The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of Oracle JRE

Oracle Java JRE: code execution via 2D
An attacker can invite the victim to display a web page containing a Java applet (or Java Web Start) using the 2D component, in order to execute code on his computer...
BID-58296, c03714148, c03725347, c03735640, CERTA-2013-AVI-163, CVE-2013-0809, FEDORA-2013-3467, FEDORA-2013-3468, HPSBUX02857, HPSBUX02864, HPSBUX02867, IC90659, KLYH95CMCJ, MDVSA-2013:021, MDVSA-2013:095, openSUSE-SU-2013:0430-1, openSUSE-SU-2013:0438-1, openSUSE-SU-2013:0509-1, RHSA-2013:0600-01, RHSA-2013:0601-01, RHSA-2013:0602-01, RHSA-2013:0603-01, RHSA-2013:0604-01, RHSA-2013:0605-01, RHSA-2013:0624-01, RHSA-2013:0625-01, RHSA-2013:0626-01, RHSA-2013:1455-01, RHSA-2013:1456-01, SSRT101103, SSRT101156, SUSE-SU-2013:0434-1, SUSE-SU-2013:0701-1, SUSE-SU-2013:0701-2, SUSE-SU-2013:0710-1, swg21627634, swg21633669, swg21633674, swg21644918, swg21645096, swg21645100, VIGILANCE-VUL-12481, VU#688246, ZDI-13-148
Oracle Java JRE: code execution via 2D
An attacker can invite the victim to display a web page containing a Java applet (or Java Web Start) using the 2D component, in order to execute code on his computer...
BID-58238, c03714148, c03725347, c03735640, CERTA-2013-AVI-163, CVE-2013-1493, FEDORA-2013-3467, FEDORA-2013-3468, HPSBUX02857, HPSBUX02864, HPSBUX02867, IC90659, KLYH95CMCJ, MDVSA-2013:021, MDVSA-2013:095, openSUSE-SU-2013:0430-1, openSUSE-SU-2013:0438-1, openSUSE-SU-2013:0509-1, RHSA-2013:0600-01, RHSA-2013:0601-01, RHSA-2013:0602-01, RHSA-2013:0603-01, RHSA-2013:0604-01, RHSA-2013:0605-01, RHSA-2013:0624-01, RHSA-2013:0625-01, RHSA-2013:0626-01, RHSA-2013:1455-01, RHSA-2013:1456-01, SSRT101103, SSRT101156, SUSE-SU-2013:0434-1, SUSE-SU-2013:0701-1, SUSE-SU-2013:0701-2, SUSE-SU-2013:0710-1, swg21627634, swg21633669, swg21633674, swg21644918, swg21645096, swg21645100, VIGILANCE-VUL-12478, VU#688246, ZDI-13-142, ZDI-13-149
Oracle JRE, JDK: several vulnerabilities
Several vulnerabilities of Oracle JRE and JDK can be used by a malicious applet/application in order to execute code or to obtain information. A legitimate applet/application, handling malicious data, can also be forced to execute code...
BID-57778, BID-58027, BID-58028, BID-58029, BID-58031, c03714148, c03735640, CERTA-2013-AVI-142, CVE-2013-0169, CVE-2013-1484, CVE-2013-1485, CVE-2013-1486, CVE-2013-1487, FEDORA-2013-2764, FEDORA-2013-2813, HPSBUX02857, HPSBUX02867, IC90659, javacpufeb2013update, KLYH95CMCJ, MDVSA-2013:014, MDVSA-2013:095, openSUSE-SU-2013:0375-1, openSUSE-SU-2013:0378-1, RHSA-2013:0273-01, RHSA-2013:0274-01, RHSA-2013:0275-01, RHSA-2013:0531-01, RHSA-2013:0532-01, RHSA-2013:0624-01, RHSA-2013:0625-01, RHSA-2013:0626-01, RHSA-2013:1455-01, RHSA-2013:1456-01, SB10041, SSRT101103, SUSE-SU-2013:0328-1, SUSE-SU-2013:0440-1, SUSE-SU-2013:0440-4, SUSE-SU-2013:0440-6, SUSE-SU-2013:0456-1, SUSE-SU-2013:0456-2, SUSE-SU-2013:0456-3, SUSE-SU-2013:0456-4, SUSE-SU-2013:0701-2, swg21627634, swg21633311, swg21633669, swg21633674, swg21644918, swg21645096, swg21645100, VIGILANCE-VUL-12437, ZDI-13-040, ZDI-13-041, ZDI-13-042
TLS, DTLS: information disclosure in CBC mode, Lucky 13
An attacker can inject wrongly encrypted messages in a TLS/DTLS session in mode CBC, and measure the delay before the error message reception, in order to progressively guess the clear content of the session...
