Lucene search
K

787 matches found

CVE
CVE
added 2014/04/15 10:0 p.m.15707 views

CVE-2014-0429

CVE-2014-0429 is an unspecified vulnerability in the Java 2D component affecting Oracle Java SE 5.0u61, 6u71, 7u51, 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51. Impact is described as complete confidentiality, integrity, and availability violations via unknown vectors in the 2D comp...

10CVSS6.5AI score0.07571EPSS
CVE
CVE
added 2014/07/17 10:0 a.m.15687 views

CVE-2014-4263

CVE-2014-4263 is an unspecified security vulnerability with partial confidentiality and partial integrity impact (no availability impact) affecting IBM Java SDK/JRE components used in IBM SAN Volume Controller and Storwize family, among others. IBM’s remediation guidance consistently recommends u...

4CVSS3.6AI score0.03501EPSS
CVE
CVE
added 2014/04/15 10:0 p.m.15584 views

CVE-2014-0449

CVE-2014-0449 is an unspecified vulnerability in the Deployment component affecting Oracle Java SE 6u71, 7u51, 8, and Java SE Embedded 7u51. The issue could allow a remote attacker to affect confidentiality via unknown vectors. The IBM/Red Hat ecosystem references this CVE among several Java-rela...

5CVSS5.3AI score0.03095EPSS
CVE
CVE
added 2014/04/15 10:0 p.m.15526 views

CVE-2014-0448

CVE-2014-0448 affects Oracle Java SE 7u51 and Java 8 Deployment. The vulnerability is described as unspecified with attacks possible via Deployment vectors, impacting confidentiality, integrity, and availability. Connected sources (IBM bulletin entries) corroborate the CVE and reference remediati...

7.6CVSS8.1AI score0.05076EPSS
CVE
CVE
added 2014/04/15 10:0 p.m.15305 views

CVE-2014-0446

CVE-2014-0446 is an Oracle Java SE vulnerability described as unspecified, affecting Libraries in Java SE 5.0u61, 6u71, 7u51, 8 and Java SE Embedded 7u51. The IBM and related bulletins enumerate this CVE among a broader set of Java CPU fixes, with affected IBM SDK/JAVA editions and WebSphere/Info...

7.5CVSS6.5AI score0.05603EPSS
CVE
CVE
added 2023/07/18 8:18 p.m.2914 views

CVE-2023-22045

CVE-2023-22045 affects Oracle Java SE (Hotspot) and Oracle GraalVM variants (Enterprise Edition and JDK). Affected versions include Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; GraalVM Enterprise: 20.3.10, 21.3.6, 22.3.2; GraalVM for JDK: 17.0.7, 20.0.1. The vulnerability is diffic...

3.7CVSS4.4AI score0.01164EPSS
CVE
CVE
added 2023/07/18 8:18 p.m.2848 views

CVE-2023-22044

CVE-2023-22044 affects OpenJDK/OpenJDK-based runtimes (e.g., Debian openjdk-17, AlmaLinux java-17-openjdk) as part of the July 2023 Java updates. Connected advisories confirm it is among multiple OpenJDK vulnerabilities and are addressed by updates to OpenJDK 17 (e.g., 17.0.8) across distribution...

3.7CVSS3.9AI score0.01127EPSS
CVE
CVE
added 2022/07/19 12:0 a.m.1364 views

CVE-2022-21540

CVE-2022-21540 applies to Oracle Java SE (Hotspot) and Oracle GraalVM Enterprise Edition; affected versions include Oracle Java SE 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1 and GraalVM EE 20.3.6, 21.3.2, 22.1.0. The connected documents provide concrete details: the vulnerability can be exploite...

5.3CVSS5AI score0.0296EPSS
CVE
CVE
added 2022/07/19 12:0 a.m.1361 views

CVE-2022-21541

CVE-2022-21541 affects Oracle Java SE (Hotspot) and Oracle GraalVM Enterprise Edition. Affected Java SE versions include 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; GraalVM EE: 20.3.6, 21.3.2, 22.1.0. The vulnerability is described as difficult to exploit but allows an unauthenticated networked ...

