Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jdk vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-25141
Apache Sling JCR Base < 3.1.12 has a critical injection vulnerability when running on old JDK versions (JDK 1.8.191 or earlier) through utility functions in RepositoryAccessor. The functions getRepository and getRepositoryFromURL allow an application to access data stored in a...
Apache Sling Jcr Base
7.5
CVSSv3
CVE-2023-25193
hb-ot-layout-gsubgpos.hh in HarfBuzz up to and including 6.0.0 allows malicious users to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.
Harfbuzz Project Harfbuzz
Fedoraproject Fedora 36
7.5
CVSSv3
CVE-2022-34169
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update t...
Apache Xalan-java
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Oracle Jre 17.0.3.1
Oracle Jre 18.0.1.1
Oracle Jre 11.0.15.1
Oracle Jre 1.8.0
Oracle Jre 1.7.0
Oracle Jdk 17.0.3.1
Oracle Jdk 18.0.1.1
Oracle Jdk 11.0.15.1
Oracle Jdk 1.8.0
Oracle Jdk 1.7.0
Oracle Graalvm 20.3.6
Oracle Graalvm 21.3.2
Oracle Graalvm 22.1.0
Oracle Openjdk 8
Oracle Openjdk 7
Oracle Openjdk 18
Oracle Openjdk
Fedoraproject Fedora 35
Fedoraproject Fedora 36
3 Github repositories
7.5
CVSSv3
CVE-2022-21449
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerabilit...
Oracle Graalvm 21.3.1
Oracle Graalvm 22.0.0.2
Oracle Jdk 18
Oracle Jdk 17.0.2
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Netapp Oncommand Workflow Automation -
Netapp Oncommand Insight -
Netapp Cloud Insights -
Netapp E-series Santricity Storage Manager -
Netapp E-series Santricity Web Services -
Netapp Solidfire \\& Hci Management Node -
Netapp Santricity Unified Manager -
Netapp Hci Compute Node -
Netapp 7-mode Transition Tool -
Netapp Active Iq Unified Manager -
Netapp Solidfire\\, Enterprise Sds \\& Hci Storage Node -
Netapp E-series Santricity Os Controller 11.0
Azul Zulu 15.38
Azul Zulu 17.32
Azul Zulu 18.28
24 Github repositories
1 Article
7.5
CVSSv3
CVE-2022-21476
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Eas...
Oracle Graalvm 20.3.5
Oracle Graalvm 21.3.1
Oracle Graalvm 22.0.0.2
Oracle Jdk 18
Oracle Jdk 17.0.2
Oracle Jdk 11.0.14
Oracle Jdk 8.0
Oracle Jdk 7.0
Netapp Element Software -
Netapp Oncommand Insight -
Netapp E-series Santricity Storage Manager -
Netapp Solidfire -
Netapp Hci Management Node -
Netapp Active Iq Unified Manager -
Netapp Santricity Unified Manager -
Netapp E-series Santricity Web Services -
Netapp E-series Santricity Os Controller
Netapp Cloud Insights Acquisition Unit -
Netapp Cloud Secure Agent -
Netapp Bootstrap Os -
Debian Debian Linux 9.0
Debian Debian Linux 10.0
7.5
CVSSv3
CVE-2021-2388
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allow...
Oracle Graalvm 20.3.2
Oracle Graalvm 21.1.0
Oracle Jdk 1.8.0
Oracle Jdk 11.0.11
Oracle Jdk 16.0.1
Debian Debian Linux 9.0
Debian Debian Linux 10.0
7.5
CVSSv3
CVE-2020-2816
Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of t...
Oracle Jdk 14.0.0
Oracle Jre 14.0.0
Oracle Jdk 11.0.6
Oracle Jre 11.0.6
Oracle Openjdk 8
Oracle Openjdk 7
Oracle Openjdk 14
Oracle Openjdk
Netapp Cloud Backup -
Netapp Steelstore Cloud Integrated Storage -
Netapp Snapmanager -
Netapp Oncommand Workflow Automation -
Netapp Storagegrid -
Netapp Storagegrid
Netapp Oncommand Insight -
Netapp Active Iq Unified Manager
Netapp 7-mode Transition Tool -
Netapp E-series Performance Analyzer -
Netapp E-series Santricity Os Controller
Netapp E-series Santricity Web Services -
Netapp Plug-in For Symantec Netbackup -
Netapp Santricity Unified Manager -
7.5
CVSSv3
CVE-2012-4420
An information disclosure flaw was found in the way the Java Virtual Machine (JVM) implementation of Java SE 7 as provided by OpenJDK 7 incorrectly initialized integer arrays after memory allocation (in certain circumstances they had nonzero elements right after the allocation). ...
Oracle Jdk 7.0
7.5
CVSSv3
CVE-2019-2602
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with netw...
Oracle Jdk 11.0.2
Oracle Jdk 12
Oracle Jre 11.0.2
Oracle Jre 12
Oracle Jdk 1.8.0
Oracle Jdk 1.7.0
Oracle Jre 1.8.0
Oracle Jre 1.7.0
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Redhat Satellite 5.8
Redhat Openshift Container Platform 3.11
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Server Tus 8.6
Redhat Enterprise Linux Server Tus 8.4
Redhat Enterprise Linux Server Tus 8.2
Redhat Enterprise Linux Server Aus 8.6
Redhat Enterprise Linux Server Aus 8.4
7.5
CVSSv3
CVE-2019-10245
In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a method to execute past the end of bytecode array causing crashes. Eclipse OpenJ9 v0.14.0 correctly detects this case and rejects the attempted class load.
Eclipse Openj9
Redhat Satellite 5.8
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Workstation 6.0
Redhat Enterprise Linux Workstation 7.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »