Lucene search
+L

876 matches found

Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.23 views

RHEL 6 : icedtea-web (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - icedtea-web: unsigned code injection in a signed JAR file CVE-2019-10181 - icedtea-web: directory travers...

8.3AI score0.04022EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2024/03/25 12:0 a.m.36 views

openSUSE Security Advisory (SUSE-SU-2024:0847-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.4CVSS6.8AI score0.01026EPSS
Exploits0References9
OpenVAS
OpenVAS
added 2024/03/08 12:0 a.m.17 views

Fedora: Security Advisory for icedtea-web (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS9.2AI score0.02578EPSS
Exploits3References2
Fedora
Fedora
added 2024/03/07 10:33 p.m.74 views

[SECURITY] Fedora 40 Update: icedtea-web-1.8.8-5.fc40

The IcedTea-Web project provides a free software implementation of Java Web Start, originally based on the NetX, project. IcedTea's NetX currently supports verification of signed jars, trusted certificate storing, system certificate store checking, and provides the services specified by the jnlp...

8.8CVSS6.9AI score0.02578EPSS
Exploits3
OpenVAS
OpenVAS
added 2023/05/18 12:0 a.m.25 views

SUSE: Security Advisory (SUSE-SU-2023:2238-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.4CVSS6.7AI score0.02474EPSS
Exploits1References10
OpenVAS
OpenVAS
added 2023/03/28 12:0 a.m.21 views

SUSE: Security Advisory (SUSE-SU-2023:0720-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS6.8AI score0.01357EPSS
Exploits0References5
OSV
OSV
added 2023/03/14 12:3 p.m.7 views

SUSE-SU-2023:0720-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: Updated to version jdk8u362 icedtea-3.26.0: - CVE-2023-21830: Fixed improper restrictions in CORBA deserialization bsc1207249. - CVE-2023-21843: Fixed soundbank URL remote loading bsc1207248...

5.3CVSS5.2AI score0.01357EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.39 views

Debian: Security Advisory (DLA-303-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS7.1AI score0.9986EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:3 a.m.6 views

SUSE CVE-2009-1896

The Java Web Start framework in IcedTea in OpenJDK before 1.6.0.0-20.b16.fc10 on Fedora 10, and before 1.6.0.0-27.b16.fc11 on Fedora 11, trusts an entire application when at least one of the listed jar files is trusted, which allows context-dependent attackers to execute arbitrary code without th...

10CVSS7.8AI score0.03031EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:58 a.m.4 views

SUSE CVE-2010-2783

IcedTea6 before 1.7.4 allow unsigned apps to read and write arbitrary files, related to Extended JNLP Services...

9.1CVSS7.1AI score0.01938EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:56 a.m.4 views

SUSE CVE-2010-3860

IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including 1 user.name, 2 user.home, and 3 java.home system properties, and other sensitive...

5CVSS6.8AI score0.02999EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:55 a.m.3 views

SUSE CVE-2010-4351

The JNLP SecurityManager in IcedTea IcedTea.so 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security...

6.8CVSS6.9AI score0.02533EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:55 a.m.3 views

SUSE CVE-2011-0025

IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that 1 are "partially signed" or 2 signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source...

6.8CVSS7.3AI score0.02578EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:54 a.m.4 views

SUSE CVE-2011-0706

The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptor."...

7.5CVSS7.9AI score0.03086EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:52 a.m.5 views

SUSE CVE-2011-2513

The Java Network Launching Protocol JNLP implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader...

5CVSS7AI score0.02497EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:50 a.m.6 views

SUSE CVE-2011-3377

The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy SOP and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a...

4.3CVSS7.5AI score0.02217EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:45 a.m.3 views

SUSE CVE-2012-3423

The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service crash, obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet...

7.5CVSS7.7AI score0.06172EPSS
Exploits1References9
SUSE CVE
SUSE CVE
added 2023/02/15 5:45 a.m.3 views

SUSE CVE-2012-3422

The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instancetoidmap hash is empty, which allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted web page, which causes an...

6.8CVSS7.8AI score0.03119EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2023/02/15 5:44 a.m.7 views

SUSE CVE-2012-4540

Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x before 1.1.7, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.x before 1.4.1 allows remote attackers to obtain sensitive information, cause a denial of service crash, or possibly execute arbitrary cod...

6.8CVSS8.1AI score0.0344EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 5:39 a.m.3 views

SUSE CVE-2013-1927

The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR."...

6.8CVSS7.9AI score0.04323EPSS
Exploits0References7
Rows per page
Query Builder