Oracle Jdk vulnerabilities
778 known vulnerabilities affecting oracle/jdk.
Total CVEs
778
CISA KEV
8
actively exploited
Public exploits
25
Exploited in wild
10
Severity breakdown
CRITICAL196HIGH119MEDIUM343LOW118
Vulnerabilities
Page 37 of 39
CVE-2013-1489CRITICALCVSS 10.0v1.7.02013-01-31
CVE-2013-1489 [CRITICAL] CVE-2013-1489: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very High" security level of the Java Control Panel and execute unsigned Java code without prompting the user via unk
nvd
CVE-2013-1490MEDIUMCVSS 4.3v1.7.02013-01-31
CVE-2013-1490 [MEDIUM] CVE-2013-1490: Unspecified vulnerability in Oracle Java SE 7 Update 11 (JRE 1.7.0_11-b21) allows user-assisted remo
Unspecified vulnerability in Oracle Java SE 7 Update 11 (JRE 1.7.0_11-b21) allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors, aka "Issue 51," a different vulnerability than CVE-2013-0431. NOTE: as of 20130130, this vulnerability does not contain any independently-verifiable details, and there is no vendor acknow
nvd
CVE-2012-3174CRITICALCVSS 10.0v1.7.02013-01-14
CVE-2012-3174 [CRITICAL] CWE-264 CVE-2012-3174: Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote attackers to affect confid
Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0422. NOTE: some parties have mapped CVE-2012-3174 to an issue involving recursive use of the Reflection API, but that issue is already covered as part
nvd
CVE-2013-0422CRITICALCVSS 9.8KEVPoCv1.7.02013-01-10
CVE-2013-0422 [CRITICAL] CVE-2013-0422: Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitra
Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using the findClass method, and (2) using the Reflection API with r
nvd
CVE-2012-2739MEDIUMCVSS 5.0≤ 1.7.0v1.7.02012-11-28
CVE-2012-2739 [MEDIUM] CWE-310 CVE-2012-2739: Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 and 8 before build 39, computes
Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 and 8 before build 39, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
nvd
CVE-2012-5373MEDIUMCVSS 5.0≤ 1.7.02012-11-28
CVE-2012-5373 [MEDIUM] CVE-2012-5373: Oracle Java SE 7 and earlier, and OpenJDK 7 and earlier, computes hash values without properly restr
Oracle Java SE 7 and earlier, and OpenJDK 7 and earlier, computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision att
nvd
CVE-2012-1532CRITICALCVSS 10.0≤ 1.7.0v1.7.0+2 more2012-10-16
CVE-2012-1532 [CRITICAL] CVE-2012-1532: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier and 6 Update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
nvd
CVE-2012-5088CRITICALCVSS 10.0PoC≤ 1.7.0v1.7.02012-10-16
CVE-2012-5088 [CRITICAL] CVE-2012-5088: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
nvd
CVE-2012-1533CRITICALCVSS 10.0PoC≤ 1.7.0v1.7.0+2 more2012-10-16
CVE-2012-1533 [CRITICAL] CVE-2012-1533: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-3159.
nvd
CVE-2012-5083CRITICALCVSS 10.0≤ 1.7.0v1.7.0+4 more2012-10-16
CVE-2012-5083 [CRITICAL] CVE-2012-5083: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, 1.4.2_38 and earlier, and JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
nvd
CVE-2012-5086CRITICALCVSS 10.0≤ 1.7.0v1.7.0+2 more2012-10-16
CVE-2012-5086 [CRITICAL] CVE-2012-5086: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans.
nvd
CVE-2012-5087CRITICALCVSS 10.0≤ 1.7.0v1.7.02012-10-16
CVE-2012-5087 [CRITICAL] CVE-2012-5087: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans.
nvd
CVE-2012-3143CRITICALCVSS 10.0≤ 1.7.0v1.7.0+3 more2012-10-16
CVE-2012-3143 [CRITICAL] CVE-2012-3143: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX, a different vulnerability than CVE-2012-5089.
nvd
CVE-2012-1531CRITICALCVSS 10.0≤ 1.7.0v1.7.0+4 more2012-10-16
CVE-2012-1531 [CRITICAL] CVE-2012-1531: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier; and JavaFX 2.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
nvd
CVE-2012-3159HIGHCVSS 7.5≤ 1.7.0v1.7.0+2 more2012-10-16
CVE-2012-3159 [HIGH] CVE-2012-3159: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-1533.
nvd
CVE-2012-5084HIGHCVSS 7.6≤ 1.7.0v1.7.0+4 more2012-10-16
CVE-2012-5084 [HIGH] CVE-2012-5084: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing.
nvd
CVE-2012-5089HIGHCVSS 7.6≤ 1.7.0v1.7.0+4 more2012-10-16
CVE-2012-5089 [HIGH] CVE-2012-5089: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX, a different vulnerability than CVE-2012-3143.
nvd
CVE-2012-5068HIGHCVSS 7.5≤ 1.7.0v1.7.0+2 more2012-10-16
CVE-2012-5068 [HIGH] CVE-2012-5068: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
nvd
CVE-2012-5073MEDIUMCVSS 5.0≤ 1.7.0v1.7.0+4 more2012-10-16
CVE-2012-5073 [MEDIUM] CVE-2012-5073: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries, a different vulnerability than CVE-2012-5079.
nvd
CVE-2012-4416MEDIUMCVSS 6.4≤ 1.7.0v1.7.0+2 more2012-10-16
CVE-2012-4416 [MEDIUM] CVE-2012-4416: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Hotspot.
nvd