| Java (Oracle JDK) | Number Of NVD | 974 | CRITICAL | 37 | HIGH | 411 | MEDIUM | 412 | LOW | 114 |
| URL | https://java.com/ | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Explanation | Java is a programming language and computing platform that was first released by Sun Microsystems in 1995. Excerpt from [https://java.com/ja/download/faq/whatis_java.xml] Intermediate files compiled from source code can be executed on various platforms (operating systems) via the JVM (Java Virtual Machine). Since the JVM absorbs platform differences, the developer does not have to be aware of the platform. Java has played a major role in the spread of object-oriented languages. It is now used in many enterprise systems and is a required language for business. Because it compiles, it has the advantage of running faster than interpreted languages such as Python and PHP. Currently, it is managed by Oracle since Sun Microsystems was merged into Oracle. Oracle JDK (Java Development Kit): A collection of functions necessary for the development and execution of Java. JRE (Java Runtime Environment): A collection of items required to run Java. Java SE (Java Platform, Standard Edition): A collection of standard features for developing Java applications on desktops and servers. Java EE (Java Platform, Enterprise Edition): Java SE with additional enterprise features (required for web application development) Java ME (Java Platform, Micro Edition): A collection of features required for embedded crises and mobile devices in the IoT. Every six months a new Java SE is released, and every three years an LTS (Long Term Support) version is released. The current LTS is Oracle Java SE 11 and it is paid for. Starting with Java 11, the JRE is no longer distributed solely as a JRE. Java EE was donated to the Eclipse Foundation in 2017 to be open sourced, and has been developed as Jakarta EE since Java EE 9. LTS has Premier Support for 5 years after release and Extended Support for the next 3 years, for a total of 8 years of support. All versions other than LTS are entitled to Premier Support for six months after release. A free Open JDK will also be released, but support will expire every six months, increasing the burden of migration. |
||||||||
| Tag | |||||||||
| No | Type | Name | URL |
|---|---|---|---|
| 1 | https://www.oracle.com/java/technologies/java-se-support-roadmap.html | ||
| 2 | https://www.oracle.com/technetwork/jp/java/eol-135779-ja.html | ||
| 3 | http://jdk.java.net/ |
| No | Name | Latest Version | Release date | Initial release | Normal Support | Security Support Service Pack Support |
Extended for a fee |
Critical | High | Medium | Low |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 911 | Oracle JDK 18 | March 1, 2022 | Sept. 30, 2022 | 0 | 3 | 5 | 0 | ||||
| 912 | Oracle JDK 17(LTS) | 17.0.8 | July 18, 2023 | Sept. 1, 2021 | Sept. 30, 2026 | Sept. 30, 2029 | 0 | 9 | 33 | 18 | |
| 913 | Oracle JDK 16 | March 1, 2021 | Sept. 30, 2021 | 0 | 1 | 4 | 0 | ||||
| 914 | Oracle JDK 15 | Sept. 1, 2020 | March 31, 2021 | 0 | 0 | 3 | 6 | ||||
| 915 | Oracle JDK 14 | March 1, 2020 | Sept. 30, 2020 | 0 | 5 | 8 | 9 | ||||
| 916 | Oracle JDK 13 | Sept. 1, 2019 | March 31, 2020 | 0 | 1 | 10 | 15 | ||||
| 917 | Oracle JDK 12 | March 1, 2019 | Sept. 30, 2019 | 0 | 1 | 7 | 3 | ||||
| 918 | Oracle JDK 11 (LTS) | 11.0.16 | July 19, 2022 | Sept. 1, 2018 | Sept. 30, 2023 | Sept. 30, 2026 | 1 | 17 | 67 | 55 | |
| 919 | Oracle JDK 10 | March 1, 2018 | Sept. 30, 2018 | 0 | 7 | 10 | 2 | ||||
| 920 | Oracle JDK 9 | Sept. 1, 2017 | March 31, 2018 | 0 | 5 | 14 | 1 | ||||
| 921 | Oracle JDK 8 (LTS) | March 1, 2014 | March 31, 2022 | Dec. 31, 2030 | 1 | 1 | 2 | 0 | |||
| 922 | Oracle JDK 7 (LTS) | July 1, 2011 | July 31, 2019 | July 31, 2022 | 0 | 2 | 2 | 0 | |||
| 923 | Oracle JDK 19 | 19 | 0 | 0 | 5 | 4 | |||||
| 924 | Oracle JDK - | - | 2 | 194 | 133 | 22 | |||||
| 925 | JDK 6 | 6.0 | Jan. 1, 2000 | 0 | 28 | 12 | 1 | ||||
| 926 | JDK 5 | 5.0 | Jan. 1, 2000 | 0 | 28 | 13 | 0 | ||||
| 927 | JDK 1.9 | 1.9.1 | Jan. 1, 2000 | 2 | 28 | 23 | 1 | ||||
| 928 | JDK 1.8 | 1.8.0 | Jan. 1, 2000 | 32 | 149 | 207 | 76 | ||||
| 929 | JDK 1.7 | 1.7.0 | Jan. 1, 2000 | 28 | 255 | 279 | 73 | ||||
| 930 | JDK 1.6 | 1.6.0.300 | Jan. 1, 2000 | 24 | 320 | 277 | 47 | ||||
| 931 | JDK 1.5 | 1.5.0.320 | Jan. 1, 2000 | 2 | 250 | 189 | 30 | ||||
| 932 | JDK 1.4 | 1.4.2_9 | Jan. 1, 2000 | 2 | 197 | 135 | 23 | ||||
| 933 | JDK 1.3 | 1.3.1_28 | Jan. 1, 2000 | 2 | 199 | 133 | 22 | ||||
| 934 | JDK 1.2 | 1.2.2 | Jan. 1, 2000 | 2 | 196 | 134 | 22 | ||||
| 935 | JDK 1.2 | 1.1.8 | Jan. 1, 2000 | 2 | 195 | 135 | 22 | ||||
| 936 | JDK 1.10 | 1.10.0 | Jan. 1, 2000 | 2 | 194 | 133 | 22 |
| No | CVSS3 CVSS2 |
Level Attach Vector |
Title | CWE | CVE | cpe23Uri | or higher | or less | more than | less than | Update date Published date |
Show Affected | Exploit PoC Search |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 911 |
- 10.0 |
HIGH | Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows… |
CWE-264 NVD-CWE-noinfo Permissions, Privileges, and Access Controls |
CVE-2008-3107 |
cpe:2.3:a:sun:jdk:6:update_5 cpe:2.3:a:sun:jdk:6:update_4 cpe:2.3:a:sun:jdk:6:update_3 cpe:2.3:a:sun:jdk:6:upd… |
|
6 5.0 |
|
|
2026-04-23 09:35 2008-07-10 |
Show | GitHub Exploit DB Packet Storm |
| 912 |
- 10.0 |
HIGH | Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 5.0 before Update 10, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allows context-dependent attackers … |
CWE-119
Incorrect Access of Indexable Resource ('Range Error') |
CVE-2008-3108 |
cpe:2.3:a:sun:jdk:1.5.0:update9 cpe:2.3:a:sun:jdk:1.5.0:update8 cpe:2.3:a:sun:jdk:1.5.0:update7_b03 cpe:2.3:a:… |
2026-04-23 09:35 2008-07-10 |
Show | GitHub Exploit DB Packet Storm | ||||
| 913 |
- 7.5 |
HIGH | Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows context-dependent attackers to gain privileges via an untrus… |
CWE-264
Permissions, Privileges, and Access Controls |
CVE-2008-3109 |
cpe:2.3:a:sun:jdk:6:update_5 cpe:2.3:a:sun:jdk:6:update_4 cpe:2.3:a:sun:jdk:6:update_3 cpe:2.3:a:sun:jdk:6:upd… |
6 |
2026-04-23 09:35 2008-07-10 |
Show | GitHub Exploit DB Packet Storm | |||
| 914 |
- 4.3 |
MEDIUM | Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to obtain sensitive information by using an… |
CWE-264
Permissions, Privileges, and Access Controls |
CVE-2008-3110 |
cpe:2.3:a:sun:jdk:6:update_5 cpe:2.3:a:sun:jdk:6:update_4 cpe:2.3:a:sun:jdk:6:update_3 cpe:2.3:a:sun:jdk:6:upd… |
6 |
2026-04-23 09:35 2008-07-10 |
Show | GitHub Exploit DB Packet Storm | |||
| 915 |
- 10.0 |
HIGH | Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain pri… |
CWE-20 CWE-119 Improper Input Validation Incorrect Access of Indexable Resource ('Range Error') |
CVE-2008-3111 |
cpe:2.3:a:sun:jdk:6:update_3 cpe:2.3:a:sun:jdk:6:update_2 cpe:2.3:a:sun:jdk:6:update_1 cpe:2.3:a:sun:jdk:5.0:u… |
2026-04-23 09:35 2008-07-10 |
Show | GitHub Exploit DB Packet Storm | ||||
| 916 |
- 10.0 |
HIGH | Directory traversal vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arb… |
CWE-264
Permissions, Privileges, and Access Controls |
CVE-2008-3112 |
cpe:2.3:a:sun:jdk:6:update_5 cpe:2.3:a:sun:jdk:6:update_4 cpe:2.3:a:sun:jdk:6:update_3 cpe:2.3:a:sun:jdk:6:upd… |
|
6 5.0 |
|
|
2026-04-23 09:35 2008-07-10 |
Show | GitHub Exploit DB Packet Storm |
| 917 |
- 10.0 |
HIGH | Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create or delete arbitrary files via an untrusted … |
CWE-264
Permissions, Privileges, and Access Controls |
CVE-2008-3113 |
cpe:2.3:a:sun:jdk:5.0:update_9 cpe:2.3:a:sun:jdk:5.0:update_8 cpe:2.3:a:sun:jdk:5.0:update_7 cpe:2.3:a:sun:jdk… |
5.0 |
2026-04-23 09:35 2008-07-10 |
Show | GitHub Exploit DB Packet Storm | |||
| 918 |
- 5.0 |
MEDIUM | Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain … |
CWE-200 NVD-CWE-noinfo Information Exposure |
CVE-2008-3114 |
cpe:2.3:a:sun:jdk:6:update_5 cpe:2.3:a:sun:jdk:6:update_4 cpe:2.3:a:sun:jdk:6:update_3 cpe:2.3:a:sun:jdk:6:upd… |
|
6 5.0 |
|
|
2026-04-23 09:35 2008-07-10 |
Show | GitHub Exploit DB Packet Storm |
| 919 |
- 7.5 |
HIGH | Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and earlier, and 5.0 Update 6 through 15, does not properly prevent execution of applets on older JRE releases, which might allow remote at… |
CWE-16
Configuration |
CVE-2008-3115 |
cpe:2.3:a:sun:jdk:6:update_5 cpe:2.3:a:sun:jdk:6:update_4 cpe:2.3:a:sun:jdk:6:update_3 cpe:2.3:a:sun:jdk:6:upd… |
6 |
2026-04-23 09:35 2008-07-10 |
Show | GitHub Exploit DB Packet Storm | |||
| 920 |
- 9.3 |
HIGH | Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attac… |
CWE-264
Permissions, Privileges, and Access Controls |
CVE-2008-1185 |
cpe:2.3:a:sun:jdk:1.6.0:update_4 cpe:2.3:a:sun:jdk:1.6.0:update_3 cpe:2.3:a:sun:jdk:1.6.0:* cpe:2.3:a:sun:jdk:… |
2026-04-23 09:35 2008-03-7 |
Show | GitHub Exploit DB Packet Storm |