Skip to main content
CVE-2013-2465 CRITICAL POC KEV PATCH THREAT Act Now

Java Runtime Environment sandbox bypass via incorrect image channel verification in 2D component allows remote unauthenticated attackers to execute arbitrary code and escape security restrictions. Affects Oracle JRE 5.0 through Update 45, 6 through Update 45, 7 through Update 21, and OpenJDK 7. Confirmed actively exploited (CISA KEV) with 93.22% EPSS probability and publicly available exploit code. Oracle released patches in June 2013 CPU addressing the vulnerability through image channel verification corrections.

Java Oracle Authentication Bypass
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
93.2%
Threat
9.8
CVE-2013-2460 CRITICAL POC THREAT Emergency

Java Runtime Environment 7 Update 21 and earlier allows remote attackers to escape the Java sandbox and execute arbitrary code via insufficient access checks in the tracing/serviceability component. Publicly available exploit code exists for this medium-complexity network attack, which achieved a 92.14% EPSS score (100th percentile), indicating extremely high likelihood of exploitation. Oracle addressed this vulnerability in their June 2013 Critical Patch Update, though the exact nature of the serviceability component flaw was not fully disclosed by the vendor.

Java Oracle Authentication Bypass
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
92.1%
Threat
8.1
CVE-2013-2472 CRITICAL POC THREAT Emergency

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 54.4%.

Java Oracle Authentication Bypass Jre Jdk
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
54.4%
Threat
5.1
CVE-2013-2470 CRITICAL POC THREAT Emergency

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 54.4%.

Java Oracle Authentication Bypass Jre Jdk
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
54.4%
Threat
5.1
CVE-2013-2463 CRITICAL Emergency

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 44.7% and no vendor patch available.

Java Oracle Authentication Bypass Jre Jdk
NVD
CVSS 2.0
10.0
EPSS
44.7%
CVE-2013-2471 CRITICAL Emergency

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 40.1% and no vendor patch available.

Java Oracle Authentication Bypass Jre Jdk
NVD
CVSS 2.0
10.0
EPSS
40.1%
CVE-2013-2473 CRITICAL Emergency

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 30.9% and no vendor patch available.

Java Oracle Authentication Bypass Jre Jdk
NVD
CVSS 2.0
10.0
EPSS
30.9%
CVE-2013-2469 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 27.3% and no vendor patch available.

Java Oracle Authentication Bypass Jre Jdk
NVD
CVSS 2.0
10.0
EPSS
27.3%
CVE-2013-2459 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.5% and no vendor patch available.

Buffer Overflow Java Oracle Jre Jdk
NVD
CVSS 2.0
10.0
EPSS
15.5%
CVE-2013-3644 CRITICAL Act Now

Unspecified vulnerability in JustSystems Ichitaro 2006 through 2013; Ichitaro Pro through 2; Ichitaro Government 6, 7, and 2006 through 2010; Ichitaro Portable with oreplug; Ichitaro Viewer; and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.7% and no vendor patch available.

RCE Ichitaro Ichitaro Just School Ichitaro Portable Ichitaro Viewer
NVD
CVSS 2.0
10.0
EPSS
11.7%
CVE-2013-2466 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
10.0
EPSS
7.5%
CVE-2013-2468 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
10.0
EPSS
7.5%
CVE-2013-2464 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
10.0
EPSS
6.9%
CVE-2013-3743 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 45 and earlier and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality,. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
9.3
EPSS
7.3%
CVE-2013-2462 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality, integrity, and availability via. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
9.3
EPSS
3.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy