Lucene search
K
OracleOpenjdk

98 matches found

CVE
CVE
added 2013/02/08 7:0 p.m.15987 views

CVE-2013-0169

The CVE-2013-0169 vulnerability is a timing-side‑channel flaw in CBC padding handling (Lucky Thirteen) that affects TLS/DTLS implementations such as OpenSSL, OpenJDK, and PolarSSL. Root cause: incorrect/insufficient consideration of timing during the MAC/padding check when processing malformed CB...

2.6CVSS6.8AI score0.35584EPSS
CVE
CVE
added 2022/07/19 12:0 a.m.1365 views

CVE-2022-21540

CVE-2022-21540 applies to Oracle Java SE (Hotspot) and Oracle GraalVM Enterprise Edition; affected versions include Oracle Java SE 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1 and GraalVM EE 20.3.6, 21.3.2, 22.1.0. The connected documents provide concrete details: the vulnerability can be exploite...

5.3CVSS5AI score0.0296EPSS
CVE
CVE
added 2022/07/19 12:0 a.m.1362 views

CVE-2022-21541

CVE-2022-21541 affects Oracle Java SE (Hotspot) and Oracle GraalVM Enterprise Edition. Affected Java SE versions include 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; GraalVM EE: 20.3.6, 21.3.2, 22.1.0. The vulnerability is described as difficult to exploit but allows an unauthenticated networked ...

5.9CVSS5.8AI score0.02062EPSS
CVE
CVE
added 2013/01/31 2:10 p.m.1106 views

CVE-2013-0431

CVE-2013-0431 is an Oracle Java sandbox bypass in the JRE/OpenJDK stack affecting Java SE 7 up to Update 11 and OpenJDK 7, exploitable by a user‑assisted remote attacker via JMX‑related vectors. The vulnerability allows bypassing sandbox restrictions and is discussed alongside CVE-2013-1490 (dist...

5.3CVSS8.3AI score0.89987EPSS
In wild
CVE
CVE
added 2021/04/22 9:53 p.m.871 views

CVE-2021-2163

CVE-2021-2163 applies to Oracle/OpenJDK libraries across Java SE, Java SE Embedded and GraalVM Enterprise Edition. Affected versions include Java SE 7u291, 8u281, 11.0.10, 16; Java SE Embedded 8u281; GraalVM EE 19.3.5, 20.3.1.2 and 21.0.0.2. The vulnerability is exploitable remotely over multiple...

5.3CVSS4.8AI score0.03566EPSS
CVE
CVE
added 2023/04/18 7:54 p.m.772 views

CVE-2023-21930

CVE-2023-21930 affects Oracle Java SE and GraalVM Enterprise Edition (JSSE component) on Java 8u361, 11.0.18, 17.0.6, 20 and GraalVM 20.3.9/21.3.5/22.3.1. An unauthenticated attacker with network access over TLS can compromise data confidentiality and integrity; exploitation is possible via TLS h...

7.4CVSS7.4AI score0.01295EPSS
CVE
CVE
added 2022/07/19 12:0 a.m.676 views

CVE-2022-34169

CVE-2022-34169 affects the Apache Xalan Java XSLT library. It describes an integer truncation vulnerability when processing malicious XSLT stylesheets, which can corrupt Java class files generated by the internal XSLTC compiler and allow execution of arbitrary Java bytecode. Public references in ...

7.5CVSS8.2AI score0.17673EPSS
Web
CVE
CVE
added 2021/05/14 7:50 p.m.618 views

CVE-2021-3537

Summary: CVE-2021-3537 affects libxml2 up to 2.9.11. In XML mixed content parsing, errors were not propagated, causing a NULL dereference when an untrusted document is parsed in recovery mode and post-validated, with availability as the highest impact. The connected documents confirm the vulnerab...

5.9CVSS7AI score0.03503EPSS
In wild
CVE
CVE
added 2021/05/19 1:45 p.m.613 views

CVE-2021-3517

CVE-2021-3517 is a libxml2 vulnerability affecting versions before 2.9.11. A flaw in the xml entity encoding functionality could allow processing of a crafted XML file to trigger an out‑of‑bounds read, with availability impact and potential confidentiality/integrity impact if memory information i...

8.6CVSS8.4AI score0.0828EPSS
CVE
CVE
added 2021/07/20 10:44 p.m.565 views

CVE-2021-2388

CVE-2021-2388 affects Java SE Hotspot and GraalVM Enterprise Edition across several versions (Java SE 8u291, 11.0.11, 16.0.1; GraalVM EE 20.3.2, 21.1.0) and is exploitable via network access with multistream protocols; attacks require user interaction. Multiple connected advisories confirm affect...

