CVE Daily
← All tags

Tag: Oracle JDK

All CVEs associated with "Oracle JDK". Page 33/43 • 5132 CVEs.

Subscribe CVEs: RSS for “Oracle JDK”  ·  RSS (High+Critical only)

About “Oracle JDK”

A curated feed of “Oracle JDK”-related CVEs appears below. We currently track 5132 CVEs for this tag (all time). In the last 365 days, 782 were published. Average CVSS is 6.7 (all time; 6.3 over 365d), and 48% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal').

In our taxonomy this topic maps to a MODERATE impact class. JDK and JVM updates affect TLS, serialization, and performance. Upgrade JDK or JRE, restart dependents, avoid unsupported builds, and consider key or cert rotation if needed. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2014-10-15
Critical

CVE-2014-6560

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrit…

CVSS: 9.0 CWE: N/A View on NVD
Low

CVE-2014-6558

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vector…

CVSS: 2.6 CWE: N/A View on NVD
Critical

CVE-2014-6545

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrit…

CVSS: 9.0 CWE: N/A View on NVD
Medium

CVE-2014-6538

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unkno…

CVSS: 4.0 CWE: N/A View on NVD
Medium

CVE-2014-6537

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrit…

CVSS: 6.5 CWE: N/A View on NVD
Critical

CVE-2014-6532

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different…

CVSS: 9.3 CWE: N/A View on NVD
Medium

CVE-2014-6531

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries.

CVSS: 4.3 CWE: N/A View on NVD
Low

CVE-2014-6527

Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6476.

CVSS: 2.6 CWE: N/A View on NVD
Medium

CVE-2014-6519

Unspecified vulnerability in Oracle Java SE 7u67 and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Hotspot.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2014-6517

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and Jrockit R27.8.3 and R28.3.3 allows remote attackers to affect confidentiality via vectors related to JAXP.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2014-6515

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment.

CVSS: 5.0 CWE: N/A View on NVD
Critical

CVE-2014-6513

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.

CVSS: 10.0 CWE: N/A View on NVD
Medium

CVE-2014-6512

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors relate…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2014-6511

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2014-6506

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2014-6504

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, and 7u67, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Hotspot.

CVSS: 5.0 CWE: N/A View on NVD
Critical

CVE-2014-6503

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different…

CVSS: 9.3 CWE: N/A View on NVD
Low

CVE-2014-6502

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries.

CVSS: 2.6 CWE: N/A View on NVD
High

CVE-2014-6493

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different…

CVSS: 7.6 CWE: N/A View on NVD
High

CVE-2014-6492

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related t…

CVSS: 7.6 CWE: N/A View on NVD
Critical

CVE-2014-6485

Unspecified vulnerability in Oracle Java SE 8u20 and JavaFX 2.2.65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

CVSS: 9.3 CWE: N/A View on NVD
Medium

CVE-2014-6476

Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6527.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2014-6468

Unspecified vulnerability in Oracle Java SE 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

CVSS: 6.8 CWE: N/A View on NVD
Critical

CVE-2014-6467

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrit…

CVSS: 9.0 CWE: N/A View on NVD
Medium

CVE-2014-6466

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allows local users to affect confidentiality, integrity, and availability via unknown vectors rela…

CVSS: 6.9 CWE: N/A View on NVD
Medium

CVE-2014-6458

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

CVSS: 6.9 CWE: N/A View on NVD
Medium

CVE-2014-6457

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via v…

CVSS: 4.0 CWE: N/A View on NVD
Critical

CVE-2014-6456

Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

CVSS: 9.3 CWE: N/A View on NVD
Critical

CVE-2014-6453

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrit…

CVSS: 9.0 CWE: N/A View on NVD
Medium

CVE-2014-4295

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unkno…

CVSS: 4.0 CWE: N/A View on NVD
Medium

CVE-2014-4294

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unkno…

CVSS: 4.0 CWE: N/A View on NVD
High

CVE-2014-4288

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different…

CVSS: 7.6 CWE: N/A View on NVD
2014-10-08
Medium

CVE-2014-7296

The default configuration in the accessibility engine in SpagoBI 5.0.0 does not set FEATURE_SECURE_PROCESSING, which allows remote authenticated users to execute arbitrary Java code via a crafted XSL…

