Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat icedtea vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2012-3423
The IcedTea-Web plugin prior to 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote malicious users to cause a denial of service (crash), obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet.
Redhat Icedtea-web 1.1
Redhat Icedtea-web
Redhat Icedtea-web 1.0
7.5
CVSSv2
CVE-2011-0706
The JNLPClassLoader class in IcedTea-Web prior to 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote malicious users to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptor."
Redhat Icedtea-web 1.0
Redhat Icedtea-web 1.0.1
Sun Jdk 1.6.0
6.8
CVSSv2
CVE-2015-5234
IcedTea-Web prior to 1.5.3 and 1.6.x prior to 1.6.1 does not properly sanitize applet URLs, which allows remote malicious users to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly relat...
Redhat Enterprise Linux Hpc Node 6.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Redhat Icedtea 1.6
Redhat Icedtea
Fedoraproject Fedora 22
Fedoraproject Fedora 21
6.8
CVSSv2
CVE-2011-2514
The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x prior to 1.9.9 and prior to 1.8.9, and IcedTea-Web 1.1.x prior to 1.1.1 and prior to 1.0.4, allows remote malicious users to trick victims into granting access to local files by modifying the content of t...
Redhat Icedtea-web 1.0.2
Redhat Icedtea-web
Redhat Icedtea-web 1.1
Redhat Icedtea-web 1.0.1
Redhat Icedtea-web 1.0
Redhat Icedtea6 1.9.2
Redhat Icedtea6 1.8.4
Redhat Icedtea6 1.9.6
Redhat Icedtea6 1.8.5
Redhat Icedtea6 1.8.3
Redhat Icedtea6 1.8.2
Redhat Icedtea6 1.8.1
Redhat Icedtea6 1.9.3
Redhat Icedtea6 1.9.4
Redhat Icedtea6 1.9.1
Redhat Icedtea6 1.8
Redhat Icedtea6 1.8.6
Redhat Icedtea6 1.9.5
Redhat Icedtea6 1.9.8
Redhat Icedtea6
Redhat Icedtea6 1.8.7
Redhat Icedtea6 1.9.7
6.8
CVSSv2
CVE-2012-4540
Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x prior to 1.1.7, 1.2.x prior to 1.2.2, 1.3.x prior to 1.3.1, and 1.4.x prior to 1.4.1 allows remote malicious users to obtain sensitive information, cause a denial of service (crash), ...
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Redhat Icedtea-web 1.2.1
Redhat Icedtea-web 1.1.4
Redhat Icedtea-web 1.1.1
Redhat Icedtea-web 1.1.2
Redhat Icedtea-web 1.2
Redhat Icedtea-web 1.1.6
Redhat Icedtea-web 1.3
Redhat Icedtea-web 1.1
Redhat Icedtea-web 1.1.5
Redhat Icedtea-web 1.1.3
6.8
CVSSv2
CVE-2012-3422
The getFirstInTableInstance function in the IcedTea-Web plugin prior to 1.2.1 returns an uninitialized pointer when the instance_to_id_map hash is empty, which allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted web...
Redhat Icedtea-web 1.1
Redhat Icedtea-web
Redhat Icedtea-web 1.0
6.8
CVSSv2
CVE-2011-0025
IcedTea 1.7 prior to 1.7.8, 1.8 prior to 1.8.5, and 1.9 prior to 1.9.5 does not properly verify signatures for JAR files that (1) are "partially signed" or (2) signed by multiple entities, which allows remote malicious users to trick users into executing code that appea...
Redhat Icedtea 1.9.3
Redhat Icedtea 1.8.1
Redhat Icedtea 1.9.4
Redhat Icedtea 1.7.7
Redhat Icedtea 1.7.2
Redhat Icedtea 1.8.3
Redhat Icedtea 1.8
Redhat Icedtea 1.7.3
Redhat Icedtea 1.7.5
Redhat Icedtea 1.8.4
Redhat Icedtea 1.7.4
Redhat Icedtea 1.7.6
Redhat Icedtea 1.8.2
Redhat Icedtea 1.7.1
Redhat Icedtea 1.9.2
Redhat Icedtea 1.9
Redhat Icedtea 1.9.1
Redhat Icedtea 1.7
6.8
CVSSv2
CVE-2010-4351
The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 prior to 1.7.7, 1.8 prior to 1.8.4, and 1.9 prior to 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent malicious users ...
Redhat Icedtea 1.7
Redhat Icedtea 1.7.1
Redhat Icedtea 1.7.2
Redhat Icedtea 1.7.3
Redhat Icedtea 1.7.4
Redhat Icedtea 1.7.5
Redhat Icedtea 1.7.6
Redhat Icedtea 1.8
Redhat Icedtea 1.8.1
Redhat Icedtea 1.8.2
Redhat Icedtea 1.8.3
Redhat Icedtea 1.9
Redhat Icedtea 1.9.1
Redhat Icedtea 1.9.2
Redhat Icedtea 1.9.3
6.4
CVSSv2
CVE-2010-2783
IcedTea6 prior to 1.7.4 allow unsigned apps to read and write arbitrary files, related to Extended JNLP Services.
Redhat Icedtea6
6.4
CVSSv2
CVE-2010-2548
IcedTea6 prior to 1.7.4 does not properly check property access, which allows unsigned apps to read and write arbitrary files.
Redhat Icedtea6
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2018-25103
CVE-2024-36279
CVE-2024-38457
elevation of privilege
CVE-2024-27801
CVE-2024-30103
NULL pointer dereference
CVE-2024-6057
XML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »