787 matches found
CVE-2014-0429
CVE-2014-0429 is an unspecified vulnerability in the Java 2D component affecting Oracle Java SE 5.0u61, 6u71, 7u51, 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51. Impact is described as complete confidentiality, integrity, and availability violations via unknown vectors in the 2D comp...
CVE-2014-4263
CVE-2014-4263 is an unspecified security vulnerability with partial confidentiality and partial integrity impact (no availability impact) affecting IBM Java SDK/JRE components used in IBM SAN Volume Controller and Storwize family, among others. IBM’s remediation guidance consistently recommends u...
CVE-2014-0449
CVE-2014-0449 is an unspecified vulnerability in the Deployment component affecting Oracle Java SE 6u71, 7u51, 8, and Java SE Embedded 7u51. The issue could allow a remote attacker to affect confidentiality via unknown vectors. The IBM/Red Hat ecosystem references this CVE among several Java-rela...
CVE-2014-0448
CVE-2014-0448 affects Oracle Java SE 7u51 and Java 8 Deployment. The vulnerability is described as unspecified with attacks possible via Deployment vectors, impacting confidentiality, integrity, and availability. Connected sources (IBM bulletin entries) corroborate the CVE and reference remediati...
CVE-2014-0446
CVE-2014-0446 is an Oracle Java SE vulnerability described as unspecified, affecting Libraries in Java SE 5.0u61, 6u71, 7u51, 8 and Java SE Embedded 7u51. The IBM and related bulletins enumerate this CVE among a broader set of Java CPU fixes, with affected IBM SDK/JAVA editions and WebSphere/Info...
CVE-2023-22045
CVE-2023-22045 affects Oracle Java SE (Hotspot) and Oracle GraalVM variants (Enterprise Edition and JDK). Affected versions include Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; GraalVM Enterprise: 20.3.10, 21.3.6, 22.3.2; GraalVM for JDK: 17.0.7, 20.0.1. The vulnerability is diffic...
CVE-2023-22044
CVE-2023-22044 affects OpenJDK/OpenJDK-based runtimes (e.g., Debian openjdk-17, AlmaLinux java-17-openjdk) as part of the July 2023 Java updates. Connected advisories confirm it is among multiple OpenJDK vulnerabilities and are addressed by updates to OpenJDK 17 (e.g., 17.0.8) across distribution...
CVE-2022-21540
CVE-2022-21540 applies to Oracle Java SE (Hotspot) and Oracle GraalVM Enterprise Edition; affected versions include Oracle Java SE 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1 and GraalVM EE 20.3.6, 21.3.2, 22.1.0. The connected documents provide concrete details: the vulnerability can be exploite...
CVE-2022-21541
CVE-2022-21541 affects Oracle Java SE (Hotspot) and Oracle GraalVM Enterprise Edition. Affected Java SE versions include 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; GraalVM EE: 20.3.6, 21.3.2, 22.1.0. The vulnerability is described as difficult to exploit but allows an unauthenticated networked ...
CVE-2012-4681
CVE-2012-4681 affects Oracle Java SE 7 (JRE) up to Update 6, and earlier; vulnerability chain bypasses SecurityManager via beans permission checks and restricted package access, using ClassFinder.findClass and reflection with a trusted immediate caller to reach private fields. Exploitation in the...
CVE-2011-3544
CVE-2011-3544 is a vulnerability in the Java scripting engine where untrusted code (e.g., applets) could elevate privileges due to missing security manager checks. Affected: Oracle Java SE/JDK/JRE 6 and 7 up to update 27 and earlier. Impact reported as remote arbitrary code execution/elevation of...
CVE-2022-21449
CVE-2022-21449 affects Oracle Java SE Libraries (Oracle Java SE 17.0.2, 18) and GraalVM Enterprise Edition (21.3.1, 22.0.0.2). It enables unauthenticated, network‑accessible attackers to compromise data integrity — potentially unauthorized creation, deletion or modification of data in affected Or...
CVE-2015-4000
CVE-2015-4000 is the Logjam vulnerability: when a server enables DHE_EXPORT ciphers and the client does not, the TLS handshake may downgrade to 512‑bit export‑grade DH, allowing a MITM to decrypt traffic. Public details describe the issue in TLS as a downgrade attack on Diffie–Hellman key exchang...