CVSS: 6.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2014-09-30
Medium

CVE-2014-3558

ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (…

CVSS: 5.0 CWE: CWE-264 View on NVD
2014-09-22
Medium

CVE-2014-3595

Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web s…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2014-09-12
Medium

CVE-2013-4444

Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execut…

CVSS: 6.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2014-09-04
Medium

CVE-2012-6153

http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltNa…

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
2014-08-31
Medium

CVE-2013-2599

A certain Qualcomm Innovation Center (QuIC) patch to the NativeDaemonConnector class in services/java/com/android/server/NativeDaemonConnector.java in Code Aurora Forum (CAF) releases of Android 4.1.…

CVSS: 5.0 CWE: N/A View on NVD
2014-08-22
Medium

CVE-2014-3089

The RDS Java Client library in IBM Rational Directory Server (RDS) 5.1.1.x before 5.1.1.2 iFix004 and 5.2.x before 5.2.1 iFix003, and Rational Directory Administrator (RDA) 6.0 before iFix002, includ…

CVSS: 4.9 CWE: CWE-310 View on NVD
2014-08-21
Medium

CVE-2014-5385

com/salesmanager/central/profile/ProfileAction.java in Shopizer 1.1.5 and earlier does not restrict the number of authentication attempts, which makes it easier for remote attackers to guess password…

CVSS: 5.0 CWE: CWE-287 - Improper Authentication View on NVD
2014-08-17
Low

CVE-2014-0876

Buffer overflow in the Java GUI Configuration Wizard and Preferences Editor in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.2.5.2, 6.3.x before 6.3.2, and 6.4.x…

CVSS: 2.1 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2014-08-12
High

CVE-2014-3086

Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service Refresh 7 FP1 and other products, allows remote attackers to gain privileges by leveragi…

CVSS: 7.5 CWE: N/A View on NVD
2014-07-28
High

CVE-2014-3120

The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search.…

CVSS: 8.1 CWE: CWE-284 - Improper Access Control View on NVD
2014-07-17
Medium

CVE-2014-4268

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Swing.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2014-4266

Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Serviceability.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2014-4265

Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2014-4264

Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect availability via unknown vectors related to Security.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2014-4263

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related t…

CVSS: 4.0 CWE: N/A View on NVD
Critical

CVE-2014-4262

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

CVSS: 9.3 CWE: N/A View on NVD
Medium

CVE-2014-4252

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Security.

CVSS: 5.0 CWE: N/A View on NVD
Critical

CVE-2014-4247

Unspecified vulnerability in Oracle Java SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX.

CVSS: 9.3 CWE: N/A View on NVD
Medium

CVE-2014-4244

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors r…

CVSS: 4.0 CWE: N/A View on NVD
Critical

CVE-2014-4227

Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2014-4223

Unspecified vulnerability in Oracle Java SE 7u60 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability tha…

CVSS: 9.3 CWE: N/A View on NVD
Medium

CVE-2014-4221

Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Libraries.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2014-4220

Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4208.

CVSS: 5.0 CWE: N/A View on NVD
Critical

CVE-2014-4219

Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

CVSS: 9.3 CWE: N/A View on NVD
Medium

CVE-2014-4218

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Libraries.

CVSS: 5.0 CWE: N/A View on NVD
Critical

CVE-2014-4216

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

CVSS: 9.3 CWE: N/A View on NVD
Medium

CVE-2014-4209

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality and integrity via vectors related to JMX.

CVSS: 6.4 CWE: N/A View on NVD
Low

CVE-2014-4208

Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than…

CVSS: 2.6 CWE: N/A View on NVD
Critical

CVE-2014-2490

Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hots…

CVSS: 9.3 CWE: N/A View on NVD
Critical

CVE-2014-2483

Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u60 and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors rela…

CVSS: 9.3 CWE: N/A View on NVD
2014-06-19
Critical

CVE-2014-2609

The Java Glassfish Admin Console in HP Executive Scorecard 9.40 and 9.41 does not require authentication, which allows remote attackers to execute arbitrary code via a session on TCP port 10001, aka…

CVSS: 10.0 CWE: CWE-287 - Improper Authentication View on NVD
2014-06-17
Medium

CVE-2014-4193

The TLS implementation in EMC RSA BSAFE-Java Toolkits (aka Share for Java) supports the Extended Random extension during use of the Dual_EC_DRBG algorithm, which makes it easier for remote attackers…

CVSS: 5.0 CWE: CWE-310 View on NVD
2014-06-10
Medium

CVE-2014-3287

SQL injection vulnerability in BulkViewFileContentsAction.java in the Java interface in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to execute arbitrary SQL co…

CVSS: 4.0 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2014-05-31
Medium

CVE-2014-0099

Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers t…

CVSS: 4.3 CWE: CWE-189 View on NVD
Medium

CVE-2014-0096

java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which…

CVSS: 4.3 CWE: CWE-264 View on NVD
Medium

CVE-2014-0095

java/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat 8.x before 8.0.4 allows remote attackers to cause a denial of service (thread consumption) by using a "Content-Length: 0" AJP req…

CVSS: 5.0 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2014-0075

Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remot…

CVSS: 5.0 CWE: CWE-189 View on NVD
2014-05-30
High

CVE-2014-3780

Unspecified vulnerability in Citrix VDI-In-A-Box 5.3.x before 5.3.8 and 5.4.x before 5.4.4 allows remote attackers to bypass authentication via unspecified vectors, related to a Java servlet.

CVSS: 7.5 CWE: CWE-287 - Improper Authentication View on NVD
2014-05-26
Medium

CVE-2014-0878

The IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK Java Technology Edition 5.0 before Service Refresh 16 FP6, 6 before Service Refresh 16, 6.0.1 before…

CVSS: 5.8 CWE: CWE-310 View on NVD
2014-05-14
Medium

CVE-2011-2514

The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victim…

CVSS: 6.8 CWE: CWE-264 View on NVD
Medium

CVE-2011-2513

The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the u…

CVSS: 5.0 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2014-05-01
Critical

CVE-2014-2881

Unspecified vulnerability in the Diffie-Hellman key agreement implementation in the management GUI Java applet in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 9…

CVSS: 10.0 CWE: N/A View on NVD
2014-04-30
Medium

CVE-2014-3133

SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to…

CVSS: 5.0 CWE: CWE-264 View on NVD
Medium

CVE-2014-3129

The Java Server Pages in the Software Lifecycle Manager (SLM) in SAP NetWeaver allows remote attackers to obtain sensitive information via a crafted request, related to SAP Solution Manager 7.1.

CVSS: 5.0 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2014-04-29
Medium

CVE-2013-7372

The engineNextBytes function in classlib/modules/security/src/main/java/common/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java in the SecureRandom implementation in Apache…

CVSS: 5.0 CWE: CWE-310 View on NVD
2014-04-22
Medium

CVE-2013-6469

JBoss Overlord Run Time Governance (RTGov) 1.0 for JBossAS allows remote authenticated users to execute arbitrary Java code via an MVFLEX Expression Language (MVEL) expression. NOTE: some of these d…

CVSS: 6.5 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2014-04-17
Medium

CVE-2014-0111

Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote administrators to execute arbitrary Java code via vectors related to Apache Commons JEXL expressions, "derived schema definition…

CVSS: 6.5 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2014-04-16
High

CVE-2014-2428

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to…

CVSS: 7.6 CWE: N/A View on NVD
High

CVE-2014-2427

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors re…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2014-2423

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS,…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2014-2422

Unspecified vulnerability in Oracle Java SE 7u51 and 8, and JavaFX 2.2.51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

CVSS: 6.8 CWE: N/A View on NVD
Critical

CVE-2014-2421

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unkn…

CVSS: 10.0 CWE: N/A View on NVD
Low

CVE-2014-2420

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Deployment.