5.9CVSS5.8AI score0.02062EPSS
CVE
CVE
added 2012/08/28 12:0 a.m.1303 views

CVE-2012-4681

CVE-2012-4681 affects Oracle Java SE 7 (JRE) up to Update 6, and earlier; vulnerability chain bypasses SecurityManager via beans permission checks and restricted package access, using ClassFinder.findClass and reflection with a trusted immediate caller to reach private fields. Exploitation in the...

10CVSS7.6AI score0.98536EPSS
In wild
CVE
CVE
added 2011/10/19 9:0 p.m.1295 views

CVE-2011-3544

CVE-2011-3544 is a vulnerability in the Java scripting engine where untrusted code (e.g., applets) could elevate privileges due to missing security manager checks. Affected: Oracle Java SE/JDK/JRE 6 and 7 up to update 27 and earlier. Impact reported as remote arbitrary code execution/elevation of...

10CVSS8.5AI score0.96714EPSS
In wild
CVE
CVE
added 2022/04/19 8:37 p.m.1286 views

CVE-2022-21449

CVE-2022-21449 affects Oracle Java SE Libraries (Oracle Java SE 17.0.2, 18) and GraalVM Enterprise Edition (21.3.1, 22.0.0.2). It enables unauthenticated, network‑accessible attackers to compromise data integrity — potentially unauthorized creation, deletion or modification of data in affected Or...

7.5CVSS6.9AI score0.48235EPSS
CVE
CVE
added 2015/05/21 12:0 a.m.1252 views

CVE-2015-4000

CVE-2015-4000 is the Logjam vulnerability: when a server enables DHE_EXPORT ciphers and the client does not, the TLS handshake may downgrade to 512‑bit export‑grade DH, allowing a MITM to decrypt traffic. Public details describe the issue in TLS as a downgrade attack on Diffie–Hellman key exchang...

4.3CVSS4.8AI score0.9986EPSS
In wild
CVE
CVE
added 2012/06/16 9:0 p.m.1236 views

CVE-2012-1723

CVE-2012-1723 is described in Debian security advisory DSA-2507-1 as a set of OpenJDK/Java runtime vulnerabilities including validation errors in the HotSpot bytecode verifier that could allow sandbox bypass and remote code execution. The advisory lists CVE-2012-1723 among multiple related issues...

10CVSS8.4AI score0.93688EPSS
In wild
CVE
CVE
added 2015/07/16 10:0 a.m.1176 views

CVE-2015-2590

CVE-2015-2590 is an unspecified vulnerability affecting Oracle Java SE (6u95, 7u80, 8u45) and Java SE Embedded (7u75, 8u33) with impact to confidentiality, integrity, and availability via unknown vectors in the Libraries component. Public details in the initial description are limited; connected ...

10CVSS4.2AI score0.25469EPSS
In wild
CVE
CVE
added 2013/01/10 9:23 p.m.1148 views

CVE-2013-0422

CVE-2013-0422 affects Oracle Java 7 before Update 11, combining two issues: (1) JMX/MBean path via getMBeanInstantiator and findClass enabling private MBeanInstantiator reference retrieval, and (2) recursive use of Reflection API bypassing java.lang.invoke.MethodHandles.Lookup.checkSecurityManage...

10CVSS8.2AI score0.97612EPSS
In wild
CVE
CVE
added 2017/05/23 3:56 a.m.1146 views

CVE-2016-9843

CVE-2016-9843 concerns zlib 1.2.8 and its crc32_big implementation (big-endian CRC calculation). Connected docs show affected packages: FLTK builds for zlib before 1.3.8-1 in CBLMariner, and Cloud Foundry/ALAS advisories link multiple zlib-related CVEs with remediation guidance. The FLTK note sta...

