvd

CVE-2014-0403MEDIUMCVSS 5.8v1.6.02014-01-15

CVE-2014-0403 [MEDIUM] CVE-2014-0403: Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confiden Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5898 and CVE-2014-0375.

nvd

CVE-2013-5910MEDIUMCVSS 5.0v1.6.0v1.7.02014-01-15

CVE-2013-5910 [MEDIUM] CVE-2013-5910: Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allo Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that CanonicalizerBase.java in the XML canonicalizer allows untrusted co

nvd

CVE-2014-0416MEDIUMCVSS 5.0v1.6.0v1.5.02014-01-15

CVE-2014-0416 [MEDIUM] CVE-2014-0416: Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJ Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAAS. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to how principals are set for the Subject class,

nvd

← Previous27 / 39Next →