1639354, 1643316, 1672363, BID-57736, BID-57774, BID-57776, BID-57777, BID-57778, BID-57780, BID-57781, c03710522, c03883001, CERTA-2013-AVI-099, CERTA-2013-AVI-109, CERTA-2013-AVI-339, CERTA-2013-AVI-454, CERTA-2013-AVI-543, CERTA-2013-AVI-657, CERTFR-2014-AVI-112, CERTFR-2014-AVI-244, CERTFR-2014-AVI-286, CERTFR-2019-AVI-311, CERTFR-2019-AVI-325, CVE-2013-0169, CVE-2013-1619, CVE-2013-1620, CVE-2013-1621, CVE-2013-1622-REJECT, CVE-2013-1623, CVE-2013-1624, DLA-1518-1, DSA-2621-1, DSA-2622-1, ESX400-201310001, ESX400-201310401-SG, ESX400-201310402-SG, ESX410-201307001, ESX410-201307401-SG, ESX410-201307403-SG, ESX410-201307404-SG, ESX410-201307405-SG, ESX410-201312001, ESX410-201312401-SG, ESX410-201312403-SG, ESXi410-201307001, ESXi410-201307401-SG, ESXi510-201401101-SG, FEDORA-2013-2110, FEDORA-2013-2128, FEDORA-2013-2764, FEDORA-2013-2793, FEDORA-2013-2813, FEDORA-2013-2834, FEDORA-2013-2892, FEDORA-2013-2929, FEDORA-2013-2984, FEDORA-2013-3079, FEDORA-2013-4403, FreeBSD-SA-13:03.openssl, GNUTLS-SA-2013-1, HPSBUX02856, HPSBUX02909, IC90385, IC90395, IC90396, IC90397, IC90660, IC93077, JSA10575, JSA10580, JSA10759, JSA10939, Lucky 13, MDVSA-2013:014, MDVSA-2013:018, MDVSA-2013:019, MDVSA-2013:040, MDVSA-2013:050, MDVSA-2013:052, openSUSE-SU-2013:0336-1, openSUSE-SU-2013:0337-1, openSUSE-SU-2013:0339-1, openSUSE-SU-2013:0807-1, openSUSE-SU-2016:0640-1, RHSA-2013:0273-01, RHSA-2013:0274-01, RHSA-2013:0275-01, RHSA-2013:0531-01, RHSA-2013:0532-01, RHSA-2013:0587-01, RHSA-2013:0588-01, RHSA-2013:0636-01, RHSA-2013:0782-01, RHSA-2013:0783-01, RHSA-2013:0833-01, RHSA-2013:0834-02, RHSA-2013:0839-02, RHSA-2013:1135-01, RHSA-2013:1144-01, RHSA-2013:1181-01, RHSA-2013:1455-01, RHSA-2013:1456-01, RHSA-2014:0371-01, RHSA-2014:0372-01, RHSA-2014:0896-01, RHSA-2015:1009, SOL14190, SOL15630, SSA:2013-040-01, SSA:2013-042-01, SSA:2013-242-01, SSA:2013-242-03, SSA:2013-287-03, SSA-556833, SSRT101104, SSRT101289, SUSE-SU-2013:0328-1, SUSE-SU-2014:0320-1, SUSE-SU-2014:0322-1, swg21633669, swg21638270, swg21639354, swg21640169, VIGILANCE-VUL-12374, VMSA-2013-0006.1, VMSA-2013-0007.1, VMSA-2013-0009, VMSA-2013-0009.1, VMSA-2013-0009.2, VMSA-2013-0009.3, VMSA-2013-0015
Oracle JRE, JDK, JavaFX: several vulnerabilities
Several vulnerabilities of Oracle JRE, JDK and JavaFX can be used by a malicious applet/application in order to execute code or to obtain information. A legitimate applet/application, handling malicious data, can also be forced to execute code...
