Oracle Jre vulnerabilities
790 known vulnerabilities affecting oracle/jre.
Total CVEs
790
CISA KEV
14
actively exploited
Public exploits
32
Exploited in wild
16
Severity breakdown
CRITICAL205HIGH119MEDIUM346LOW118
Vulnerabilities
Page 40 of 40
CVE-2012-0502MEDIUMCVSS 6.4≤ 1.6.0v1.6.0+2 more2012-02-15
CVE-2012-0502 [MEDIUM] CVE-2012-0502: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and availability, related to AWT.
nvd
CVE-2012-0506MEDIUMCVSS 4.3≤ 1.6.0v1.6.0+2 more2012-02-15
CVE-2012-0506 [MEDIUM] CVE-2012-0506: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to CORBA.
nvd
CVE-2012-0501MEDIUMCVSS 5.0≤ 1.6.0v1.6.0+2 more2012-02-15
CVE-2012-0501 [MEDIUM] CVE-2012-0501: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect availability via unknown vectors.
nvd
CVE-2011-3544CRITICALCVSS 9.8KEVPoCfixed in 1.6.0v1.6.0+1 more2011-10-19
CVE-2011-3544 [CRITICAL] CWE-284 CVE-2011-3544: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.
nvd
CVE-2011-3547MEDIUMCVSS 5.0≤ 1.6.0v1.6.0+1 more2011-10-19
CVE-2011-3547 [MEDIUM] CVE-2011-3547: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7,
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking.
nvd
CVE-2011-3546MEDIUMCVSS 5.8v1.7.0≤ 1.6.0+1 more2011-10-19
CVE-2011-3546 [MEDIUM] CVE-2011-3546: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7,
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to Deployment.
nvd
CVE-2011-3561LOWCVSS 1.8≤ 1.6.0v1.6.02011-10-19
CVE-2011-3561 [LOW] CVE-2011-3561: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7,
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
nvd
CVE-2010-1423CRITICALCVSS 9.3PoC≤ 1.6.0v1.6.02010-04-15
CVE-2010-1423 [CRITICAL] CWE-78 CVE-2010-1423: Argument injection vulnerability in the URI handler in (a) Java NPAPI plugin and (b) Java Deployment
Argument injection vulnerability in the URI handler in (a) Java NPAPI plugin and (b) Java Deployment Toolkit in Java 6 Update 10, 19, and other versions, when running on Windows and possibly on Linux, allows remote attackers to execute arbitrary code via the (1) -J or (2) -XXaltjvm argument to javaws.exe, which is processed by the launch method. NOTE
nvd
CVE-2010-0840CRITICALCVSS 9.8KEVPoCv1.4.2_25v1.5.0+1 more2010-04-01
CVE-2010-0840 [CRITICAL] CVE-2010-0840: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for B
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a
nvd
CVE-2003-1229HIGHCVSS 7.5≥ 1.3.0, ≤ 1.4.12003-12-31
CVE-2003-1229 [HIGH] CWE-295 CVE-2003-1229: X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 through 1.4.0_01, (
X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 through 1.4.0_01, (2) JSSE before 1.0.3, (3) Java Plug-in SDK and JRE 1.3.0 through 1.4.1, and (4) Java Web Start 1.0 through 1.2 incorrectly calls the isClientTrusted method when determining server trust, which results in improper validation of digital certificate and allo
nvd
← Previous40 / 40