7.5CVSS5.8AI score0.04008EPSS
CVE
CVE
added 2023/04/18 7:54 p.m.550 views

CVE-2023-21967

CVE-2023-21967 affects Oracle Java SE and GraalVM Enterprise Edition (JSSE, Swing, Hotspot, Libraries) with multiple vulnerable versions including Java 8u361, 11.0.18, 17.0.6, 20 and GraalVM 20.3.9/21.3.5/22.3.1. Root cause is unresolved issues in the Java components allowing unauthenticated netw...

5.9CVSS6.3AI score0.01523EPSS
CVE
CVE
added 2023/04/18 7:54 p.m.546 views

CVE-2023-21937

CVE-2023-21937 is an in-scope vulnerability affecting Oracle Java SE / GraalVM Enterprise Edition (Networking, Swing, Libraries, Hotspot, JSSE, etc.) with 8u361, 11.0.18, 17.0.6, 20 and related GraalVM versions impacted. It involves NULL-character handling and related input validation issues that...

3.7CVSS4.7AI score0.01208EPSS
CVE
CVE
added 2023/04/18 7:54 p.m.529 views

CVE-2023-21954

CVE-2023-21954 (and related CVEs listed in the same advisory set) affects Oracle Java SE/OpenJDK/GraalVM Enterprise Edition components across multiple versions (e.g., 8u361, 11.0.18, 17.0.6, 20.x; Swing, Hotspot, JSSE, Libraries). The issue set comprises several distinct weaknesses (e.g., TLS han...

5.9CVSS6.1AI score0.01421EPSS
CVE
CVE
added 2023/04/18 7:54 p.m.508 views

CVE-2023-21939

CVE-2023-21939 affects Oracle Java SE and GraalVM Enterprise Edition Swing component across several versions (e.g., Java 8u361, 11.0.18, 17.0.6, 20; GraalVM EE 20.3.9/21.3.5/22.3.1). It is an easily exploitable, unauthenticated remote issue over HTTP that can lead to unauthorized update/insert/de...

5.3CVSS5.7AI score0.02474EPSS
CVE
CVE
added 2023/04/18 7:54 p.m.507 views

CVE-2023-21968

CVE-2023-21968 affects Oracle Java SE and GraalVM when using the Libraries component (and related entries list Swing/JSSE/Hotspot among affected subsystems) for multiple Java versions (e.g., 8u361, 11.0.18, 17.0.6, 20; GraalVM EE 20.3.9/21.3.5/22.3.1). The vulnerability is exploitable over the ne...

3.7CVSS4.7AI score0.01036EPSS
CVE
CVE
added 2021/07/20 10:43 p.m.504 views

CVE-2021-2341

CVE-2021-2341 affects Java SE and Oracle GraalVM Enterprise Edition (affected components: Networking, Library, Hotspot) with Java SE versions 7u301, 8u291, 11.0.11, 16.0.1 and GraalVM EE 20.3.2/21.1.0. The vulnerability can allow unauthorized read access via network access and requires human inte...

4.3CVSS3.8AI score0.04238EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.500 views

CVE-2020-14556

CVE-2020-14556 and related CVEs (e.g., 14577, 14578, 14579, 14581, 14583, 14593, 14621, 14664) pertain to Oracle Java SE/OpenJDK/OpenJDK-derived runtimes across multiple components (Libraries, JSSE, 2D, JAXP, JavaFX, etc.). The primary 2020 issue affects Java SE and Java SE Embedded on various ve...

5.8CVSS4.9AI score0.03022EPSS
CVE
CVE
added 2023/04/18 7:54 p.m.496 views

CVE-2023-21938

CVE-2023-21938 affects Oracle Java SE (Libraries, Swing, JSSE, Hotspot, JavaFX) and Oracle GraalVM Enterprise Edition across multiple components. Affected versions include Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4, 22.3.0. The vulner...

3.7CVSS4.7AI score0.01208EPSS
CVE
CVE
added 2022/04/19 8:38 p.m.470 views

CVE-2022-21476

CVE-2022-21476 affects Oracle Java SE and Oracle GraalVM Enterprise Edition. Vulnerable components include Libraries, JAXP, ImageIO, 2D, JNDI, and serialization-related paths, with exploitation achievable by unauthenticated network access and potentially leading to data confidentiality breach or ...

