Skip to main content
CVE-2013-2465 CRITICAL POC KEV PATCH THREAT Act Now

Java Runtime Environment sandbox bypass via incorrect image channel verification in 2D component allows remote unauthenticated attackers to execute arbitrary code and escape security restrictions. Affects Oracle JRE 5.0 through Update 45, 6 through Update 45, 7 through Update 21, and OpenJDK 7. Confirmed actively exploited (CISA KEV) with 93.22% EPSS probability and publicly available exploit code. Oracle released patches in June 2013 CPU addressing the vulnerability through image channel verification corrections.

Java Oracle Authentication Bypass
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
93.2%
Threat
9.8
CVE-2013-2460 CRITICAL POC THREAT Emergency

Java Runtime Environment 7 Update 21 and earlier allows remote attackers to escape the Java sandbox and execute arbitrary code via insufficient access checks in the tracing/serviceability component. Publicly available exploit code exists for this medium-complexity network attack, which achieved a 92.14% EPSS score (100th percentile), indicating extremely high likelihood of exploitation. Oracle addressed this vulnerability in their June 2013 Critical Patch Update, though the exact nature of the serviceability component flaw was not fully disclosed by the vendor.

Java Oracle Authentication Bypass
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
92.1%
Threat
8.1
CVE-2013-2472 CRITICAL POC THREAT Emergency

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 54.4%.

Java Oracle Authentication Bypass Jre Jdk
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
54.4%
Threat
5.1
CVE-2013-2470 CRITICAL POC THREAT Emergency

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 54.4%.

Java Oracle Authentication Bypass Jre Jdk
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
54.4%
Threat
5.1
CVE-2013-2461 HIGH Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 70.9% and no vendor patch available.

Java Oracle Authentication Bypass Jdk Jre +2
NVD
CVSS 2.0
7.5
EPSS
70.9%
CVE-2013-2463 CRITICAL Emergency

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 44.7% and no vendor patch available.

Java Oracle Authentication Bypass Jre Jdk
NVD
CVSS 2.0
10.0
EPSS
44.7%
CVE-2013-2471 CRITICAL Emergency

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 40.1% and no vendor patch available.

Java Oracle Authentication Bypass Jre Jdk
NVD
CVSS 2.0
10.0
EPSS
40.1%
CVE-2013-2473 CRITICAL Emergency

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 30.9% and no vendor patch available.

Java Oracle Authentication Bypass Jre Jdk
NVD
CVSS 2.0
10.0
EPSS
30.9%
CVE-2013-2469 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 27.3% and no vendor patch available.

Java Oracle Authentication Bypass Jre Jdk
NVD
CVSS 2.0
10.0
EPSS
27.3%
CVE-2013-1571 MEDIUM POC PATCH THREAT This Month

Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 26.6%.

Code Injection Java Oracle Jdk Jre +1
NVD
CVSS 2.0
4.3
EPSS
26.6%
CVE-2013-2459 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.5% and no vendor patch available.

Buffer Overflow Java Oracle Jre Jdk
NVD
CVSS 2.0
10.0
EPSS
15.5%
CVE-2013-3644 CRITICAL Act Now

Unspecified vulnerability in JustSystems Ichitaro 2006 through 2013; Ichitaro Pro through 2; Ichitaro Government 6, 7, and 2006 through 2010; Ichitaro Portable with oreplug; Ichitaro Viewer; and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.7% and no vendor patch available.

RCE Ichitaro Ichitaro Just School Ichitaro Portable Ichitaro Viewer
NVD
CVSS 2.0
10.0
EPSS
11.7%
CVE-2013-2466 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
10.0
EPSS
7.5%
CVE-2013-2468 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
10.0
EPSS
7.5%
CVE-2013-2464 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
10.0
EPSS
6.9%
CVE-2013-3743 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 45 and earlier and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality,. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
9.3
EPSS
7.3%
CVE-2013-2462 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality, integrity, and availability via. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
9.3
EPSS
3.9%
CVE-2013-2442 HIGH This Week

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
7.5
EPSS
8.3%
CVE-2013-2445 HIGH This Week

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Authentication Bypass Jre Jdk
NVD
CVSS 2.0
7.8
EPSS
6.7%
CVE-2013-2458 MEDIUM This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Epss exploitation probability 15.4% and no vendor patch available.

Java Oracle Authentication Bypass Jre Jdk
NVD
CVSS 2.0
5.8
EPSS
15.4%
CVE-2013-2448 HIGH This Week

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Java Oracle Authentication Bypass Jre Jdk
NVD
CVSS 2.0
7.6
EPSS
5.1%
CVE-2013-2454 MEDIUM This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Java Oracle Authentication Bypass Jre Jdk
NVD
CVSS 2.0
5.8
EPSS
8.6%
CVE-2013-2407 MEDIUM This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
6.4
EPSS
5.4%
CVE-2013-2467 MEDIUM This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 5.0 Update 45 and earlier allows local users to affect confidentiality, integrity, and availability via. Rated medium severity (CVSS 6.9). No vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2013-3646 MEDIUM This Month

The Cybozu Live application before 2.0.1 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Java Google Information Disclosure Cybozu Live
NVD
CVSS 2.0
6.8
EPSS
0.6%
CVE-2013-3647 MEDIUM This Month

The WebView class in the Cybozu Live application before 2.0.1 for Android allows attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Google Cybozu Live
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2013-2457 MEDIUM This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Authentication Bypass Jre Jdk
NVD
CVSS 2.0
5.0
EPSS
8.7%
CVE-2013-3744 MEDIUM This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect integrity via unknown vectors related to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
5.0
EPSS
5.8%
CVE-2013-2450 MEDIUM This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
5.0
EPSS
5.2%
CVE-2013-2444 MEDIUM This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier;. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk +1
NVD
CVSS 2.0
5.0
EPSS
4.9%
CVE-2013-4616 MEDIUM This Month

The WifiPasswordController generateDefaultPassword method in Preferences in Apple iOS 6 and earlier relies on the UITextChecker suggestWordInLanguage method for selection of Wi-Fi hotspot WPA2 PSK. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Iphone Os
NVD
CVSS 2.0
5.8
EPSS
0.6%
CVE-2013-2453 MEDIUM This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect integrity via vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
5.0
EPSS
4.5%
CVE-2013-2455 MEDIUM This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
5.0
EPSS
3.9%
CVE-2013-2452 MEDIUM This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
5.0
EPSS
3.9%
CVE-2013-2447 MEDIUM This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
5.0
EPSS
3.9%
CVE-2013-2443 MEDIUM This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
5.0
EPSS
3.9%
CVE-2013-2437 MEDIUM This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
5.0
EPSS
3.9%
CVE-2013-2400 MEDIUM This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect integrity via unknown vectors related to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
5.0
EPSS
3.7%
CVE-2013-2446 MEDIUM This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
5.0
EPSS
3.4%
CVE-2013-2456 MEDIUM This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
5.0
EPSS
3.4%
CVE-2013-2412 MEDIUM This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
5.0
EPSS
3.4%
CVE-2013-1203 MEDIUM This Month

Cisco ASA CX Context-Aware Security Software allows remote attackers to cause a denial of service (device reload) via crafted TCP packets that appear to have been forwarded by a Cisco Adaptive. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Asa Cx Context Aware Security Software
NVD
CVSS 2.0
5.4
EPSS
0.6%
CVE-2013-2449 MEDIUM This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
4.3
EPSS
2.5%
CVE-2013-3927 MEDIUM This Month

Unspecified vulnerability in the client library in Siemens COMOS 9.2 before 9.2.0.6.10 and 10.0 before 10.0.3.0.4 allows local users to obtain unintended write access to the database by leveraging. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Siemens Information Disclosure Comos
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2013-2451 LOW Monitor

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows local users to affect. Rated low severity (CVSS 3.7). No vendor patch available.

Java Oracle Microsoft Information Disclosure Jre +1
NVD
CVSS 2.0
3.7
EPSS
0.1%
CVE-2013-1500 LOW Monitor

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
3.6
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy