Jre Security Vulnerabilities and Issues — Jre CVE List

Lucene search

OracleJre

782 matches found

CVE•added 2014/04/16 12:55 a.m.•12572 views

CVE-2014-0429

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

10CVSS6.5AI score0.07383EPSS

CVE•added 2014/04/16 12:55 a.m.•12547 views

CVE-2014-0448

Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

7.6CVSS8.1AI score0.02019EPSS

CVE•added 2014/04/16 12:55 a.m.•12513 views

CVE-2014-0449

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via unknown vectors related to Deployment.

5CVSS5.3AI score0.00691EPSS

CVE•added 2014/07/17 11:17 a.m.•12452 views

CVE-2014-4263

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to "Diffie-Hellman key agreement."

4CVSS3.6AI score0.06523EPSS

CVE•added 2014/04/16 12:55 a.m.•12321 views

CVE-2014-0446

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

7.5CVSS6.5AI score0.04367EPSS

CVE•added 2023/07/18 9:15 p.m.•2824 views

CVE-2023-22045

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22....

3.7CVSS4.4AI score0.00123EPSS

CVE•added 2023/07/18 9:15 p.m.•2748 views

CVE-2023-22044

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371-perf, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 21.3.6, 22.3.2; Oracle GraalVM for J...

3.7CVSS3.9AI score0.00156EPSS

CVE•added 2022/07/19 10:15 p.m.•1288 views

CVE-2022-21540

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitab...

5.3CVSS5AI score0.00441EPSS

CVE•added 2022/07/19 10:15 p.m.•1288 views

CVE-2022-21541

5.9CVSS5.8AI score0.00186EPSS

CVE•added 2012/08/28 12:55 a.m.•1242 views

CVE-2012-4681

Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findClass and leveraging a...

10CVSS7.6AI score0.9414EPSS

CVE•added 2011/10/19 9:55 p.m.•1209 views

CVE-2011-3544

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Script...

10CVSS8.5AI score0.93041EPSS

CVE•added 2012/06/07 10:55 p.m.•1186 views

CVE-2012-0507

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE:...

10CVSS9AI score0.93725EPSS

CVE•added 2012/06/16 9:55 p.m.•1155 views

CVE-2012-1723

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related t...

10CVSS8.4AI score0.94083EPSS

CVE•added 2013/06/18 10:55 p.m.•1149 views

CVE-2013-2465

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2...

10CVSS6.7AI score0.9356EPSS

CVE•added 2015/05/21 12:59 a.m.•1140 views

CVE-2015-4000

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then ...

4.3CVSS4.8AI score0.93905EPSS

CVE•added 2015/07/16 10:59 a.m.•1109 views

CVE-2015-2590

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732.

10CVSS4.2AI score0.76849EPSS

CVE•added 2013/04/17 6:55 p.m.•1104 views

CVE-2013-2423

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented...

4.3CVSS8AI score0.93226EPSS

CVE•added 2013/01/10 9:55 p.m.•1100 views

CVE-2013-0422

Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using t...

10CVSS8.2AI score0.9414EPSS

CVE•added 2012/10/16 9:55 p.m.•1090 views

CVE-2012-5076

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS.

10CVSS8.4AI score0.92498EPSS

CVE•added 2013/01/31 2:55 p.m.•1063 views

CVE-2013-0431

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1...

5.3CVSS8.3AI score0.91587EPSS

CVE•added 2022/07/19 10:15 p.m.•1061 views

CVE-2022-21549

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated a...

5.3CVSS5AI score0.00129EPSS

CVE•added 2010/04/01 4:30 p.m.•991 views

CVE-2010-0840

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from t...

9.8CVSS7.9AI score0.92554EPSS

CVE•added 2015/10/22 12:0 a.m.•935 views

CVE-2015-4902

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect integrity via unknown vectors related to Deployment.

5.3CVSS5.5AI score0.06707EPSS

CVE•added 2017/05/23 4:29 a.m.•886 views

CVE-2016-9843

The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.

9.8CVSS9.9AI score0.05001EPSS

CVE•added 2021/04/22 10:15 p.m.•774 views

CVE-2021-2163

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2....