7.5CVSS7AI score0.04046EPSS
CVE
CVE
added 2021/07/20 12:0 a.m.442 views

CVE-2021-2369

CVE-2021-2369 affects Java SE libraries (and related GraalVM EE components) across multiple products. Affected versions include Java SE 7u301, 8u291, 11.0.11, 16.0.1 and GraalVM Enterprise Edition 20.3.2/21.1.0. The vulnerability permits unauthenticated network access to compromise Java SE or Gra...

4.3CVSS4.3AI score0.03444EPSS
CVE
CVE
added 2021/04/22 9:53 p.m.441 views

CVE-2021-2161

CVE-2021-2161 affects Oracle Java SE family (Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition) in the Libraries component. The issue arises from how untrusted code is loaded/run and data from untrusted APIs, enabling a network-accessible attacker to perform unauthenticated actions and...

5.9CVSS5.3AI score0.03125EPSS
CVE
CVE
added 2021/10/20 10:49 a.m.437 views

CVE-2021-35550

CVE-2021-35550 is a network-authenticated TLS vulnerability in the JSSE component of Oracle Java SE and Oracle GraalVM Enterprise Edition, affecting Java SE 7u311, 8u301, 11.0.12 and GraalVM EE 20.3.3/21.2.0. Exploitation is possible over TLS with unauthenticated access and can lead to confidenti...

7.1CVSS5.8AI score0.06868EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.436 views

CVE-2020-14621

CVE-2020-14621 details (connected data) : The vulnerability concerns Oracle Java SE/OpenJDK JAXP in Java SE/Embedded. Affected versions include Java SE: 7u261, 8u251, 11.0.7, 14.0.1; Java SE Embedded: 8u251. The issue is described as an easily exploitable flaw in the JAXP component that allows an...

5.3CVSS5.2AI score0.04315EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.429 views

CVE-2020-14577

CVE-2020-14577 is a TLS/JSSE-related issue in Oracle Java SE and Java SE Embedded (affecting Java 7u261, 8u251, 11.0.7 and 14.0.1; Embedded 8u251) enabling unauthenticated network access to read some data. Connected advisories show vendor-specific mitigations: for example, Amazon Linux ALAS advis...

4.3CVSS4.4AI score0.03284EPSS
CVE
CVE
added 2024/01/16 9:41 p.m.429 views

CVE-2024-20952

CVE-2024-20952 affects Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition (Security component). Affected Oracle Java SE versions: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; GraalVM for JDK: 17.0.9, 21.0.1; GraalVM Enterprise Edition: 20.3.12, 21.3.8, 22.3.4. The initia...

7.4CVSS7.1AI score0.00918EPSS
CVE
CVE
added 2020/10/21 2:4 p.m.426 views

CVE-2020-14798

CVE-2020-14798 is a vulnerability in Oracle Java SE Libraries affecting Java SE versions 7u271, 8u261, 11.0.8 and 15, and Java SE Embedded 8u261. Exploitation is possible over network with multiple protocols and does not require authentication, but requires user interaction. Impact described as p...

3.1CVSS3.4AI score0.02684EPSS
CVE
CVE
added 2020/01/15 4:34 p.m.424 views

CVE-2020-2654

CVE-2020-2654 affects Oracle Java SE Libraries in Java SE 7u241, 8u231, 11.0.5 and 13.0.1 (Java SE and Java SE Embedded) with the issue described as an unauthenticated network-access vulnerability that can cause a partial denial of service. The root cause is tied to the Libraries component (with ...

4.3CVSS4.5AI score0.03823EPSS
CVE
CVE
added 2020/10/21 2:4 p.m.423 views

CVE-2020-14781

CVE-2020-14781 affects Oracle Java SE/SE Embedded (JNDI) with affected versions including Java SE 7u271, 8u261, 11.0.8, 15 and Java SE Embedded 8u261. The vulnerability allows an unauthenticated attacker with network access via multiple protocols to read a subset of Java SE/SE Embedded data. The ...

4.3CVSS3.5AI score0.02296EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.420 views

CVE-2020-14581

CVE-2020-14581 affects Oracle Java SE/Java SE Embedded (component: 2D) with affected versions Java SE: 8u251, 11.0.7, 14.0.1 and Java SE Embedded: 8u251. The CVE is listed with a low overall base score (CVSS 3.1: 3.7) and confidentiality impact (C:L) and no impact on integrity/availability (I:N/A...