1677352, BID-57670, BID-57681, BID-57682, BID-57683, BID-57684, BID-57685, BID-57686, BID-57687, BID-57688, BID-57689, BID-57690, BID-57691, BID-57692, BID-57693, BID-57694, BID-57695, BID-57696, BID-57697, BID-57699, BID-57700, BID-57701, BID-57702, BID-57703, BID-57704, BID-57705, BID-57706, BID-57707, BID-57708, BID-57709, BID-57710, BID-57711, BID-57712, BID-57713, BID-57714, BID-57715, BID-57716, BID-57717, BID-57718, BID-57719, BID-57720, BID-57721, BID-57722, BID-57723, BID-57724, BID-57725, BID-57726, BID-57727, BID-57728, BID-57729, BID-57730, BID-57731, c03714148, c03725347, c03735640, CERTA-2013-AVI-092, CVE-2012-1541, CVE-2012-1543, CVE-2012-3213, CVE-2012-3342, CVE-2012-4301, CVE-2012-4305, CVE-2013-0351, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0429, CVE-2013-0430, CVE-2013-0431, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0436, CVE-2013-0437, CVE-2013-0438, CVE-2013-0439, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0444, CVE-2013-0445, CVE-2013-0446, CVE-2013-0447, CVE-2013-0448, CVE-2013-0449, CVE-2013-0450, CVE-2013-1472, CVE-2013-1473, CVE-2013-1474, CVE-2013-1475, CVE-2013-1476, CVE-2013-1477, CVE-2013-1478, CVE-2013-1479, CVE-2013-1480, CVE-2013-1481, CVE-2013-1482, CVE-2013-1483, CVE-2013-1489, FEDORA-2013-1898, FEDORA-2013-2188, FEDORA-2013-2197, FEDORA-2013-2205, FEDORA-2013-2209, HPSBUX02857, HPSBUX02864, HPSBUX02867, IC90659, javacpufeb2013, MDVSA-2013:010, MDVSA-2013:095, openSUSE-SU-2013:0308-1, openSUSE-SU-2013:0312-1, openSUSE-SU-2013:0377-1, RHSA-2013:0236-01, RHSA-2013:0237-01, RHSA-2013:0245-01, RHSA-2013:0246-01, RHSA-2013:0247-01, RHSA-2013:0624-01, RHSA-2013:0625-01, RHSA-2013:0626-01, RHSA-2013:1455-01, RHSA-2013:1456-01, SE-2012-01, SSRT101103, SSRT101156, SUSE-SU-2013:0315-1, SUSE-SU-2013:0440-1, SUSE-SU-2013:0440-2, SUSE-SU-2013:0440-3, SUSE-SU-2013:0440-4, SUSE-SU-2013:0440-6, SUSE-SU-2013:0456-1, SUSE-SU-2013:0456-2, SUSE-SU-2013:0456-3, SUSE-SU-2013:0456-4, swg21627634, swg21633311, swg21633669, swg21633674, swg21645096, swg21645100, VIGILANCE-VUL-12368, VU#858729, ZDI-13-010, ZDI-13-011, ZDI-13-012, ZDI-13-013, ZDI-13-022, ZDI-13-023
Oracle Java JRE: code execution via MethodHandle
An attacker can create a malicious applet, using MethodHandle and sun.misc.reflect.Trampoline, in order to execute arbitrary Java code...
BID-57312, CVE-2012-3174, FEDORA-2013-0853, FEDORA-2013-0868, FEDORA-2013-0888, MDVSA-2013:095, openSUSE-SU-2013:0199-1, RHSA-2013:0156-01, RHSA-2013:0165-01, RHSA-2013:0624-01, RHSA-2013:0625-01, RHSA-2013:0626-01, SUSE-SU-2013:0440-1, swg21627634, swg21645096, swg21645100, VIGILANCE-VUL-12328, ZDI-13-002
Oracle Java JRE: code execution via MBeanInstantiator
An attacker can create an applet using a JMX MBean, to bypass the security manager, in order to execute arbitrary Java code...