9.8CVSS9.9AI score0.0595EPSS
CVE
CVE
added 2022/07/19 12:0 a.m.1110 views

CVE-2022-21549

CVE-2022-21549 affects Oracle Java SE Libraries with affected binaries: Oracle Java SE 17.0.3.1 and Oracle GraalVM Enterprise Edition 21.3.2 and 22.1.0. The entry notes network‑accessible exploitation by an unauthenticated attacker, potentially enabling unauthorized update/insert/delete of data i...

5.3CVSS5AI score0.01804EPSS
CVE
CVE
added 2015/10/21 11:0 p.m.973 views

CVE-2015-4902

CVE-2015-4902 is an unspecified vulnerability in Oracle Java SE affecting Java 6u101, 7u85, and 8u60, with impact limited to integrity via unknown vectors related to Deployment. The Connected documents confirm the affected products and the vulnerability class, but do not provide concrete exploit ...

5.3CVSS5.5AI score0.13354EPSS
In wild
CVE
CVE
added 2021/04/22 9:53 p.m.871 views

CVE-2021-2163

CVE-2021-2163 applies to Oracle/OpenJDK libraries across Java SE, Java SE Embedded and GraalVM Enterprise Edition. Affected versions include Java SE 7u291, 8u281, 11.0.10, 16; Java SE Embedded 8u281; GraalVM EE 19.3.5, 20.3.1.2 and 21.0.0.2. The vulnerability is exploitable remotely over multiple...

5.3CVSS4.8AI score0.03566EPSS
CVE
CVE
added 2023/10/17 9:2 p.m.870 views

CVE-2023-22081

CVE-2023-22081 is a vulnerability in the Oracle Java SE line and related GraalVM products (JSSE component) with affected versions including Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 20.3.11, 21.3.7, 22.3.3. The i...

5.3CVSS5.2AI score0.014EPSS
CVE
CVE
added 2019/04/23 6:16 p.m.827 views

CVE-2019-2684

CVE-2019-2684 concerns Oracle Java SE and Java SE Embedded, specifically the RMI component. The connected Chainguard entry shows affected packages for OpenJDK builds (openjdk-21/openj9, openjdk-8/openj9, openjdk-11/openj9, openjdk-17/openj9). The initial description identifies affected Oracle Jav...

5.9CVSS5.7AI score0.37618EPSS
CVE
CVE
added 2019/02/04 7:0 a.m.811 views

CVE-2019-7317

CVE-2019-7317 is a use-after-free involving png_image_free in libpng. A connected document ties this to the FLTK package, affecting versions less than 1.3.8-1, and states that upgrading to a later FLTK version resolves the issue. If applying this advisory, upgrade FLTK to 1.3.8-1 or newer for rem...

5.3CVSS6.3AI score0.09393EPSS
CVE
CVE
added 2023/10/17 9:2 p.m.798 views

CVE-2023-22067

CVE-2023-22067 affects Oracle Java SE CORBA and related components (Oracle Java SE: 8u381/8u381-perf; Oracle GraalVM for JDK: 17.0.x, 20.0.2; plus Hotspot-backed Java deployments). The issue allows unauthenticated network access via CORBA to compromise data integrity (unauthorized updates) and is...

5.3CVSS4.8AI score0.00888EPSS
CVE
CVE
added 2016/04/21 10:0 a.m.780 views

CVE-2016-3427

CVE-2016-3427 is an unspecified vulnerability in Oracle Java SE (affecting 6u113, 7u99, 8u77) and JRockit, tied to the Java Management Extensions (JMX) component. Exploitation can affect confidentiality, integrity, and availability via JMX-related vectors; the issue is described as an unspecified...

10CVSS6.8AI score0.92334EPSS
In wild
CVE
CVE
added 2023/09/21 6:23 p.m.774 views

CVE-2023-41993

CVE-2023-41993 is a WebKit code‑execution vulnerability affecting Apple platforms where processing web content could trigger arbitrary code execution. The public record notes the issue was fixed in macOS Sonoma 14 and is associated with Safari/WebKit processing paths. Apple documents indicate the...

8.8CVSS8.8AI score0.29179EPSS
In wild
CVE
CVE
added 2023/04/18 7:54 p.m.770 views

CVE-2023-21930

CVE-2023-21930 affects Oracle Java SE and GraalVM Enterprise Edition (JSSE component) on Java 8u361, 11.0.18, 17.0.6, 20 and GraalVM 20.3.9/21.3.5/22.3.1. An unauthenticated attacker with network access over TLS can compromise data confidentiality and integrity; exploitation is possible via TLS h...

7.4CVSS7.4AI score0.01295EPSS
CVE
CVE
added 2023/01/17 11:35 p.m.751 views

CVE-2023-21830

CVE-2023-21830 is a network-attackable CORBA/Serialization vulnerability affecting Oracle Java SE and GraalVM Enterprise Edition. Affected: Oracle Java SE 8u351 and 8u351-perf; GraalVM EE 20.3.8 and 21.3.4 (and related components). Exploitation requires network access with no authentication, pote...

5.3CVSS4.8AI score0.01058EPSS
CVE
CVE
added 2019/09/09 4:7 p.m.695 views

CVE-2019-16168

CVE-2019-16168 affects SQLite up to version 3.29.0, whereLoopAddBtreeIndex in sqlite3.c may crash a browser/application due to missing validation of sqlite_stat1 sz, described as a severe division by zero in the query planner. Connected documents show multiple advisories referencing the fix in SQ...

6.5CVSS7AI score0.04253EPSS
CVE
CVE
added 2025/01/21 8:52 p.m.686 views

CVE-2025-21502

CVE-2025-21502 affects Oracle Java SE and related GraalVM packages (Hotspot) across multiple supported versions (Java SE 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; GraalVM JDK 17.0.13/21.0.5/23.0.1; GraalVM EE 20.3.16/21.3.12). The described vulnerability allows an unauthenticated, network-acc...

4.8CVSS4.1AI score0.00971EPSS
CVE
CVE
added 2023/10/17 9:2 p.m.682 views

CVE-2023-22025

CVE-2023-22025 affects multiple Java runtimes (Oracle Java SE, GraalVM for JDK, GraalVM Enterprise) with vulnerable components in Hotspot. Affected versions listed include Oracle Java SE 8u381-perf, 17.0.8, 21; GraalVM for JDK 17.0.8 and 21; GraalVM EE 21.3.7/22.3.3. The connected Broadcom Azul Z...

3.7CVSS3.7AI score0.00883EPSS
CVE
CVE
added 2022/07/19 12:0 a.m.676 views

CVE-2022-34169

CVE-2022-34169 affects the Apache Xalan Java XSLT library. It describes an integer truncation vulnerability when processing malicious XSLT stylesheets, which can corrupt Java class files generated by the internal XSLTC compiler and allow execution of arbitrary Java bytecode. Public references in ...

7.5CVSS8.2AI score0.17673EPSS
Web
CVE
CVE
added 2023/01/17 11:35 p.m.667 views

CVE-2023-21843

CVE-2023-21843 is a vulnerability in Oracle Java SE (component: Sound) affecting multiple Oracle Java SE versions (8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1) and Oracle GraalVM Enterprise Edition (20.3.8, 21.3.4, 22.3.0). It allows an unauthenticated attacker with network access via various prot...

3.7CVSS4.2AI score0.01357EPSS
CVE
CVE
added 2024/01/16 9:41 p.m.653 views

CVE-2024-20918

CVE-2024-20918 affects Oracle Java SE (8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1), Oracle GraalVM for JDK (17.0.9, 21.0.1), and Oracle GraalVM Enterprise Edition (20.3.12, 21.3.8, 22.3.4). The vulnerability, which is network-accessible via multiple protocols, can allow an unauthenticated attacke...

