Oracle Jre vulnerabilities
790 known vulnerabilities affecting oracle/jre.
Total CVEs
790
CISA KEV
14
actively exploited
Public exploits
32
Exploited in wild
16
Severity breakdown
CRITICAL205HIGH119MEDIUM346LOW118
Vulnerabilities
Page 34 of 40
CVE-2013-1564MEDIUMCVSS 5.0≤ 1.7.0v1.7.02013-04-17
CVE-2013-1564 [MEDIUM] CVE-2013-1564: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect integrity via unknown vectors related to JavaFX.
nvd
CVE-2013-2424MEDIUMCVSS 5.0≤ 1.5.0v1.5.0+4 more2013-04-17
CVE-2013-2424 [MEDIUM] CVE-2013-2424: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality via vectors related to JMX. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on cl
nvd
CVE-2013-2419MEDIUMCVSS 5.0PoC≤ 1.7.0v1.7.0+4 more2013-04-17
CVE-2013-2419 [MEDIUM] CVE-2013-2419: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented o
nvd
CVE-2013-2438MEDIUMCVSS 5.0≤ 1.7.0v1.7.02013-04-17
CVE-2013-2438 [MEDIUM] CVE-2013-2438: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect integrity via unknown vectors related to JavaFX.
nvd
CVE-2013-2418MEDIUMCVSS 4.6≤ 1.7.0v1.7.0+2 more2013-04-17
CVE-2013-2418 [MEDIUM] CVE-2013-2418: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
nvd
CVE-2013-2417MEDIUMCVSS 5.0≤ 1.7.0v1.7.0+4 more2013-04-17
CVE-2013-2417 [MEDIUM] CVE-2013-2417: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to Networking. NOTE: the previous information is from the April 2013 CPU. Oracle has not com
nvd
CVE-2013-2439MEDIUMCVSS 6.9≤ 1.7.0v1.7.0+4 more2013-04-17
CVE-2013-2439 [MEDIUM] CVE-2013-2439: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Install.
nvd
CVE-2013-1561MEDIUMCVSS 5.0≤ 1.7.0v1.7.02013-04-17
CVE-2013-1561 [MEDIUM] CVE-2013-1561: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality via unknown vectors related to JavaFX.
nvd
CVE-2013-2416MEDIUMCVSS 4.3PoC≤ 1.7.0v1.7.02013-04-17
CVE-2013-2416 [MEDIUM] CVE-2013-2416: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.
nvd
CVE-2013-2433MEDIUMCVSS 4.3≤ 1.7.0v1.7.0+2 more2013-04-17
CVE-2013-2433 [MEDIUM] CVE-2013-2433: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-1540.
nvd
CVE-2013-2415LOWCVSS 2.1≤ 1.7.0v1.7.02013-04-17
CVE-2013-2415 [LOW] CVE-2013-2415: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows local users to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "proce
nvd
CVE-2013-2423LOWCVSS 3.7KEVPoCv1.7.02013-04-17
CVE-2013-2423 [LOW] CWE-284 CVE-2013-2423: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from the original researcher that this vulnera
nvd
CVE-2013-0401CRITICALCVSS 10.0v1.7.02013-03-08
CVE-2013-0401 [CRITICAL] CWE-94 CVE-2013-0401: The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43
The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to execute arbitrary code via vectors related to AWT, as demonstrated by Ben Murphy during a Pwn2Own competition at CanSecWest 2013. NOTE: the previous information
nvd
CVE-2013-1488CRITICALCVSS 10.0PoCv1.7.02013-03-08
CVE-2013-1488 [CRITICAL] CWE-94 CVE-2013-1488: The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK
The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the JDBC driver manager, as demonstrated by James Forshaw during a Pwn2Own competition at CanSecWest 2013.
nvd
CVE-2013-0402CRITICALCVSS 10.0v1.7.02013-03-08
CVE-2013-0402 [CRITICAL] CWE-119 CVE-2013-0402: Heap-based buffer overflow in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Updat
Heap-based buffer overflow in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to execute arbitrary code via unspecified vectors related to JavaFX, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.
nvd
CVE-2013-1491CRITICALCVSS 10.0v1.7.02013-03-08
CVE-2013-1491 [CRITICAL] CWE-94 CVE-2013-1491: The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43
The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to execute arbitrary code via vectors related to 2D, as demonstrated by Joshua Drake during a Pwn2Own competition at CanSecWest 2013.
nvd
CVE-2013-0809CRITICALCVSS 10.0≤ 1.6.0v1.6.0+4 more2013-03-05
CVE-2013-0809 [CRITICAL] CVE-2013-0809: Unspecified vulnerability in the 2D component in the Java Runtime Environment (JRE) component in Ora
Unspecified vulnerability in the 2D component in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-1493.
nvd
CVE-2013-1493CRITICALCVSS 10.0ExploitedPoC≤ 1.7.0v1.7.0+4 more2013-03-05
CVE-2013-1493 [CRITICAL] CWE-119 CVE-2013-1493: The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earli
The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corru
nvd
CVE-2013-1487CRITICALCVSS 10.0v1.7.0v1.6.02013-02-20
CVE-2013-1487 [CRITICAL] CVE-2013-1487: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE 7 Update 13 an
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE 7 Update 13 and earlier and 6 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
nvd
CVE-2013-1486CRITICALCVSS 10.0v1.7.0v1.6.0+1 more2013-02-20
CVE-2013-1486 [CRITICAL] CVE-2013-1486: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
nvd