Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
icedtea vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2015-5236
It exists that the IcedTea-Web used codebase attribute of the <applet> tag on the HTML page that hosts Java applet in the Same Origin Policy (SOP) checks. As the specified codebase does not have to match the applet's actual origin, this allowed malicious site to bypass...
Icedtea-web Project Icedtea-web -
9.1
CVSSv3
CVE-2010-2548
IcedTea6 prior to 1.7.4 does not properly check property access, which allows unsigned apps to read and write arbitrary files.
Redhat Icedtea6
9.1
CVSSv3
CVE-2010-2783
IcedTea6 prior to 1.7.4 allow unsigned apps to read and write arbitrary files, related to Extended JNLP Services.
Redhat Icedtea6
8.6
CVSSv3
CVE-2019-10185
It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace the main running application and, ...
Icedtea-web Project Icedtea-web
Icedtea-web Project Icedtea-web 1.8.2
Debian Debian Linux 8.0
Opensuse Leap 15.0
1 Github repository
8.1
CVSSv3
CVE-2019-10181
It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox.
Icedtea-web Project Icedtea-web
Icedtea-web Project Icedtea-web 1.8.2
Debian Debian Linux 8.0
Opensuse Leap 15.0
1 Github repository
6.5
CVSSv3
CVE-2019-10182
It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the c...
Icedtea-web Project Icedtea-web
Icedtea-web Project Icedtea-web 1.8.2
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Server Eus 7.6
Redhat Enterprise Linux Server Aus 7.6
1 Github repository
8.3
CVSSv3
CVE-2017-3512
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Su...
Oracle Jre 1.7.0
Oracle Jre 1.8.0
Oracle Jdk 1.8.0
Oracle Jdk 1.7.0
Redhat Icedtea
NA
CVE-2015-5234
IcedTea-Web prior to 1.5.3 and 1.6.x prior to 1.6.1 does not properly sanitize applet URLs, which allows remote malicious users to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly relat...
Redhat Enterprise Linux Hpc Node 6.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Redhat Icedtea 1.6
Redhat Icedtea
Fedoraproject Fedora 22
Fedoraproject Fedora 21
NA
CVE-2015-5235
IcedTea-Web prior to 1.5.3 and 1.6.x prior to 1.6.1 does not properly determine the origin of unsigned applets, which allows remote malicious users to bypass the approval process or trick users into approving applet execution via a crafted web page.
Fedoraproject Fedora 22
Fedoraproject Fedora 21
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Redhat Enterprise Linux Hpc Node 6
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Redhat Icedtea 1.6
Redhat Icedtea
NA
CVE-2011-2513
The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x prior to 1.9.9 and prior to 1.8.9, and IcedTea-Web 1.1.x prior to 1.1.1 and prior to 1.0.4, allows remote malicious users to obtain the username and full path of the home and cache directories by accessin...
Redhat Icedtea-web 1.0.2
Redhat Icedtea-web
Redhat Icedtea-web 1.1
Redhat Icedtea-web 1.0.1
Redhat Icedtea-web 1.0
Redhat Icedtea6 1.9.2
Redhat Icedtea6 1.8.4
Redhat Icedtea6 1.9.6
Redhat Icedtea6 1.8.5
Redhat Icedtea6 1.8.3
Redhat Icedtea6 1.8.2
Redhat Icedtea6 1.8.1
Redhat Icedtea6 1.9.3
Redhat Icedtea6 1.9.4
Redhat Icedtea6 1.9.1
Redhat Icedtea6 1.8
Redhat Icedtea6 1.8.6
Redhat Icedtea6 1.9.5
Redhat Icedtea6 1.9.8
Redhat Icedtea6
Redhat Icedtea6 1.8.7
Redhat Icedtea6 1.9.7
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30065
CVE-2024-5843
CVE-2024-30080
code execution
CVE-2024-4577
CVE-2024-26169
wireless
remote code execution
CVE-2024-36103
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »