This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Oracle First view 2012-11-28
Product Openjdk Last view 2022-01-19
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:* 47
cpe:2.3:a:oracle:openjdk:11.0.12:*:*:*:*:*:*:* 41
cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:* 41
cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:* 38
cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:* 38
cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:* 38
cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:* 38
cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:* 38
cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:* 38
cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:* 38
cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:* 38
cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:* 38
cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:* 38
cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:* 38
cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:* 38
cpe:2.3:a:oracle:openjdk:1.7.0:*:*:*:*:*:*:* 38
cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:* 38
cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:* 38
cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:* 38
cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:* 38
cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:* 38
cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:* 38
cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:* 38
cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:* 38
cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:* 38
cpe:2.3:a:oracle:openjdk:11:*:*:*:*:*:*:* 37
cpe:2.3:a:oracle:openjdk:1.6.0:*:*:*:*:*:*:* 37
cpe:2.3:a:oracle:openjdk:11.0.1:*:*:*:*:*:*:* 36
cpe:2.3:a:oracle:openjdk:11.0.2:*:*:*:*:*:*:* 36
cpe:2.3:a:oracle:openjdk:11.0.3:*:*:*:*:*:*:* 36
cpe:2.3:a:oracle:openjdk:11.0.4:*:*:*:*:*:*:* 36
cpe:2.3:a:oracle:openjdk:11.0.5:*:*:*:*:*:*:* 36
cpe:2.3:a:oracle:openjdk:13:*:*:*:*:*:*:* 36
cpe:2.3:a:oracle:openjdk:13.0.1:*:*:*:*:*:*:* 36
cpe:2.3:a:oracle:openjdk:1.8.0:*:*:*:*:*:*:* 35
cpe:2.3:a:oracle:openjdk:-:*:*:*:*:*:*:* 34
cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:* 33
cpe:2.3:a:oracle:openjdk:7:update301:*:*:*:*:*:* 33
cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:* 32
cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:* 32
cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:* 32
cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:* 32
cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:* 32
cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:* 32
cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:* 32
cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:* 32
cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:* 32
cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:* 32
cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:* 32
cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:* 32

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
5.3 2022-01-19 CVE-2022-21366

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

5.3 2022-01-19 CVE-2022-21365

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

5.3 2022-01-19 CVE-2022-21360

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

5.3 2022-01-19 CVE-2022-21349

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 7u321, 8u311; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

5.3 2022-01-19 CVE-2022-21341

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

5.3 2022-01-19 CVE-2022-21340

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

5.3 2022-01-19 CVE-2022-21305

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

5.3 2022-01-19 CVE-2022-21299

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

5.3 2022-01-19 CVE-2022-21296

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

5.3 2022-01-19 CVE-2022-21294

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

5.3 2022-01-19 CVE-2022-21293

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

5.3 2022-01-19 CVE-2022-21291

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

5.3 2022-01-19 CVE-2022-21283

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

5.3 2022-01-19 CVE-2022-21282

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

5.3 2022-01-19 CVE-2022-21277

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

3.7 2022-01-19 CVE-2022-21248

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

3.7 2021-10-20 CVE-2021-35603

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

3.1 2021-10-20 CVE-2021-35588

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u311, 8u301; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).

5.3 2021-10-20 CVE-2021-35586

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

5.3 2021-10-20 CVE-2021-35578

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

6.8 2021-10-20 CVE-2021-35567

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via Kerberos to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N).

5.3 2021-10-20 CVE-2021-35565

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

5.3 2021-10-20 CVE-2021-35564

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Keytool). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

5.3 2021-10-20 CVE-2021-35561

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Utility). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

7.5 2021-10-20 CVE-2021-35560

Vulnerability in the Java SE product of Oracle Java SE (component: Deployment). The supported version that is affected is Java SE: 8u301. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).

