Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
icedtea vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2011-0706
The JNLPClassLoader class in IcedTea-Web prior to 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote malicious users to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptor."
Redhat Icedtea-web 1.0
Redhat Icedtea-web 1.0.1
Sun Jdk 1.6.0
5.8
CVSSv2
CVE-2019-10182
It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the c...
Icedtea-web Project Icedtea-web
Icedtea-web Project Icedtea-web 1.8.2
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Server Eus 7.6
Redhat Enterprise Linux Server Aus 7.6
1 Github repository
5
CVSSv2
CVE-2011-2513
The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x prior to 1.9.9 and prior to 1.8.9, and IcedTea-Web 1.1.x prior to 1.1.1 and prior to 1.0.4, allows remote malicious users to obtain the username and full path of the home and cache directories by accessin...
Redhat Icedtea-web 1.1
Redhat Icedtea-web
Redhat Icedtea-web 1.0.2
Redhat Icedtea-web 1.0.1
Redhat Icedtea-web 1.0
Redhat Icedtea6 1.8.5
Redhat Icedtea6 1.8.4
Redhat Icedtea6 1.8.3
Redhat Icedtea6 1.8.2
Redhat Icedtea6 1.9.4
Redhat Icedtea6 1.9.5
Redhat Icedtea6 1.9.6
Redhat Icedtea6 1.9.7
Redhat Icedtea6 1.9.1
Redhat Icedtea6 1.9.3
Redhat Icedtea6 1.9.8
Redhat Icedtea6 1.8.7
Redhat Icedtea6 1.8
Redhat Icedtea6 1.9.2
Redhat Icedtea6
Redhat Icedtea6 1.8.6
Redhat Icedtea6 1.8.1
6.8
CVSSv2
CVE-2011-2514
The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x prior to 1.9.9 and prior to 1.8.9, and IcedTea-Web 1.1.x prior to 1.1.1 and prior to 1.0.4, allows remote malicious users to trick victims into granting access to local files by modifying the content of t...
Redhat Icedtea-web
Redhat Icedtea-web 1.0.2
Redhat Icedtea-web 1.0.1
Redhat Icedtea-web 1.0
Redhat Icedtea-web 1.1
Redhat Icedtea6 1.9.5
Redhat Icedtea6 1.9.6
Redhat Icedtea6 1.9.7
Redhat Icedtea6 1.9.8
Redhat Icedtea6 1.8.4
Redhat Icedtea6 1.8.3
Redhat Icedtea6 1.8.2
Redhat Icedtea6 1.8.1
Redhat Icedtea6 1.9.2
Redhat Icedtea6 1.9.4
Redhat Icedtea6
Redhat Icedtea6 1.8.6
Redhat Icedtea6 1.9.1
Redhat Icedtea6 1.9.3
Redhat Icedtea6 1.8.7
Redhat Icedtea6 1.8.5
Redhat Icedtea6 1.8
5.1
CVSSv2
CVE-2017-3512
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Su...
Oracle Jdk 1.7.0
Oracle Jre 1.7.0
Oracle Jdk 1.8.0
Oracle Jre 1.8.0
Redhat Icedtea
6.8
CVSSv2
CVE-2015-5234
IcedTea-Web prior to 1.5.3 and 1.6.x prior to 1.6.1 does not properly sanitize applet URLs, which allows remote malicious users to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly relat...
Redhat Enterprise Linux Workstation 6.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Hpc Node 6.0
Redhat Enterprise Linux Server 6.0
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Redhat Icedtea
Redhat Icedtea 1.6
Fedoraproject Fedora 22
Fedoraproject Fedora 21
4.3
CVSSv2
CVE-2015-5235
IcedTea-Web prior to 1.5.3 and 1.6.x prior to 1.6.1 does not properly determine the origin of unsigned applets, which allows remote malicious users to bypass the approval process or trick users into approving applet execution via a crafted web page.
Fedoraproject Fedora 21
Fedoraproject Fedora 22
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Hpc Node 6
Redhat Enterprise Linux Workstation 6.0
Opensuse Opensuse 13.2
Opensuse Opensuse 13.1
Redhat Icedtea
Redhat Icedtea 1.6
NA
CVE-2013-4349
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-4540. Reason: This candidate was MERGED into CVE-2012-4540, since it was later discovered that it affected an additional version, but it does not constitute a regression error. Notes: All CVE users should ref...
5
CVSSv2
CVE-2011-3558
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and previous versions allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to HotSpot.
Sun Jre 1.7.0
Sun Jdk 1.7.0
Sun Jre 1.6.0
Sun Jdk 1.6.0
Sun Jdk
Sun Jre
4.3
CVSSv2
CVE-2013-2449
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and previous versions, and OpenJDK 7, allows remote malicious users to affect confidentiality via unknown vectors related to Libraries. NOTE: the previous information is from t...
Oracle Jre 1.7.0
Oracle Jre
Oracle Jdk 1.7.0
Oracle Jdk
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907
hardcoded
inject
CVE-2024-20359
CVE-2024-2467
CVE-2024-4077
CVE-2024-22391
camera
CVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »