Oracle Jre vulnerabilities
790 known vulnerabilities affecting oracle/jre.
Total CVEs
790
CISA KEV
14
actively exploited
Public exploits
32
Exploited in wild
16
Severity breakdown
CRITICAL205HIGH119MEDIUM346LOW118
Vulnerabilities
Page 15 of 40
CVE-2017-10081MEDIUMCVSS 4.3v1.6.0v1.7.0+1 more2017-08-08
CVE-2017-10081 [MEDIUM] CVE-2017-10081: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot).
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful a
nvd
CVE-2017-10193LOWCVSS 3.1v1.6.0v1.7.0+1 more2017-08-08
CVE-2017-10193 [LOW] CVE-2017-10193: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security).
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful
nvd
CVE-2016-9841CRITICALCVSS 9.8v1.6.0v1.7.0+1 more2017-05-23
CVE-2016-9841 [CRITICAL] CVE-2016-9841: inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by levera
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
nvd
CVE-2016-9843CRITICALCVSS 9.8v1.6.0v1.7.0+1 more2017-05-23
CVE-2016-9843 [CRITICAL] CVE-2016-9843: The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unsp
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
nvd
CVE-2016-9842HIGHCVSS 8.8v1.6.0v1.7.0+1 more2017-05-23
CVE-2016-9842 [HIGH] CWE-1335 CVE-2016-9842: The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
nvd
CVE-2016-9840HIGHCVSS 8.8v1.6.0v1.7.0+1 more2017-05-23
CVE-2016-9840 [HIGH] CVE-2016-9840: inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by lever
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
nvd
CVE-2017-3512HIGHCVSS 8.3v1.7.0v1.8.02017-04-24
CVE-2017-3512 [HIGH] CVE-2017-3512: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions tha
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker an
nvd
CVE-2017-3514HIGHCVSS 8.3v1.6v1.7+1 more2017-04-24
CVE-2017-3514 [HIGH] CVE-2017-3514: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions tha
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the atta
nvd
CVE-2017-3511HIGHCVSS 7.7v1.6v1.7+1 more2017-04-24
CVE-2017-3511 [HIGH] CVE-2017-3511: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: J
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit execut
nvd
CVE-2017-3526MEDIUMCVSS 5.9v1.6v1.7+1 more2017-04-24
CVE-2017-3526 [MEDIUM] CVE-2017-3526: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: J
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java
nvd
CVE-2017-3509MEDIUMCVSS 4.2v1.6v1.7+1 more2017-04-24
CVE-2017-3509 [MEDIUM] CVE-2017-3509: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successf
nvd
CVE-2017-3539LOWCVSS 3.1v1.6.0v1.7.0+1 more2017-04-24
CVE-2017-3539 [LOW] CVE-2017-3539: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security).
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful at
nvd
CVE-2017-3533LOWCVSS 3.7v1.6.0v1.7.0+1 more2017-04-24
CVE-2017-3533 [LOW] CVE-2017-3533: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: N
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via FTP to compromise Java SE, Java SE Embedded
nvd
CVE-2017-3544LOWCVSS 3.7v1.6.0v1.7.0+1 more2017-04-24
CVE-2017-3544 [LOW] CVE-2017-3544: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: N
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTP to compromise Java SE, Java SE Embedde
nvd
CVE-2017-3289CRITICALCVSS 9.6v1.7v1.82017-01-27
CVE-2017-3289 [CRITICAL] CVE-2017-3289: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot).
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks
nvd
CVE-2017-3272CRITICALCVSS 9.6v1.6v1.7+1 more2017-01-27
CVE-2017-3272 [CRITICAL] CVE-2017-3272: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries)
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successfu
nvd
CVE-2017-3241CRITICALCVSS 9.0PoCv1.6v1.7+1 more2017-01-27
CVE-2017-3241 [CRITICAL] CWE-20 CVE-2017-3241: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: R
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java
nvd
CVE-2017-3260HIGHCVSS 8.3v1.7v1.82017-01-27
CVE-2017-3260 [HIGH] CVE-2017-3260: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions tha
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u121 and 8u112. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker an
nvd
CVE-2017-3253HIGHCVSS 7.5v1.6v1.7+1 more2017-01-27
CVE-2017-3253 [HIGH] CVE-2017-3253: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Em
nvd
CVE-2016-5546HIGHCVSS 7.5v1.6v1.7+1 more2017-01-27
CVE-2016-5546 [HIGH] CVE-2016-5546: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: L
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Jav
nvd