CWE : Common Weakness Enumeration

%idName
18% (3) CWE-755 Improper Handling of Exceptional Conditions
18% (3) CWE-502 Deserialization of Untrusted Data
18% (3) CWE-310 Cryptographic Issues
12% (2) CWE-59 Improper Link Resolution Before File Access ('Link Following')
6% (1) CWE-787 Out-of-bounds Write
6% (1) CWE-476 NULL Pointer Dereference
6% (1) CWE-269 Improper Privilege Management
6% (1) CWE-125 Out-of-bounds Read
6% (1) CWE-20 Improper Input Validation

Oval Markup Language : Definitions

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
OvalID Name
oval:org.mitre.oval:def:21079 RHSA-2013:0587: openssl security update (Moderate)
oval:org.mitre.oval:def:20786 VMware vSphere, ESX and ESXi updates to third party libraries
oval:org.mitre.oval:def:19608 Multiple OpenSSL vulnerabilities
oval:org.mitre.oval:def:19540 HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, an...
oval:org.mitre.oval:def:19428 HP-UX Apache Web Server, Remote Denial of Service (DoS)
oval:org.mitre.oval:def:19424 HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, an...
oval:org.mitre.oval:def:19016 OpenSSL vulnerability before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1....
oval:org.mitre.oval:def:18841 HP-UX Running OpenSSL, Remote Denial of Service (DoS) and Unauthorized Discl...
oval:org.mitre.oval:def:18565 DSA-2621-1 openssl - several vulnerabilities
oval:org.mitre.oval:def:18302 USN-1732-1 -- openssl vulnerabilities
oval:org.mitre.oval:def:23909 ELSA-2013:0587: openssl security update (Moderate)
oval:org.mitre.oval:def:23489 DEPRECATED: ELSA-2013:0587: openssl security update (Moderate)
oval:org.mitre.oval:def:24405 Vulnerability in the TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1...
oval:org.mitre.oval:def:24938 OpenSSL vulnerability before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1....
oval:org.mitre.oval:def:26214 SUSE-SU-2013:0328-1 -- Security update for Java
oval:org.mitre.oval:def:25811 SUSE-SU-2013:0701-1 -- Security update for java-1_7_0-ibm
oval:org.mitre.oval:def:25236 SUSE-SU-2013:0701-2 -- Security update for java-1_6_0-ibm
oval:org.mitre.oval:def:27605 DEPRECATED: ELSA-2013-0587 -- openssl security update (moderate)
oval:org.mitre.oval:def:27551 DEPRECATED: ELSA-2013-0275 -- java-1.7.0-openjdk security update (important)
oval:org.mitre.oval:def:19582 HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, a...
oval:org.mitre.oval:def:19565 HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, a...
oval:org.mitre.oval:def:16887 Unspecified vulnerability in the Java Runtime Environment (JRE) component in ...
oval:org.mitre.oval:def:25952 SUSE-SU-2013:1238-1 -- Security update for java-1_6_0-openjdk
oval:org.mitre.oval:def:25782 SUSE-SU-2013:1254-1 -- Security update for java-1_7_0-openjdk
oval:org.mitre.oval:def:23723 The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6...

OpenVAS Exploits

id Description
2012-12-04 Name : Oracle Java SE Hash Collision DoS Vulnerability (Windows)
File : nvt/gb_oracle_java_se_hash_collision_dos_vuln_win.nasl
2012-12-04 Name : Oracle Java SE 'MurmurHash' Algorithm Hash Collision DoS Vulnerability (Windows)
File : nvt/gb_oracle_java_se_murmurhash_dos_vuln_win.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2014-A-0105 Multiple Vulnerabilities in Oracle Java
Severity: Category I - VMSKEY: V0053191
2013-A-0199 Multiple Vulnerabilities in Oracle Fusion Middleware
Severity: Category I - VMSKEY: V0040786
2013-A-0181 Multiple Vulnerabilities in Junos Pulse Secure Access Service (IVE)
Severity: Category I - VMSKEY: V0040371
2013-A-0180 Multiple Vulnerabilities in Juniper Networks Junos Pulse Access Service Acces...
Severity: Category I - VMSKEY: V0040372
2013-A-0179 Apple Mac OS X Security Update 2013-004
Severity: Category I - VMSKEY: V0040373
2013-A-0077 Multiple Vulnerabilities in OpenSSL
Severity: Category I - VMSKEY: V0037605