CVSS: 2.6 CWE: N/A View on NVD
High

CVE-2014-2414

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXB.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2014-2413

Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Libraries.

CVSS: 4.3 CWE: N/A View on NVD
High

CVE-2014-2412

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related…

CVSS: 7.5 CWE: N/A View on NVD
Critical

CVE-2014-2410

Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX.

CVSS: 9.3 CWE: N/A View on NVD
Medium

CVE-2014-2409

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment.

CVSS: 6.4 CWE: N/A View on NVD
Medium

CVE-2014-2403

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via vectors related to JAXP.

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2014-2402

Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Librar…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2014-2401

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality via unknown vectors related to 2D.

CVSS: 5.0 CWE: N/A View on NVD
Low

CVE-2014-2398

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote authenticated users to affect integrity via unknown vectors related…

CVSS: 3.5 CWE: N/A View on NVD
Critical

CVE-2014-2397

Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspo…

CVSS: 9.3 CWE: N/A View on NVD
Medium

CVE-2014-0464

Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality via unknown vectors related to Scripting, a different vulnerability than CVE-2014-0463.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2014-0463

Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality via unknown vectors related to Scripting, a different vulnerability than CVE-2014-0464.

CVSS: 4.3 CWE: N/A View on NVD
Critical

CVE-2014-0461

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to…

CVSS: 9.3 CWE: N/A View on NVD
Medium

CVE-2014-0460

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via vecto…

CVSS: 5.8 CWE: N/A View on NVD
Medium

CVE-2014-0459

Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect availability via unknown vectors related to 2D.

CVSS: 4.3 CWE: N/A View on NVD
High

CVE-2014-0458

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS,…

CVSS: 7.5 CWE: N/A View on NVD
Critical

CVE-2014-0457

Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and avai…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2014-0456

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2014-0455

Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Librar…

CVSS: 9.3 CWE: N/A View on NVD
High

CVE-2014-0454

Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Securi…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2014-0453

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via unkno…

CVSS: 4.0 CWE: N/A View on NVD
High

CVE-2014-0452

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS,…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2014-0451

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2014-0449

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via unknown vectors related to Deployment.

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2014-0448

Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

CVSS: 7.6 CWE: N/A View on NVD
High

CVE-2014-0446

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors re…

CVSS: 7.5 CWE: N/A View on NVD
Critical

CVE-2014-0432

Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Librar…

CVSS: 9.3 CWE: N/A View on NVD
Critical

CVE-2014-0429

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availab…

CVSS: 10.0 CWE: N/A View on NVD
2014-04-15
Medium

CVE-2010-2236

The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users wit…

CVSS: 6.0 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2014-0107

The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass exp…

CVSS: 7.5 CWE: CWE-264 View on NVD
2014-04-11
High

CVE-2014-2746

net/IOService.java in Tigase before 5.2.1 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a…

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2014-2741

nio/XMLLightweightParser.java in Ignite Realtime Openfire before 3.9.2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service…

CVSS: 7.8 CWE: CWE-264 View on NVD
2014-04-10
Medium

CVE-2013-6468

JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM Suite before 6.0.1 allows remote authenticated users to execute arbitrary Java code via a (1) MVFLEX Expression Language (MVEL) or…

CVSS: 6.5 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2014-04-03
Medium

CVE-2014-0093

Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2, when using a Java Security Manager (JSM), does not properly apply permissions defined by a policy file, which causes applications to be gr…

CVSS: 5.8 CWE: CWE-264 View on NVD