Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u161, 8u152 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N).
Max CVSS
4.7
EPSS Score
0.36%
Published
2018-01-18
Updated
2023-11-21
Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N).
Max CVSS
4.7
EPSS Score
0.09%
Published
2019-10-16
Updated
2022-09-30
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).
Max CVSS
4.7
EPSS Score
0.04%
Published
2024-02-17
Updated
2024-02-20
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Max CVSS
4.6
EPSS Score
0.06%
Published
2013-04-17
Updated
2022-05-13
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, when running with GNOME, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Max CVSS
4.6
EPSS Score
0.04%
Published
2014-01-15
Updated
2022-05-13
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: I18n). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded executes to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L).
Max CVSS
4.5
EPSS Score
0.12%
Published
2018-01-18
Updated
2023-11-21
The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML documentation pages that contain cross-site scripting (XSS) vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.25%
Published
2007-06-30
Updated
2018-10-26
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
Max CVSS
4.3
EPSS Score
0.73%
Published
2013-02-02
Updated
2022-05-13
Unspecified vulnerability in Oracle Java SE 7 Update 11 (JRE 1.7.0_11-b21) allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors, aka "Issue 51," a different vulnerability than CVE-2013-0431. NOTE: as of 20130130, this vulnerability does not contain any independently-verifiable details, and there is no vendor acknowledgement. A CVE identifier is being assigned because this vulnerability has received significant public attention, and the original researcher has an established history of releasing vulnerability reports that have been fixed by vendors. NOTE: this issue also exists in SE 6, but it cannot be exploited without a separate vulnerability.
Max CVSS
4.3
EPSS Score
0.28%
Published
2013-01-31
Updated
2013-02-04
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2433.
Max CVSS
4.3
EPSS Score
0.64%
Published
2013-04-17
Updated
2022-05-13
Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Javadoc. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to frame injection in HTML that is generated by Javadoc.
Max CVSS
4.3
EPSS Score
90.44%
Published
2013-06-18
Updated
2022-05-13
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.
Max CVSS
4.3
EPSS Score
0.87%
Published
2013-04-17
Updated
2017-09-19

CVE-2013-2423

Known exploited
Public exploit
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from the original researcher that this vulnerability allows remote attackers to bypass permission checks by the MethodHandles method and modify arbitrary public final fields using reflection and type confusion, as demonstrated using integer and double fields to disable the security manager.
Max CVSS
4.3
EPSS Score
97.50%
Published
2013-04-17
Updated
2017-09-19
CISA KEV Added
2022-05-25
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-1540.
Max CVSS
4.3
EPSS Score
0.65%
Published
2013-04-17
Updated
2022-05-13
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to GnomeFileTypeDetector and a missing check for read permissions for a path.
Max CVSS
4.3
EPSS Score
0.73%
Published
2013-06-18
Updated
2017-09-19
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
Max CVSS
4.3
EPSS Score
0.92%
Published
2013-10-16
Updated
2022-05-13
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via vectors related to SCRIPTING.
Max CVSS
4.3
EPSS Score
0.62%
Published
2013-10-16
Updated
2022-05-13
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to BEANS.
Max CVSS
4.3
EPSS Score
0.88%
Published
2013-10-16
Updated
2022-05-13
Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JGSS.
Max CVSS
4.3
EPSS Score
0.73%
Published
2013-10-16
Updated
2022-05-13
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to AWT.
Max CVSS
4.3
EPSS Score
0.98%
Published
2013-10-16
Updated
2022-05-13
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect availability via unknown vectors related to 2D.
Max CVSS
4.3
EPSS Score
1.45%
Published
2014-04-16
Updated
2022-05-13
Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality via unknown vectors related to Scripting, a different vulnerability than CVE-2014-0464.
Max CVSS
4.3
EPSS Score
0.12%
Published
2014-04-16
Updated
2022-05-09
Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality via unknown vectors related to Scripting, a different vulnerability than CVE-2014-0463.
Max CVSS
4.3
EPSS Score
0.12%
Published
2014-04-16
Updated
2022-05-09
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Libraries.
Max CVSS
4.3
EPSS Score
0.55%
Published
2014-04-16
Updated
2022-05-13
Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
Max CVSS
4.3
EPSS Score
0.69%
Published
2014-07-17
Updated
2022-05-13
105 vulnerabilities found
1 2 3 4 5
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!