4.3CVSS4AI score0.03284EPSS
CVE
CVE
added 2020/10/21 2:4 p.m.417 views

CVE-2020-14803

CVE-2020-14803 affects Oracle Java SE Libraries in Java SE 11.0.8 and 15. The vulnerability allows an unauthenticated attacker over network to read a subset of Java SE data due to an issue in Libraries handling, per the CVSS base score 5.3 (CONF). Affected advisories across platforms corroborate ...

5.3CVSS4.4AI score0.03122EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.414 views

CVE-2020-2803

CVE-2020-2803 affects OpenJDK (Libraries component, Java SE/OpenJDK). The connected document confirms a vulnerability in boundary checks of java.nio buffer classes that allows an untrusted Java applet/application to bypass Java sandbox restrictions. Affected versions align with the original descr...

8.3CVSS8.2AI score0.0623EPSS
CVE
CVE
added 2020/01/15 4:34 p.m.413 views

CVE-2020-2590

CVE-2020-2590 is an OpenJDK/Oracle Java SE vulnerability in the Security component (Kerberos interop) affecting Java SE and Java SE Embedded across multiple versions. Public descriptions indicate unauthenticated remote access via network and potential unauthorized data updates/deletes; CVSS 3.0 b...

4.3CVSS4.4AI score0.03085EPSS
CVE
CVE
added 2020/10/21 2:4 p.m.412 views

CVE-2020-14779

CVE-2020-14779 affects Oracle Java SE SE/Embedded with Serialization and can enable an unauthenticated network-based attacker to cause partial denial of service. Affected versions include Java SE 7u271, 8u261, 11.0.8, 15 and Java SE Embedded 8u261; attack surface covers client and server deployme...

4.3CVSS3.7AI score0.03713EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.408 views

CVE-2020-2754

CVE-2020-2754 affects Oracle Java SE/Embedded (Scripting) with affected versions Java SE 8u241, 11.0.6 and 14; Java SE Embedded 8u241. Root cause: a parsing/validation weakness in the Scripting component allows an unauthenticated, network-based attacker to cause a partial Denial of Service on Jav...

4.3CVSS4.2AI score0.04128EPSS
CVE
CVE
added 2021/10/20 10:50 a.m.407 views

CVE-2021-35561

CVE-2021-35561 affects Oracle Java SE/GraalVM Enterprise Edition across multiple components (e.g., Utility, Swing, ImageIO, Keytool, JSSE) with affected Java SE versions 7u311, 8u301, 11.0.12, 17 and GraalVM EE 20.3.3/21.2.0. The vulnerability allows unauthenticated network access to cause partia...

5.3CVSS5.1AI score0.06468EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.405 views

CVE-2020-2757

CVE-2020-2757 affects Oracle Java SE/SE Embedded (Serialization). Vulnerable: Java SE: 7u251, 8u241, 11.0.6, 14; SE Embedded: 8u241. Impact: unauthenticated network access leading to partial DoS on Java SE/SE Embedded. Root cause: serialization-related handling in the affected component; sandboxe...

4.3CVSS4.2AI score0.04211EPSS
CVE
CVE
added 2021/10/20 10:50 a.m.404 views

CVE-2021-35603

CVE-2021-35603 is a TLS-related vulnerability in the JSSE component of Java SE and GraalVM Enterprise Edition. Affected: Java SE 7u311, 8u301, 11.0.12, 17; GraalVM EE 20.3.3 and 21.2.0. Description indicates an unauthenticated network attacker could read data from vulnerable Java deployments (e.g...

4.3CVSS4.2AI score0.04104EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.403 views

CVE-2020-2800

CVE-2020-2800 affects Oracle Java SE/Java SE Embedded, specifically the Lightweight HTTP Server component. Affected versions include Java SE 7u251, 8u241, 11.0.6, 14 and Java SE Embedded 8u241. The vulnerability can be exploited over a network with unauthenticated access via multiple protocols, p...

5.8CVSS4.9AI score0.02879EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.403 views

CVE-2020-2830

CVE-2020-2830 affects Oracle Java SE/Java SE Embedded (Concurrency component) with Java SE versions 7u251, 8u241, 11.0.6 and 14; Java SE Embedded 8u241. The vulnerability allows unauthenticated network-based exploitation via multiple protocols, potentially enabling partial denial of service on Ja...