CVE-2012-1723
CVE-2012-1723 is described in Debian security advisory DSA-2507-1 as a set of OpenJDK/Java runtime vulnerabilities including validation errors in the HotSpot bytecode verifier that could allow sandbox bypass and remote code execution. The advisory lists CVE-2012-1723 among multiple related issues...
CVE-2015-2590
CVE-2015-2590 is an unspecified vulnerability affecting Oracle Java SE (6u95, 7u80, 8u45) and Java SE Embedded (7u75, 8u33) with impact to confidentiality, integrity, and availability via unknown vectors in the Libraries component. Public details in the initial description are limited; connected ...
CVE-2013-0422
CVE-2013-0422 affects Oracle Java 7 before Update 11, combining two issues: (1) JMX/MBean path via getMBeanInstantiator and findClass enabling private MBeanInstantiator reference retrieval, and (2) recursive use of Reflection API bypassing java.lang.invoke.MethodHandles.Lookup.checkSecurityManage...
CVE-2016-9843
CVE-2016-9843 concerns zlib 1.2.8 and its crc32_big implementation (big-endian CRC calculation). Connected docs show affected packages: FLTK builds for zlib before 1.3.8-1 in CBLMariner, and Cloud Foundry/ALAS advisories link multiple zlib-related CVEs with remediation guidance. The FLTK note sta...
CVE-2022-21549
CVE-2022-21549 affects Oracle Java SE Libraries with affected binaries: Oracle Java SE 17.0.3.1 and Oracle GraalVM Enterprise Edition 21.3.2 and 22.1.0. The entry notes network‑accessible exploitation by an unauthenticated attacker, potentially enabling unauthorized update/insert/delete of data i...
CVE-2015-4902
CVE-2015-4902 is an unspecified vulnerability in Oracle Java SE affecting Java 6u101, 7u85, and 8u60, with impact limited to integrity via unknown vectors related to Deployment. The Connected documents confirm the affected products and the vulnerability class, but do not provide concrete exploit ...
CVE-2021-2163
CVE-2021-2163 applies to Oracle/OpenJDK libraries across Java SE, Java SE Embedded and GraalVM Enterprise Edition. Affected versions include Java SE 7u291, 8u281, 11.0.10, 16; Java SE Embedded 8u281; GraalVM EE 19.3.5, 20.3.1.2 and 21.0.0.2. The vulnerability is exploitable remotely over multiple...
CVE-2023-22081
CVE-2023-22081 is a vulnerability in the Oracle Java SE line and related GraalVM products (JSSE component) with affected versions including Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 20.3.11, 21.3.7, 22.3.3. The i...
CVE-2019-2684
CVE-2019-2684 concerns Oracle Java SE and Java SE Embedded, specifically the RMI component. The connected Chainguard entry shows affected packages for OpenJDK builds (openjdk-21/openj9, openjdk-8/openj9, openjdk-11/openj9, openjdk-17/openj9). The initial description identifies affected Oracle Jav...
CVE-2019-7317
CVE-2019-7317 is a use-after-free involving png_image_free in libpng. A connected document ties this to the FLTK package, affecting versions less than 1.3.8-1, and states that upgrading to a later FLTK version resolves the issue. If applying this advisory, upgrade FLTK to 1.3.8-1 or newer for rem...
CVE-2023-22067
CVE-2023-22067 affects Oracle Java SE CORBA and related components (Oracle Java SE: 8u381/8u381-perf; Oracle GraalVM for JDK: 17.0.x, 20.0.2; plus Hotspot-backed Java deployments). The issue allows unauthenticated network access via CORBA to compromise data integrity (unauthorized updates) and is...
CVE-2016-3427
CVE-2016-3427 is an unspecified vulnerability in Oracle Java SE (affecting 6u113, 7u99, 8u77) and JRockit, tied to the Java Management Extensions (JMX) component. Exploitation can affect confidentiality, integrity, and availability via JMX-related vectors; the issue is described as an unspecified...
CVE-2023-41993
CVE-2023-41993 is a WebKit code‑execution vulnerability affecting Apple platforms where processing web content could trigger arbitrary code execution. The public record notes the issue was fixed in macOS Sonoma 14 and is associated with Safari/WebKit processing paths. Apple documents indicate the...