BID-57246, CERTA-2013-ALE-001, CVE-2013-0422, FEDORA-2013-0853, FEDORA-2013-0868, FEDORA-2013-0888, MDVSA-2013:095, openSUSE-SU-2013:0199-1, RHSA-2013:0156-01, RHSA-2013:0165-01, RHSA-2013:0624-01, RHSA-2013:0625-01, RHSA-2013:0626-01, SUSE-SU-2013:0440-1, swg21627634, swg21645096, swg21645100, VIGILANCE-VUL-12324, VU#625617
Java JRE/JDK: several vulnerabilities
Several vulnerabilities of Java JRE/JDK can be used by a malicious applet/application in order to execute code or to obtain information. A legitimate applet/application, handling malicious data, can also be forced to execute code...
SE-2012-01, VIGILANCE-VUL-12169
Java JRE/JDK: several vulnerabilities
Several vulnerabilities of Java JRE/JDK can be used by a malicious applet/application in order to execute code or to obtain information. A legitimate applet/application, handling malicious data, can also be forced to execute code...
BID-55501, BID-55538, BID-56025, BID-56033, BID-56039, BID-56043, BID-56046, BID-56051, BID-56054, BID-56055, BID-56056, BID-56057, BID-56058, BID-56059, BID-56061, BID-56063, BID-56065, BID-56067, BID-56070, BID-56071, BID-56072, BID-56075, BID-56076, BID-56079, BID-56080, BID-56081, BID-56082, BID-56083, c03595351, CERTA-2012-AVI-576, CERTA-2012-AVI-746, CERTA-2013-AVI-094, CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-3143, CVE-2012-3159, CVE-2012-3216, CVE-2012-4416, CVE-2012-4420, CVE-2012-5067, CVE-2012-5068, CVE-2012-5069, CVE-2012-5070, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5074, CVE-2012-5075, CVE-2012-5076, CVE-2012-5077, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5085, CVE-2012-5086, CVE-2012-5087, CVE-2012-5088, CVE-2012-5089, CVE-2012-5979-ERROR, DSECRG-12-039, ESX350-201302401-SG, FEDORA-2012-16346, FEDORA-2012-16351, IC89804, javacpuoct2012, MDVSA-2012:169, openSUSE-SU-2012:1419-1, openSUSE-SU-2012:1423-1, openSUSE-SU-2012:1424-1, RHSA-2012:1384-01, RHSA-2012:1385-01, RHSA-2012:1386-01, RHSA-2012:1391-01, RHSA-2012:1392-01, RHSA-2012:1465-01, RHSA-2012:1466-01, RHSA-2012:1467-01, RHSA-2012:1485-01, RHSA-2013:1455-01, RHSA-2013:1456-01, SUSE-SU-2012:1398-1, SUSE-SU-2012:1489-1, SUSE-SU-2012:1489-2, SUSE-SU-2012:1490-1, SUSE-SU-2012:1588-1, SUSE-SU-2012:1595-1, swg21621958, swg21621959, VIGILANCE-VUL-12072, VMSA-2013-0001.2, VMSA-2013-0003
Java JRE: memory reading via Arrays.fill
When a Java application uses an integer array, and the Arrays.fill() method, the array memory area is not initialized to zero by the JRE, so an attacker can obtain a fragment memory...
7196857, BID-55501, BID-55538, c03595351, CERTA-2012-AVI-746, CVE-2012-4416, CVE-2012-4420, FEDORA-2012-16346, FEDORA-2012-16351, MDVSA-2012:169, openSUSE-SU-2012:1419-1, openSUSE-SU-2012:1423-1, openSUSE-SU-2012:1424-1, RHSA-2012:1384-01, RHSA-2012:1385-01, RHSA-2012:1386-01, RHSA-2012:1391-01, RHSA-2012:1392-01, VIGILANCE-VUL-11929
Our database contains other pages. You can request a free trial to read them.

Display information about Oracle JRE: