CVE Daily
← All tags

Tag: OpenJDK builds from Oracle

All CVEs associated with "OpenJDK builds from Oracle". Page 1/2 • 134 CVEs.

About “OpenJDK builds from Oracle”

A curated feed of “OpenJDK builds from Oracle”-related CVEs appears below. We currently track 134 CVEs for this tag (all time). In the last 365 days, 0 were published. Average CVSS is 7.2 (all time), and 57% are rated High/Critical (all time). Top CWEs (all time): CWE-59 - Improper Link Resolution Before File Access ('Link Following'), CWE-264 - CWE-264, CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor.

In our taxonomy this topic maps to a MODERATE impact class. JDK and JVM updates affect TLS, serialization, and performance. Upgrade JDK or JRE, restart dependents, avoid unsupported builds, and consider key or cert rotation if needed. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: openjdk-builds-from-oracle

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

CycleReleaseLatestEOLLTS
2626 Soon
2525 Expired
2424 Expired
2323.0.2 Expired
2222.0.2 Expired
2121.0.2 Expired
2020.0.2 Expired
1919.0.2 Expired
1818.0.2.1 Expired
1717.0.2 Expired
1616.0.2 Expired
1515.0.2 Expired
1414.0.2 Expired
1313.0.2 Expired
1212.0.2 Expired
1111.0.2 Expired
1010.0.2 Expired
99.0.4 Expired

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS  ·  RSS (expired)  ·  ICS

Subscribe CVEs: RSS for “OpenJDK builds from Oracle”  ·  RSS (High+Critical only)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2025-05-09
High

CVE-2025-4447

In Eclipse OpenJ9 versions up to 0.51, when used with OpenJDK version 8 a stack based buffer overflow can be caused by modifying a file on disk that is read when the JVM starts.

CVSS: 7.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
2023-11-08
High

CVE-2023-39913

Deserialization of Untrusted Data, Improper Input Validation vulnerability in Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK.This issue affects Apache UIMA Jav…

CVSS: 8.8 CWE: CWE-20 - Improper Input Validation View on NVD
2023-09-14
Medium

CVE-2023-42503

Improper Input Validation, Uncontrolled Resource Consumption vulnerability in Apache Commons Compress in TAR parsing.This issue affects Apache Commons Compress: from 1.22 before 1.24.0. Users are re…

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD
2022-07-19
High

CVE-2022-34169

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLT…

CVSS: 7.5 CWE: CWE-681 - Incorrect Conversion between Numeric Types View on NVD
2021-10-06
High

CVE-2021-20264

An insecure modification flaw in the /etc/passwd file was found in the openjdk-1.8 and openjdk-11 containers. This flaw allows an attacker with access to the container to modify the /etc/passwd and e…

CVSS: 7.8 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
2021-06-12
High

CVE-2021-32553

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to…

CVSS: 7.3 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2021-32552

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to…

CVSS: 7.3 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2021-32551

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-15 package apport hooks, it could expose private data to…

CVSS: 7.3 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2021-32550

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-14 package apport hooks, it could expose private data to…

CVSS: 7.3 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2021-32549

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-13 package apport hooks, it could expose private data to…

CVSS: 7.3 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2021-32548

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-8 package apport hooks, it could expose private data to…

CVSS: 7.3 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2021-32547

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-lts package apport hooks, it could expose private data t…

CVSS: 7.3 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2020-09-17
Medium

CVE-2020-14338

A flaw was found in Wildfly's implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the "use-grammar-pool-only" feature. This flaw a…

CVSS: 5.3 CWE: CWE-20 - Improper Input Validation View on NVD
2019-12-26
High

CVE-2012-4420

An information disclosure flaw was found in the way the Java Virtual Machine (JVM) implementation of Java SE 7 as provided by OpenJDK 7 incorrectly initialized integer arrays after memory allocation…

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2019-01-31
Critical

CVE-2018-12548

In OpenJDK + Eclipse OpenJ9 version 0.11.0 builds, the public jdk.crypto.jniprovider.NativeCrypto class contains public static natives which accept pointer values that are dereferenced in the native…

CVSS: 9.8 CWE: CWE-822 - Untrusted Pointer Dereference View on NVD
2018-09-04
Medium

CVE-2018-14627

The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not honour configuration when SSL transport is required. Servers before this version that are configured with the following setting al…

CVSS: 5.3 CWE: CWE-319 - Cleartext Transmission of Sensitive Information View on NVD
2017-12-29
Medium

CVE-2013-4578

jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper fi…

CVSS: 5.3 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
2017-04-24
High

CVE-2017-1000357

Denial of Service attack when the switch rejects to receive packets from the controller. Component: This vulnerability affects OpenDaylight odl-l2switch-switch, which is the feature responsible for t…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2015-11-09
Critical

CVE-2014-8873

A .desktop file in the Debian openjdk-7 package 7u79-2.5.5-1~deb8u1 includes a MIME type registration that is added to /etc/mailcap by mime-support, which allows remote attackers to execute arbitrary…

CVSS: 10.0 CWE: CWE-20 - Improper Input Validation View on NVD
2014-07-17
Critical

CVE-2014-2483

Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u60 and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors rela…

CVSS: 9.3 CWE: N/A View on NVD
2014-05-14
Critical

CVE-2014-2405

Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and attack vectors, a different vulnerability than CVE-2014-0462.

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2014-0462

Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and attack vectors, a different vulnerability than CVE-2014-2405.

CVSS: 10.0 CWE: N/A View on NVD
2014-02-10
Medium

CVE-2014-1876

The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not secu…

CVSS: 4.4 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2014-01-21
Medium

CVE-2013-4160

Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to (1) c…

CVSS: 5.0 CWE: N/A View on NVD
2014-01-15
Medium

CVE-2013-5884

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality via vectors related to CORBA. NOTE: the pre…

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2013-5878

Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors rela…

CVSS: 7.5 CWE: N/A View on NVD
Critical

CVE-2014-0428

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors rel…

CVSS: 10.0 CWE: N/A View on NVD
Medium

CVE-2014-0423

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote authenticated users to affect confidentiality and a…

CVSS: 5.5 CWE: N/A View on NVD
Critical

CVE-2014-0422

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors rel…

CVSS: 10.0 CWE: N/A View on NVD
Medium

CVE-2014-0416

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAAS. NOTE: the previous i…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2014-0411

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality and integrity v…

CVSS: 4.0 CWE: N/A View on NVD
Medium

CVE-2014-0376

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAXP. NOTE: the previous i…

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2014-0373

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Servic…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2013-5910

Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Security. NOTE: the previou…

CVSS: 5.0 CWE: N/A View on NVD
Critical

CVE-2013-5907

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and…

CVSS: 10.0 CWE: N/A View on NVD
Medium

CVE-2013-5896

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect availability via vectors related to CORBA. NOTE: the previo…

CVSS: 5.0 CWE: N/A View on NVD
Critical

CVE-2013-5893

Unspecified vulnerability in Oracle Java SE 7u45 and Java SE Embedded 7u45, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related t…

CVSS: 9.3 CWE: N/A View on NVD
2013-06-18
Critical

CVE-2013-2473

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remo…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2013-2472

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remo…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2013-2471

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remo…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2013-2470

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remo…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2013-2469

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remo…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2013-2465

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remo…

CVSS: 9.8 CWE: CWE-693 - Protection Mechanism Failure View on NVD
Critical

CVE-2013-2463

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remo…

CVSS: 10.0 CWE: N/A View on NVD
High

CVE-2013-2461

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middlewa…

CVSS: 7.5 CWE: N/A View on NVD
Critical

CVE-2013-2460

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and a…

CVSS: 9.3 CWE: N/A View on NVD
Critical

CVE-2013-2459

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remo…

CVSS: 10.0 CWE: N/A View on NVD
Medium

CVE-2013-2458

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via…

CVSS: 5.8 CWE: N/A View on NVD
Medium

CVE-2013-2457

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remo…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2013-2456

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remo…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2013-2455

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remo…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2013-2454

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remo…

CVSS: 5.8 CWE: N/A View on NVD
Medium

CVE-2013-2452

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remo…

CVSS: 5.0 CWE: N/A View on NVD
Low

CVE-2013-2451

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidenti…

CVSS: 3.7 CWE: N/A View on NVD
Medium

CVE-2013-2450

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remo…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2013-2449

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vecto…

CVSS: 4.3 CWE: N/A View on NVD
High

CVE-2013-2448

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remo…

CVSS: 7.6 CWE: N/A View on NVD
Medium

CVE-2013-2447

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remo…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2013-2446

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remo…

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2013-2445

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remo…

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2013-2444

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier;…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2013-2443

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remo…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2013-2412

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confi…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2013-2407

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confi…

CVSS: 6.4 CWE: N/A View on NVD
Medium

CVE-2013-1571

Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows r…

CVSS: 4.3 CWE: N/A View on NVD
Low

CVE-2013-1500

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows loca…

CVSS: 3.6 CWE: N/A View on NVD
2013-04-17
Critical

CVE-2013-2436

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and a…

CVSS: 9.3 CWE: N/A View on NVD
Critical

CVE-2013-2431

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity,…

CVSS: 10.0 CWE: N/A View on NVD
High

CVE-2013-2430

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; JavaFX 2.2.7 and earlier;…

CVSS: 7.6 CWE: N/A View on NVD
High

CVE-2013-2429

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allow…

CVSS: 7.6 CWE: N/A View on NVD
Critical

CVE-2013-2426

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity,…

CVSS: 9.3 CWE: N/A View on NVD
Medium

CVE-2013-2424

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allow…

CVSS: 5.0 CWE: N/A View on NVD
Low

CVE-2013-2423

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors rel…

CVSS: 3.7 CWE: CWE-284 - Improper Access Control View on NVD
Critical

CVE-2013-2422

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2013-2421

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity,…

CVSS: 9.3 CWE: N/A View on NVD
Critical

CVE-2013-2420

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allow…

CVSS: 10.0 CWE: N/A View on NVD
Medium

CVE-2013-2419

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allow…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2013-2417

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allow…

CVSS: 5.0 CWE: N/A View on NVD
Low

CVE-2013-2415

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows local users to affect confidentiality via vectors rela…

CVSS: 2.1 CWE: N/A View on NVD
Critical

CVE-2013-2384

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allow…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2013-2383

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allow…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2013-1569

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allow…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2013-1557

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allow…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2013-1537

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allow…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2013-1518

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allow…

CVSS: 10.0 CWE: N/A View on NVD
2013-03-08
Critical

CVE-2013-1488

The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflec…

CVSS: 10.0 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Critical

CVE-2013-0401

The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to execute…

CVSS: 10.0 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2013-02-08
Low

CVE-2013-0169

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirem…

CVSS: 2.6 CWE: CWE-310 View on NVD
2013-02-02
Critical

CVE-2013-1480

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 an…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2013-1478

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 an…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2013-1476

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 an…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2013-1475

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 an…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2013-0450

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote att…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2013-0445

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote att…

CVSS: 10.0 CWE: N/A View on NVD
High

CVE-2013-0444

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and avail…

CVSS: 7.6 CWE: N/A View on NVD
Medium

CVE-2013-0443

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 an…

CVSS: 4.0 CWE: N/A View on NVD
Critical

CVE-2013-0442

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 an…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2013-0441

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 an…

CVSS: 10.0 CWE: N/A View on NVD
Medium

CVE-2013-0440

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, a…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2013-0435

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confide…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2013-0434

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 an…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2013-0433

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote att…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2013-0432

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 an…

CVSS: 6.4 CWE: N/A View on NVD
High

CVE-2013-0429

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote att…

CVSS: 7.6 CWE: N/A View on NVD
Critical

CVE-2013-0428

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 an…

CVSS: 10.0 CWE: N/A View on NVD
Medium

CVE-2013-0427

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote att…

CVSS: 5.0 CWE: N/A View on NVD
Critical

CVE-2013-0426

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 an…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2013-0425

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 an…

CVSS: 10.0 CWE: N/A View on NVD
Medium

CVE-2013-0424

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, a…

CVSS: 5.0 CWE: N/A View on NVD
2013-01-31
Medium

CVE-2013-0431

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandb…

CVSS: 5.3 CWE: CWE-693 - Protection Mechanism Failure View on NVD
2012-11-28
Medium

CVE-2012-5373

Oracle Java SE 7 and earlier, and OpenJDK 7 and earlier, computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers…

CVSS: 5.0 CWE: CWE-310 View on NVD
Medium

CVE-2012-2739

Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 and 8 before build 39, computes hash values without restricting the ability to trigger hash collisions predictably, which allows co…

CVSS: 5.0 CWE: CWE-310 View on NVD
2011-02-19
High

CVE-2011-0706

The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the…

CVSS: 7.5 CWE: CWE-264 View on NVD
2011-02-17
Medium

CVE-2010-4476

The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJD…

CVSS: 5.0 CWE: N/A View on NVD
2011-01-20
Medium

CVE-2010-4351

The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in…

CVSS: 6.8 CWE: CWE-264 View on NVD
2010-12-08
Medium

CVE-2010-3860

IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive infor…

CVSS: 5.0 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2009-11-09
Medium

CVE-2009-3884

The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handl…

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2009-3883

Multiple unspecified vulnerabilities in the Windows Pluggable Look and Feel (PL&F) feature in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have un…

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2009-3882

Multiple unspecified vulnerabilities in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "in…

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2009-3881

Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not prevent the existence of children of a resurrected ClassLoader, which allows remote attackers to gain privileges via uns…

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
CVE Daily Lookup — auto-links CVE IDs on any page you visit. GitHub, Jira, Confluence & more. Free.
Chrome Firefox