CVE-2023-21930
CVE-2023-21930 affects Oracle Java SE and GraalVM Enterprise Edition (JSSE component) on Java 8u361, 11.0.18, 17.0.6, 20 and GraalVM 20.3.9/21.3.5/22.3.1. An unauthenticated attacker with network access over TLS can compromise data confidentiality and integrity; exploitation is possible via TLS h...
CVE-2023-21830
CVE-2023-21830 is a network-attackable CORBA/Serialization vulnerability affecting Oracle Java SE and GraalVM Enterprise Edition. Affected: Oracle Java SE 8u351 and 8u351-perf; GraalVM EE 20.3.8 and 21.3.4 (and related components). Exploitation requires network access with no authentication, pote...
CVE-2019-16168
CVE-2019-16168 affects SQLite up to version 3.29.0, whereLoopAddBtreeIndex in sqlite3.c may crash a browser/application due to missing validation of sqlite_stat1 sz, described as a severe division by zero in the query planner. Connected documents show multiple advisories referencing the fix in SQ...
CVE-2025-21502
CVE-2025-21502 affects Oracle Java SE and related GraalVM packages (Hotspot) across multiple supported versions (Java SE 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; GraalVM JDK 17.0.13/21.0.5/23.0.1; GraalVM EE 20.3.16/21.3.12). The described vulnerability allows an unauthenticated, network-acc...
CVE-2023-22025
CVE-2023-22025 affects multiple Java runtimes (Oracle Java SE, GraalVM for JDK, GraalVM Enterprise) with vulnerable components in Hotspot. Affected versions listed include Oracle Java SE 8u381-perf, 17.0.8, 21; GraalVM for JDK 17.0.8 and 21; GraalVM EE 21.3.7/22.3.3. The connected Broadcom Azul Z...
CVE-2022-34169
CVE-2022-34169 affects the Apache Xalan Java XSLT library. It describes an integer truncation vulnerability when processing malicious XSLT stylesheets, which can corrupt Java class files generated by the internal XSLTC compiler and allow execution of arbitrary Java bytecode. Public references in ...
CVE-2023-21843
CVE-2023-21843 is a vulnerability in Oracle Java SE (component: Sound) affecting multiple Oracle Java SE versions (8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1) and Oracle GraalVM Enterprise Edition (20.3.8, 21.3.4, 22.3.0). It allows an unauthenticated attacker with network access via various prot...
CVE-2024-20918
CVE-2024-20918 affects Oracle Java SE (8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1), Oracle GraalVM for JDK (17.0.9, 21.0.1), and Oracle GraalVM Enterprise Edition (20.3.12, 21.3.8, 22.3.4). The vulnerability, which is network-accessible via multiple protocols, can allow an unauthenticated attacke...
CVE-2016-9841
CVE-2016-9841 is a vulnerability in zlib 1.2.8 related to improper pointer arithmetic in inffast.c that could have context-dependent impact. Connected advisories confirm public details and show remediation by upgrading zlib to a newer version (e.g., 1.2.11) across affected products and distributi...
CVE-2019-2602
CVE-2019-2602 affects Oracle Java SE and Java SE Embedded Libraries component. Affected: Java SE 7u211, 8u202, 11.0.2, 12; Java SE Embedded 8u201. Root cause per the entry: vulnerability in Libraries that allows an unauthenticated, network-based attacker to cause a hang or frequent crashes (compl...
CVE-2023-21835
CVE-2023-21835 affects Oracle Java SE and GraalVM Enterprise Edition (JSSE/DTLS handshake). An unauthenticated network attacker can exploit DTLS to cause a partial denial of service on affected Java runtimes. Affected: Oracle Java SE 11.0.17, 17.0.5, 19.0.1 and Oracle GraalVM EE 20.3.8, 21.3.4, 2...
CVE-2013-0424
CVE-2013-0424 is an unspecified vulnerability in the Java Runtime Environment (JRE) component affecting Oracle Java SE 7 up to Update 11, 6 up to Update 38, 5.0 up to Update 38, and 1.4.2_40 and earlier, plus OpenJDK 7. The issue relates to RMI and could allow remote attackers to affect integrity...
CVE-2021-2388
CVE-2021-2388 affects Java SE Hotspot and GraalVM Enterprise Edition across several versions (Java SE 8u291, 11.0.11, 16.0.1; GraalVM EE 20.3.2, 21.1.0) and is exploitable via network access with multistream protocols; attacks require user interaction. Multiple connected advisories confirm affect...
CVE-2023-21967
CVE-2023-21967 affects Oracle Java SE and GraalVM Enterprise Edition (JSSE, Swing, Hotspot, Libraries) with multiple vulnerable versions including Java 8u361, 11.0.18, 17.0.6, 20 and GraalVM 20.3.9/21.3.5/22.3.1. Root cause is unresolved issues in the Java components allowing unauthenticated netw...
CVE-2023-21937
CVE-2023-21937 is an in-scope vulnerability affecting Oracle Java SE / GraalVM Enterprise Edition (Networking, Swing, Libraries, Hotspot, JSSE, etc.) with 8u361, 11.0.18, 17.0.6, 20 and related GraalVM versions impacted. It involves NULL-character handling and related input validation issues that...
CVE-2022-21426
CVE-2022-21426 affects Oracle Java SE and GraalVM Enterprise Edition, with vulnerable components in Java SE (JAXP, Libraries, Serialization) and GraalVM CE surface. Public advisories list affected versions including Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18 and GraalVM CE: 20.3.5, 21.3.1,...
CVE-2016-9840
CVE-2016-9840 affects zlib 1.2.8 in inftrees.c where improper pointer arithmetic can lead to out-of-bounds memory handling. Connected advisories show related issues in the same zlib code path (CVE-2016-9841, CVE-2016-9842, CVE-2016-9843) and describe potential crash or arbitrary-code outcomes in ...
CVE-2019-2698
CVE-2019-2698 affects Oracle Java SE (subcomponent 2D) with affected Java SE versions 7u211 and 8u202; exploitation could allow takeover of Java SE via network access without authentication. CVSSv3.1 base score 8.1. Affected openjdk/openjdk-based packages (e.g., java-1.8.0-openjdk) and Oracle Jav...
CVE-2023-21954
CVE-2023-21954 (and related CVEs listed in the same advisory set) affects Oracle Java SE/OpenJDK/GraalVM Enterprise Edition components across multiple versions (e.g., 8u361, 11.0.18, 17.0.6, 20.x; Swing, Hotspot, JSSE, Libraries). The issue set comprises several distinct weaknesses (e.g., TLS han...
CVE-2019-11068
CVE-2019-11068 affects libxslt up to 1.1.33. The vulnerability arises because xsltCheckRead/xsltCheckWrite can permit access even after a -1 error, enabling protection bypass. According to the linked advisories, this vulnerability has a CVSSv3 base score of 9.8 (NETWORK, LOW attack complexity, NO...
CVE-2016-9842
CVE-2016-9842 concerns zlib 1.2.8 where the inflateMark function in inflate.c can trigger context-dependent behavior via left shifts of negative integers. Connected documents confirm the issue is embedded in zlib and was addressed by updates in downstream packages. Debian LTS (DLA-2085-1) fixes t...
CVE-2023-22049
CVE-2023-22049 affects Oracle Java SE and related GraalVM variants (Libraries component; and others listed) with affected versions including Oracle Java SE 8u371/8u371-perf/11.0.19/17.0.7/20.0.1; Oracle GraalVM Enterprise Edition and GraalVM for JDK versions. Exploitation is described as difficul...
CVE-2024-21011
CVE-2024-21011 affects Oracle Java SE platforms (Hotspot) and Oracle GraalVM for JDK/Enterprise Edition. Affected versions include Java SE: 8u401, 11.0.22, 17.0.10, 21.0.2, 22; GraalVM for JDK: 17.0.10, 21.0.2, 22; GraalVM EE: 20.3.13, 21.3.9. The vulnerability is exploitable over a network by un...
CVE-2023-21939
CVE-2023-21939 affects Oracle Java SE and GraalVM Enterprise Edition Swing component across several versions (e.g., Java 8u361, 11.0.18, 17.0.6, 20; GraalVM EE 20.3.9/21.3.5/22.3.1). It is an easily exploitable, unauthenticated remote issue over HTTP that can lead to unauthorized update/insert/de...