5.3CVSS4.8AI score0.00109EPSS

CVE•added 2019/04/23 7:32 p.m.•737 views

CVE-2019-2684

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

5.9CVSS5.7AI score0.01174EPSS

CVE•added 2023/10/17 10:15 p.m.•712 views

CVE-2023-22081

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise ...

5.3CVSS5.2AI score0.00067EPSS

CVE•added 2023/10/17 10:15 p.m.•699 views

CVE-2023-22067

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: CORBA). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf; Oracle GraalVM Enterprise Edition: 20.3.11 and 21.3.7. Easily exploitable vulnerability allows unauthentic...

5.3CVSS4.8AI score0.00172EPSS

CVE•added 2016/04/21 11:0 a.m.•679 views

CVE-2016-3427

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.

10CVSS6.8AI score0.93626EPSS

CVE•added 2023/04/18 8:15 p.m.•663 views

CVE-2023-21930

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vul...

7.4CVSS7.4AI score0.00131EPSS

CVE•added 2023/09/21 7:15 p.m.•644 views

CVE-2023-41993

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

8.8CVSS8.8AI score0.08736EPSS

CVE•added 2023/01/18 12:15 a.m.•643 views

CVE-2023-21830

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf; Oracle GraalVM Enterprise Edition: 20.3.8 and 21.3.4. Easily exploitable vulnerability allows unau...

5.3CVSS4.8AI score0.00089EPSS

CVE•added 2023/10/17 10:15 p.m.•594 views

CVE-2023-22025

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u381-perf, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 21....

3.7CVSS3.7AI score0.0014EPSS

CVE•added 2022/07/19 6:15 p.m.•591 views

CVE-2022-34169

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or ...

7.5CVSS8.2AI score0.1168EPSS

CVE•added 2023/01/18 12:15 a.m.•587 views

CVE-2023-21843

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploi...

3.7CVSS4.2AI score0.00086EPSS

CVE•added 2019/09/09 5:15 p.m.•577 views

CVE-2019-16168

In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."

6.5CVSS7AI score0.00863EPSS

CVE•added 2024/01/16 10:15 p.m.•550 views

CVE-2024-20918

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM ...

7.4CVSS7.1AI score0.00255EPSS

CVE•added 2025/01/21 9:15 p.m.•543 views

CVE-2025-21502

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM for JDK: 17.0.13, 21.0.5, 23.0.1; Orac...

4.8CVSS4.1AI score0.00019EPSS

CVE•added 2017/05/23 4:29 a.m.•529 views

CVE-2016-9841

inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

9.8CVSS9.9AI score0.11868EPSS

CVE•added 2019/04/23 7:32 p.m.•500 views

CVE-2019-2602

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via mult...

7.5CVSS6.8AI score0.00103EPSS

CVE•added 2013/02/02 12:55 a.m.•493 views

CVE-2013-0424

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to RMI. NOTE: the previous informatio...

5CVSS8AI score0.0131EPSS

CVE•added 2021/07/21 3:15 p.m.•473 views

CVE-2021-2388

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated a...

7.5CVSS5.8AI score0.0082EPSS

CVE•added 2023/01/18 12:15 a.m.•472 views

CVE-2023-21835

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows...

5.3CVSS5AI score0.00041EPSS

CVE•added 2023/04/18 8:15 p.m.•471 views

CVE-2023-21967

5.9CVSS6.3AI score0.00076EPSS

CVE•added 2023/04/18 8:15 p.m.•457 views

CVE-2023-21937

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to explo...

3.7CVSS4.7AI score0.00095EPSS

CVE•added 2019/04/23 7:32 p.m.•450 views

CVE-2019-2698

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of ...

8.1CVSS7.7AI score0.03101EPSS

CVE•added 2022/04/19 9:15 p.m.•438 views

CVE-2022-21426

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerab...

5.3CVSS5.3AI score0.00055EPSS

CVE•added 2017/05/23 4:29 a.m.•435 views

CVE-2016-9840

inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

8.8CVSS9.6AI score0.0726EPSS

CVE•added 2023/04/18 8:15 p.m.•434 views

CVE-2023-21954

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vuln...

5.9CVSS6.1AI score0.00053EPSS

CVE•added 2023/04/18 8:15 p.m.•428 views

CVE-2023-21939

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vuln...

5.3CVSS5.7AI score0.0149EPSS

Total number of security vulnerabilities782