7.4CVSS7.1AI score0.00911EPSS
CVE
CVE
added 2017/05/23 3:56 a.m.609 views

CVE-2016-9841

CVE-2016-9841 is a vulnerability in zlib 1.2.8 related to improper pointer arithmetic in inffast.c that could have context-dependent impact. Connected advisories confirm public details and show remediation by upgrading zlib to a newer version (e.g., 1.2.11) across affected products and distributi...

9.8CVSS9.9AI score0.07489EPSS
CVE
CVE
added 2019/04/23 6:16 p.m.579 views

CVE-2019-2602

CVE-2019-2602 affects Oracle Java SE and Java SE Embedded Libraries component. Affected: Java SE 7u211, 8u202, 11.0.2, 12; Java SE Embedded 8u201. Root cause per the entry: vulnerability in Libraries that allows an unauthenticated, network-based attacker to cause a hang or frequent crashes (compl...

7.5CVSS6.8AI score0.0441EPSS
CVE
CVE
added 2023/01/17 11:35 p.m.570 views

CVE-2023-21835

CVE-2023-21835 affects Oracle Java SE and GraalVM Enterprise Edition (JSSE/DTLS handshake). An unauthenticated network attacker can exploit DTLS to cause a partial denial of service on affected Java runtimes. Affected: Oracle Java SE 11.0.17, 17.0.5, 19.0.1 and Oracle GraalVM EE 20.3.8, 21.3.4, 2...

5.3CVSS5AI score0.01836EPSS
CVE
CVE
added 2013/02/02 12:0 a.m.568 views

CVE-2013-0424

CVE-2013-0424 is an unspecified vulnerability in the Java Runtime Environment (JRE) component affecting Oracle Java SE 7 up to Update 11, 6 up to Update 38, 5.0 up to Update 38, and 1.4.2_40 and earlier, plus OpenJDK 7. The issue relates to RMI and could allow remote attackers to affect integrity...

5CVSS8AI score0.04795EPSS
CVE
CVE
added 2021/07/20 10:44 p.m.565 views

CVE-2021-2388

CVE-2021-2388 affects Java SE Hotspot and GraalVM Enterprise Edition across several versions (Java SE 8u291, 11.0.11, 16.0.1; GraalVM EE 20.3.2, 21.1.0) and is exploitable via network access with multistream protocols; attacks require user interaction. Multiple connected advisories confirm affect...

7.5CVSS5.8AI score0.04008EPSS
CVE
CVE
added 2023/04/18 7:54 p.m.550 views

CVE-2023-21967

CVE-2023-21967 affects Oracle Java SE and GraalVM Enterprise Edition (JSSE, Swing, Hotspot, Libraries) with multiple vulnerable versions including Java 8u361, 11.0.18, 17.0.6, 20 and GraalVM 20.3.9/21.3.5/22.3.1. Root cause is unresolved issues in the Java components allowing unauthenticated netw...

5.9CVSS6.3AI score0.01523EPSS
CVE
CVE
added 2023/04/18 7:54 p.m.544 views

CVE-2023-21937

CVE-2023-21937 is an in-scope vulnerability affecting Oracle Java SE / GraalVM Enterprise Edition (Networking, Swing, Libraries, Hotspot, JSSE, etc.) with 8u361, 11.0.18, 17.0.6, 20 and related GraalVM versions impacted. It involves NULL-character handling and related input validation issues that...

3.7CVSS4.7AI score0.01208EPSS
CVE
CVE
added 2022/04/19 8:37 p.m.540 views

CVE-2022-21426

CVE-2022-21426 affects Oracle Java SE and GraalVM Enterprise Edition, with vulnerable components in Java SE (JAXP, Libraries, Serialization) and GraalVM CE surface. Public advisories list affected versions including Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18 and GraalVM CE: 20.3.5, 21.3.1,...

