Home/Product/oracle openjdk
Product

oracle openjdk

114 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2024-20952
>= 11 and < 11.0.24
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (componen
7.4HIGH
 CVE-2023-21968
>= 11 and <= 11.0.18
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supporte
3.7LOW
 CVE-2023-21967
< 8
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported ver
5.9MEDIUM
 CVE-2023-21954
< 8
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported
5.9MEDIUM
 CVE-2023-21939
< 8
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported ve
5.3MEDIUM
 CVE-2023-21938
< 8
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supporte
3.7LOW
 CVE-2023-21937
< 8
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Support
3.7LOW
 CVE-2023-21930
< 8
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported ver
7.4HIGH
 CVE-2022-21541
>= 11 and <= 11.0.15
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported v
5.9MEDIUM
 CVE-2022-21540
>= 11 and <= 11.0.15
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported v
5.3MEDIUM
 CVE-2022-34169
>= 11 and <= 11.0.15
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This c
7.5HIGH
 CVE-2022-21476
>= 11 and <= 11.0.14
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported
7.5HIGH
 CVE-2022-21366
>= 11 and <= 11.0.13
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported v
5.3MEDIUM
 CVE-2022-21365
>= 11 and <= 11.0.13
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported v
5.3MEDIUM
 CVE-2022-21360
>= 11 and <= 11.0.13
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported v
5.3MEDIUM
 CVE-2022-21349
all versions
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versio
5.3MEDIUM
 CVE-2022-21341
>= 11 and <= 11.0.13
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Suppo
5.3MEDIUM
 CVE-2022-21340
>= 11 and <= 11.0.13
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported
5.3MEDIUM
 CVE-2022-21305
>= 11 and <= 11.0.13
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported v
5.3MEDIUM
 CVE-2022-21299
>= 11 and <= 11.0.13
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported vers
5.3MEDIUM
 CVE-2022-21296
>= 11 and <= 11.0.13
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported vers
5.3MEDIUM
 CVE-2022-21294
>= 11 and <= 11.0.13
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported
5.3MEDIUM
 CVE-2022-21293
>= 11 and <= 11.0.13
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported
5.3MEDIUM
 CVE-2022-21291
>= 11 and <= 11.0.13
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported v
5.3MEDIUM
 CVE-2022-21283
>= 11 and <= 11.0.13
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported
5.3MEDIUM
 CVE-2022-21282
>= 11 and <= 11.0.13
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported vers
5.3MEDIUM
 CVE-2022-21277
>= 11 and <= 11.0.13
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported v
5.3MEDIUM
 CVE-2022-21248
>= 11 and <= 11.0.13
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Suppo
3.7LOW
 CVE-2021-35603
all versions
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions th
3.7LOW
 CVE-2021-35588
all versions
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions
3.1LOW
 CVE-2021-35586
all versions
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions
5.3MEDIUM
 CVE-2021-35578
all versions
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions th
5.3MEDIUM
 CVE-2021-35567
all versions
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versio
6.8MEDIUM
 CVE-2021-35565
all versions
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions th
5.3MEDIUM
 CVE-2021-35564
all versions
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Keytool). Supported versions
5.3MEDIUM
 CVE-2021-35561
all versions
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Utility). Supported versions
5.3MEDIUM
 CVE-2021-35560
all versions
Vulnerability in the Java SE product of Oracle Java SE (component: Deployment). The supported version that is affected is Java SE:
7.5HIGH
 CVE-2021-35559
all versions
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions t
5.3MEDIUM
 CVE-2021-35556
all versions
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions t
5.3MEDIUM
 CVE-2021-35550
all versions
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions th
5.9MEDIUM
 CVE-2021-20264
all versions
An insecure modification flaw in the /etc/passwd file was found in the openjdk-1.8 and openjdk-11 containers. This flaw allows an
7.8HIGH
 CVE-2021-2388
all versions
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions
7.5HIGH
 CVE-2021-2369
all versions
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Library). Supported versions
4.3MEDIUM
 CVE-2021-2341
all versions
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versi
3.1LOW
 CVE-2021-32553
all versions
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by
7.3HIGH
 CVE-2021-3522
all versions
GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags.
5.5MEDIUM
 CVE-2021-3517
all versions
There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a
8.6HIGH
 CVE-2021-3537
all versions
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content,
5.9MEDIUM
 CVE-2021-2163
>= 11 and <= 11.0.10
Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries)
5.3MEDIUM
 CVE-2021-2161
>= 11 and <= 11.0.10
Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries)
5.9MEDIUM
 CVE-2020-14803
all versions
Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 1
5.3MEDIUM
 CVE-2020-14798
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affec
3.1LOW
 CVE-2020-14797
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affec
3.7LOW
 CVE-2020-14796
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affec
3.1LOW
 CVE-2020-14792
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affecte
4.2MEDIUM
 CVE-2020-14782
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affec
3.7LOW
 CVE-2020-14781
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected a
3.7LOW
 CVE-2020-14779
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are a
3.7LOW
 CVE-2020-14621
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected a
5.3MEDIUM
 CVE-2020-14593
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are
7.4HIGH
 CVE-2020-14583
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affec
8.3HIGH
 CVE-2020-14581
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are
3.7LOW
 CVE-2020-14579
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affec
3.7LOW
 CVE-2020-14578
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affec
3.7LOW
 CVE-2020-14577
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected a
3.7LOW
 CVE-2020-14556
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affec
4.8MEDIUM
 CVE-2020-2830
>= 11 and <= 11.0.6
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are aff
5.3MEDIUM
 CVE-2020-2816
>= 11 and <= 11.0.6
Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6
7.5HIGH
 CVE-2020-2805
>= 11 and <= 11.0.6
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affec
8.3HIGH
 CVE-2020-2803
>= 11 and <= 11.0.6
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affec
8.3HIGH
 CVE-2020-2800
>= 11 and <= 11.0.6
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions
4.8MEDIUM
 CVE-2020-2781
>= 11 and <= 11.0.6
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected a
5.3MEDIUM
 CVE-2020-2778
>= 11 and <= 11.0.6
Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6
3.7LOW
 CVE-2020-2773
>= 11 and <= 11.0.6
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affect
3.7LOW
 CVE-2020-2767
>= 11 and <= 11.0.6
Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6
4.8MEDIUM
 CVE-2020-2757
>= 11 and <= 11.0.6
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are a
3.7LOW
 CVE-2020-2756
>= 11 and <= 11.0.6
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are a
3.7LOW
 CVE-2020-2755
>= 11 and <= 11.0.6
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affec
3.7LOW
 CVE-2020-2754
>= 11 and <= 11.0.6
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affec
3.7LOW
 CVE-2020-2659
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affe
3.7LOW
 CVE-2020-2654
all versions
Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7
3.7LOW
 CVE-2020-2604
>= 11 and <= 11.0.5
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are a
8.1HIGH
 CVE-2020-2601
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affect
6.8MEDIUM
 CVE-2020-2593
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affe
4.8MEDIUM
 CVE-2020-2590
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affect
3.7LOW
 CVE-2020-2583
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are a
3.7LOW
 CVE-2019-13117
all versions
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatIn
5.3MEDIUM
 CVE-2014-8873
all versions
A .desktop file in the Debian openjdk-7 package 7u79-2.5.5-1~deb8u1 includes a MIME type registration that is added to /etc/mailca
 CVE-2014-2483
all versions
Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u60 and OpenJDK 7 allows remote attackers to affect
 CVE-2014-2405
all versions
Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and a
 CVE-2014-0462
all versions
Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and a
 CVE-2014-1876
all versions
The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8;
 CVE-2013-2461
all versions
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 4
 CVE-2013-0169
all versions
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not
 CVE-2013-0431
all versions
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, al
5.3MEDIUM
 CVE-2012-5373
<= 1.7.0
Oracle Java SE 7 and earlier, and OpenJDK 7 and earlier, computes hash values without properly restricting the ability to trigger
 CVE-2012-2739
<= 1.7.0
Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 and 8 before build 39, computes hash values without restrictin
 CVE-2009-3884
all versions
The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers t
 CVE-2009-3883
all versions
Multiple unspecified vulnerabilities in the Windows Pluggable Look and Feel (PL&F) feature in the Swing implementation in Sun Java
 CVE-2009-3882
all versions
Multiple unspecified vulnerabilities in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and O
 CVE-2009-3881
all versions
Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not prevent the existence of children of a resurrected
 CVE-2009-3880
all versions
The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, an
 CVE-2009-3879
all versions
Multiple unspecified vulnerabilities in the (1) X11 and (2) Win32GraphicsDevice subsystems in Sun Java SE 5.0 before Update 22 and
 CVE-2009-3728
all versions
Directory traversal vulnerability in the ICC_Profile.getInstance method in Java Runtime Environment (JRE) in Sun Java SE 5.0 befor
 CVE-2009-2690
all versions
The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants read access to private variables with unspecified names, which
 CVE-2009-2689
all versions
JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, grants full privileges to inst
 CVE-2009-2476
all versions
The Java Management Extensions (JMX) implementation in Sun Java SE 6 before Update 15, and OpenJDK, does not properly enforce Open
 CVE-2009-2475
all versions
Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, might allow context-dependent attackers to obtain sensitive
 CVE-2009-1896
<= 1.6.0.0
The Java Web Start framework in IcedTea in OpenJDK before 1.6.0.0-20.b16.fc10 on Fedora 10, and before 1.6.0.0-27.b16.fc11 on Fedo
 CVE-2009-0794
all versions
Integer overflow in the PulseAudioTargetDataL class in src/java/org/classpath/icedtea/pulseaudio/PulseAudioTargetDataLine.java in
 CVE-2009-0793
all versions
cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a deni
 CVE-2009-0733
<= 7
Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used
 CVE-2009-0723
<= 7
Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, all
 CVE-2009-0581
<= 7
Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dep
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin