Vulnerabilities > Oracle > JRE
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-02-02 | CVE-2012-1541 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. | 10.0 |
| 2013-01-31 | CVE-2013-1490 | Security Bypass vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 7 Update 11 (JRE 1.7.0_11-b21) allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors, aka "Issue 51," a different vulnerability than CVE-2013-0431. network oracle | 4.3 |
| 2013-01-31 | CVE-2013-0431 | Remote Java Runtime Environment vulnerability in Oracle JDK and JRE Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490. | 5.0 |
| 2013-01-14 | CVE-2012-3174 | Permissions, Privileges, and Access Controls vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0422. | 10.0 |
| 2013-01-10 | CVE-2013-0422 | Permissions, Privileges, and Access Controls vulnerability in Oracle JDK and JRE Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using the findClass method, and (2) using the Reflection API with recursion in a way that bypasses a security check by the java.lang.invoke.MethodHandles.Lookup.checkSecurityManager method due to the inability of the sun.reflect.Reflection.getCallerClass method to skip frames related to the new reflection API, as exploited in the wild in January 2013, as demonstrated by Blackhole and Nuclear Pack, and a different vulnerability than CVE-2012-4681 and CVE-2012-3174. | 10.0 |
| 2012-11-28 | CVE-2012-5373 | Cryptographic Issues vulnerability in Oracle Jdk, JRE and Openjdk Oracle Java SE 7 and earlier, and OpenJDK 7 and earlier, computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash3 algorithm, a different vulnerability than CVE-2012-2739. | 5.0 |
| 2012-11-28 | CVE-2012-2739 | Cryptographic Issues vulnerability in Oracle Jdk, JRE and Openjdk Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 and 8 before build 39, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. | 5.0 |
| 2012-10-16 | CVE-2012-5089 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX, a different vulnerability than CVE-2012-3143. | 7.6 |
| 2012-10-16 | CVE-2012-5088 | Remote Java Runtime Environment vulnerability in Oracle JDK and JRE Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | 10.0 |
| 2012-10-16 | CVE-2012-5087 | Remote Java Runtime Environment vulnerability in Oracle JDK and JRE Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. | 10.0 |