Oracle Jre vulnerabilities
790 known vulnerabilities affecting oracle/jre.
Total CVEs
790
CISA KEV
14
actively exploited
Public exploits
32
Exploited in wild
16
Severity breakdown
CRITICAL205HIGH119MEDIUM346LOW118
Vulnerabilities
Page 37 of 40
CVE-2013-0431MEDIUMCVSS 5.3KEVPoCv1.7.02013-01-31
CVE-2013-0431 [MEDIUM] CWE-693 CVE-2013-0431: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 throug
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490.
nvd
CVE-2013-1490MEDIUMCVSS 4.3v1.7.02013-01-31
CVE-2013-1490 [MEDIUM] CVE-2013-1490: Unspecified vulnerability in Oracle Java SE 7 Update 11 (JRE 1.7.0_11-b21) allows user-assisted remo
Unspecified vulnerability in Oracle Java SE 7 Update 11 (JRE 1.7.0_11-b21) allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors, aka "Issue 51," a different vulnerability than CVE-2013-0431. NOTE: as of 20130130, this vulnerability does not contain any independently-verifiable details, and there is no vendor acknow
nvd
CVE-2012-3174CRITICALCVSS 10.0v1.7.02013-01-14
CVE-2012-3174 [CRITICAL] CWE-264 CVE-2012-3174: Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote attackers to affect confid
Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0422. NOTE: some parties have mapped CVE-2012-3174 to an issue involving recursive use of the Reflection API, but that issue is already covered as part
nvd
CVE-2013-0422CRITICALCVSS 9.8KEVPoCv1.7.02013-01-10
CVE-2013-0422 [CRITICAL] CVE-2013-0422: Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitra
Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using the findClass method, and (2) using the Reflection API with r
nvd
CVE-2012-2739MEDIUMCVSS 5.0≤ 1.7.0v1.7.02012-11-28
CVE-2012-2739 [MEDIUM] CWE-310 CVE-2012-2739: Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 and 8 before build 39, computes
Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 and 8 before build 39, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
nvd
CVE-2012-5373MEDIUMCVSS 5.0≤ 1.7.02012-11-28
CVE-2012-5373 [MEDIUM] CVE-2012-5373: Oracle Java SE 7 and earlier, and OpenJDK 7 and earlier, computes hash values without properly restr
Oracle Java SE 7 and earlier, and OpenJDK 7 and earlier, computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision att
nvd
CVE-2012-1532CRITICALCVSS 10.0≤ 1.7.0v1.7.0+2 more2012-10-16
CVE-2012-1532 [CRITICAL] CVE-2012-1532: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier and 6 Update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
nvd
CVE-2012-5088CRITICALCVSS 10.0PoC≤ 1.7.0v1.7.02012-10-16
CVE-2012-5088 [CRITICAL] CVE-2012-5088: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
nvd
CVE-2012-1533CRITICALCVSS 10.0PoC≤ 1.7.0v1.7.0+2 more2012-10-16
CVE-2012-1533 [CRITICAL] CVE-2012-1533: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-3159.
nvd
CVE-2012-5076CRITICALCVSS 9.8KEVPoCv1.7.02012-10-16
CVE-2012-5076 [CRITICAL] CWE-284 CVE-2012-5076: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS.
nvd
CVE-2012-5083CRITICALCVSS 10.0≤ 1.7.0v1.7.0+4 more2012-10-16
CVE-2012-5083 [CRITICAL] CVE-2012-5083: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, 1.4.2_38 and earlier, and JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
nvd
CVE-2012-5086CRITICALCVSS 10.0≤ 1.7.0v1.7.0+2 more2012-10-16
CVE-2012-5086 [CRITICAL] CVE-2012-5086: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans.
nvd
CVE-2012-5087CRITICALCVSS 10.0≤ 1.7.0v1.7.02012-10-16
CVE-2012-5087 [CRITICAL] CVE-2012-5087: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans.
nvd
CVE-2012-3143CRITICALCVSS 10.0≤ 1.7.0v1.7.0+3 more2012-10-16
CVE-2012-3143 [CRITICAL] CVE-2012-3143: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX, a different vulnerability than CVE-2012-5089.
nvd
CVE-2012-1531CRITICALCVSS 10.0≤ 1.7.0v1.7.0+4 more2012-10-16
CVE-2012-1531 [CRITICAL] CVE-2012-1531: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier; and JavaFX 2.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
nvd
CVE-2012-3159HIGHCVSS 7.5≤ 1.7.0v1.7.0+2 more2012-10-16
CVE-2012-3159 [HIGH] CVE-2012-3159: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-1533.
nvd
CVE-2012-5084HIGHCVSS 7.6≤ 1.7.0v1.7.0+4 more2012-10-16
CVE-2012-5084 [HIGH] CVE-2012-5084: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing.
nvd
CVE-2012-5089HIGHCVSS 7.6≤ 1.7.0v1.7.0+4 more2012-10-16
CVE-2012-5089 [HIGH] CVE-2012-5089: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX, a different vulnerability than CVE-2012-3143.
nvd
CVE-2012-5068HIGHCVSS 7.5≤ 1.7.0v1.7.0+2 more2012-10-16
CVE-2012-5068 [HIGH] CVE-2012-5068: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
nvd
CVE-2012-5073MEDIUMCVSS 5.0≤ 1.7.0v1.7.0+4 more2012-10-16
CVE-2012-5073 [MEDIUM] CVE-2012-5073: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries, a different vulnerability than CVE-2012-5079.
nvd