5.3CVSS5.3AI score0.03203EPSS
CVE
CVE
added 2017/05/23 3:56 a.m.539 views

CVE-2016-9840

CVE-2016-9840 affects zlib 1.2.8 in inftrees.c where improper pointer arithmetic can lead to out-of-bounds memory handling. Connected advisories show related issues in the same zlib code path (CVE-2016-9841, CVE-2016-9842, CVE-2016-9843) and describe potential crash or arbitrary-code outcomes in ...

8.8CVSS9.6AI score0.04793EPSS
CVE
CVE
added 2019/04/23 6:16 p.m.536 views

CVE-2019-2698

CVE-2019-2698 affects Oracle Java SE (subcomponent 2D) with affected Java SE versions 7u211 and 8u202; exploitation could allow takeover of Java SE via network access without authentication. CVSSv3.1 base score 8.1. Affected openjdk/openjdk-based packages (e.g., java-1.8.0-openjdk) and Oracle Jav...

8.1CVSS7.7AI score0.12013EPSS
CVE
CVE
added 2023/04/18 7:54 p.m.527 views

CVE-2023-21954

CVE-2023-21954 (and related CVEs listed in the same advisory set) affects Oracle Java SE/OpenJDK/GraalVM Enterprise Edition components across multiple versions (e.g., 8u361, 11.0.18, 17.0.6, 20.x; Swing, Hotspot, JSSE, Libraries). The issue set comprises several distinct weaknesses (e.g., TLS han...

5.9CVSS6.1AI score0.01421EPSS
CVE
CVE
added 2019/04/10 7:38 p.m.522 views

CVE-2019-11068

CVE-2019-11068 affects libxslt up to 1.1.33. The vulnerability arises because xsltCheckRead/xsltCheckWrite can permit access even after a -1 error, enabling protection bypass. According to the linked advisories, this vulnerability has a CVSSv3 base score of 9.8 (NETWORK, LOW attack complexity, NO...

9.8CVSS9.4AI score0.05089EPSS
CVE
CVE
added 2017/05/23 3:56 a.m.515 views

CVE-2016-9842

CVE-2016-9842 concerns zlib 1.2.8 where the inflateMark function in inflate.c can trigger context-dependent behavior via left shifts of negative integers. Connected documents confirm the issue is embedded in zlib and was addressed by updates in downstream packages. Debian LTS (DLA-2085-1) fixes t...

8.8CVSS9.5AI score0.05161EPSS
CVE
CVE
added 2023/07/18 8:18 p.m.514 views

CVE-2023-22049

CVE-2023-22049 affects Oracle Java SE and related GraalVM variants (Libraries component; and others listed) with affected versions including Oracle Java SE 8u371/8u371-perf/11.0.19/17.0.7/20.0.1; Oracle GraalVM Enterprise Edition and GraalVM for JDK versions. Exploitation is described as difficul...

3.7CVSS4.7AI score0.01316EPSS
CVE
CVE
added 2024/04/16 9:26 p.m.513 views

CVE-2024-21011

CVE-2024-21011 affects Oracle Java SE platforms (Hotspot) and Oracle GraalVM for JDK/Enterprise Edition. Affected versions include Java SE: 8u401, 11.0.22, 17.0.10, 21.0.2, 22; GraalVM for JDK: 17.0.10, 21.0.2, 22; GraalVM EE: 20.3.13, 21.3.9. The vulnerability is exploitable over a network by un...

3.7CVSS3.2AI score0.01361EPSS
CVE
CVE
added 2023/04/18 7:54 p.m.508 views

CVE-2023-21939

CVE-2023-21939 affects Oracle Java SE and GraalVM Enterprise Edition Swing component across several versions (e.g., Java 8u361, 11.0.18, 17.0.6, 20; GraalVM EE 20.3.9/21.3.5/22.3.1). It is an easily exploitable, unauthenticated remote issue over HTTP that can lead to unauthorized update/insert/de...

5.3CVSS5.7AI score0.02474EPSS
Total number of security vulnerabilities787