5.3CVSS5AI score0.04948EPSS
CVE
CVE
added 2021/10/20 10:50 a.m.402 views

CVE-2021-35578

CVE-2021-35578 affects Java SE (JSSE) and Oracle GraalVM Enterprise Edition; vulnerable are Java SE 8u301, 11.0.12, 17 and GraalVM EE 20.3.3/21.2.0. Attack requires network access via TLS to targeted APIs, with unauthenticated access and no user interaction, potentially enabling a partial denial ...

5.3CVSS5.1AI score0.06218EPSS
CVE
CVE
added 2021/10/20 10:50 a.m.402 views

CVE-2021-35588

CVE-2021-35588 is a vulnerability in Oracle Java SE and GraalVM Enterprise Edition (Hotspot component) affecting Java SE 7u311 and 8u301 and GraalVM Enterprise Edition 20.3.3/21.2.0. The issue allows an unauthenticated, network-accessible attacker to exploit multiple protocols after user interact...

3.1CVSS4.2AI score0.03599EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.400 views

CVE-2020-2773

CVE-2020-2773 is a vulnerability in Oracle Java SE and Java SE Embedded (component: Security) that can be exploited remotely by unauthenticated attackers to cause a partial denial of service on affected Java runtimes. Affected versions include Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedde...

4.3CVSS4.2AI score0.03625EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.396 views

CVE-2020-14593

CVE-2020-14593 is a vulnerability in the 2D component of Oracle Java SE/SE Embedded. Affected: Java SE 7u261, 8u251, 11.0.7, 14.0.1; Java SE Embedded 8u251. Vulnerability type is unspecified in the provided sources, but exploitation is described as unauthenticated with network access via multiple...

7.4CVSS7.1AI score0.03864EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.394 views

CVE-2020-14583

CVE-2020-14583 affects Oracle Java SE/Java SE Embedded (Libraries component). Affected: Java SE 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded 8u251. Exploitation requires network access with user interaction and can lead to takeover of Java SE/Embedded with high impact on confidentiality, int...

8.3CVSS8.2AI score0.04029EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.390 views

CVE-2020-2781

CVE-2020-2781 concerns Oracle/OpenJDK Java SE JSSE vulnerability that allows unauthenticated network access to degrade availability in Java SE and Java SE Embedded (client/server deployment). The Chainguard data confirms affected OpenJDK JSSE components and versions, aligning with the CVE descrip...

5.3CVSS5.3AI score0.04948EPSS
CVE
CVE
added 2020/10/21 2:4 p.m.389 views

CVE-2020-14796

CVE-2020-14796 affects the Libraries component in Oracle Java SE/Java SE Embedded across multiple OpenJDK builds (e.g., Java-7u271? Java-8u261? Java-11.0.8? Java-15; Embedded 8u261). The vulnerability can be exploited by an unauthenticated attacker over network protocols, but exploitation require...

3.1CVSS3.2AI score0.02463EPSS
CVE
CVE
added 2021/10/20 10:50 a.m.389 views

CVE-2021-35567

CVE-2021-35567 affects Oracle Java SE and GraalVM Enterprise Edition libraries; root cause is incorrect principal selection when Kerberos Constrained Delegation is used. Affected: Java SE 8u301, 11.0.12, 17 and GraalVM EE 20.3.3/21.2.0 (Libraries component). Impact includes potential unauthorized...

6.8CVSS6.6AI score0.027EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.387 views

CVE-2020-2756

CVE-2020-2756 affects Oracle Java SE/Java SE Embedded (component: Serialization). Affected: Java SE 7u251, 8u241, 11.0.6, 14; Java SE Embedded 8u241. An unauthenticated, network-exposed attacker can exploit to cause a partial Denial of Service. Connected advisories show remediation via updating t...

4.3CVSS4.2AI score0.04211EPSS
CVE
CVE
added 2020/01/15 4:34 p.m.386 views

CVE-2020-2583

CVE-2020-2583 affects OpenJDK/OpenJDK-derived packages across multiple vendors and OSes, with the Serialization component (and related areas) being impacted. Public advisories in Debian (DLA-2128-1) and CentOS/Red Hat family outline affected versions such as Java 7u241/8u231/11.0.5/13.0.1 (and em...

4.3CVSS4.3AI score0.0404EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.385 views

CVE-2020-14579

CVE-2020-14579 affects Oracle Java SE/Embedded (Libraries component) with affected Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. The connected advisories confirm network-remote, unauthenticated access leading to a partial denial of service via multiple protocols, per CVSS 3.1 Base Score 3.7 ...

4.3CVSS4.3AI score0.04044EPSS
Total number of security vulnerabilities98