Snort® IPS/IDS

Date Description
2014-01-10 Oracle Java XML digital signature spoofing attempt
RuleID : 28157 - Type : BROWSER-PLUGINS - Revision : 3
2014-01-10 SSLv3 plaintext recovery attempt
RuleID : 25828 - Type : SERVER-OTHER - Revision : 4
2014-01-10 TLSv1.2 plaintext recovery attempt
RuleID : 25827 - Type : SERVER-OTHER - Revision : 4
2014-01-10 TLSv1.1 plaintext recovery attempt
RuleID : 25826 - Type : SERVER-OTHER - Revision : 4
2014-01-10 TLSv1.0 plaintext recovery attempt
RuleID : 25825 - Type : SERVER-OTHER - Revision : 4

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-09-27 Name: The remote Debian host is missing a security update.
File: debian_DLA-1518.nasl - Type: ACT_GATHER_INFO
2016-11-21 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL93600123.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-294.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote VMware ESX / ESXi host is missing a security-related patch.
File: vmware_esx_VMSA-2013-0009_remote.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote VMware ESX / ESXi host is missing a security-related patch.
File: vmware_esx_VMSA-2013-0012_remote.nasl - Type: ACT_GATHER_INFO
2015-07-28 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3316.nasl - Type: ACT_GATHER_INFO
2015-05-20 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2014-0732-1.nasl - Type: ACT_GATHER_INFO
2015-02-16 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201502-12.nasl - Type: ACT_GATHER_INFO
2015-01-19 Name: The remote Solaris system is missing a security patch for third-party software.
File: solaris11_gnutls_20130924.nasl - Type: ACT_GATHER_INFO
2015-01-19 Name: The remote Solaris system is missing a security patch for third-party software.
File: solaris11_nss_20140809.nasl - Type: ACT_GATHER_INFO
2015-01-19 Name: The remote Solaris system is missing a security patch for third-party software.
File: solaris11_openssl_20130716.nasl - Type: ACT_GATHER_INFO
2015-01-13 Name: The remote host has a library installed that is affected by an information di...
File: tivoli_directory_svr_swg21638270.nasl - Type: ACT_GATHER_INFO
2014-12-22 Name: The remote device is affected by multiple vulnerabilities.
File: juniper_space_jsa10659.nasl - Type: ACT_GATHER_INFO
2014-12-16 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2014-772.nasl - Type: ACT_GATHER_INFO
2014-12-16 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2014-773.nasl - Type: ACT_GATHER_INFO
2014-12-12 Name: The remote host has an update manager installed that is affected by multiple ...
File: vmware_vcenter_update_mgr_vmsa-2014-0012.nasl - Type: ACT_GATHER_INFO
2014-12-12 Name: The remote host has a virtualization management application installed that is...
File: vmware_vcenter_vmsa-2014-0012.nasl - Type: ACT_GATHER_INFO
2014-12-05 Name: The remote SuSE 11 host is missing one or more security updates.
File: suse_11_compat-openssl097g-141202.nasl - Type: ACT_GATHER_INFO
2014-11-26 Name: The remote OracleVM host is missing a security update.
File: oraclevm_OVMSA-2014-0007.nasl - Type: ACT_GATHER_INFO
2014-11-26 Name: The remote OracleVM host is missing a security update.
File: oraclevm_OVMSA-2014-0008.nasl - Type: ACT_GATHER_INFO
2014-11-08 Name: The remote Red Hat host is missing a security update.
File: redhat-RHSA-2013-0636.nasl - Type: ACT_GATHER_INFO
2014-11-08 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2013-1455.nasl - Type: ACT_GATHER_INFO
2014-11-08 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2013-1456.nasl - Type: ACT_GATHER_INFO
2014-11-08 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2014-0413.nasl - Type: ACT_GATHER_INFO
2014-11-08 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2014-0414.nasl - Type: ACT_GATHER_INFO