EUVD-2011-2499

Malware in sbrugna...

EUVD-2011-2498

Malware in sbrugna...

Arbitrary Code Execution

icedtea-web is vulnerable to arbitrary code execution. The vulnerability exists as a flaw was discovered in the JNLP Java Network Launching Protocol implementation in IcedTea-Web. An unsigned Java Web Start application could use this flaw to manipulate the content of a Security Warning dialog box...

Debian DLA-1914-1 : icedtea-web security update

Several security vulnerabilities were found in icedtea-web, an implementation of the Java Network Launching Protocol JNLP. CVE-2019-10181 It was found that in icedtea-web executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this fl...

[SECURITY] [DLA 1914-1] icedtea-web security update

Package : icedtea-web Version : 1.5.3-1+deb8u1 CVE ID : CVE-2019-10181 CVE-2019-10182 CVE-2019-10185 Debian Bug : 934319 Several security vulnerabilities were found in icedtea-web, an implementation of the Java Network Launching Protocol JNLP. CVE-2019-10181 It was found that in icedtea-web...

The vulnerability of the IcedTea-Web plugin, related to errors in processing JNLP files, allows a hacker to write any files into the device’s file system.

The vulnerability of the IcedTea-Web plugin is related to errors in processing JNLP files. Exploiting this vulnerability allows a remote attacker to write arbitrary files to the device’s file system using a specially created application...

IcedTea-Web Data Forgery Issue Vulnerability

IcedTea-Web is an open source implementation of JSR-56 Java Network Launching Protocol and API. IcedTea-Web suffers from a Data Forgery Issue vulnerability that arises from a failure of a network system or product to adequately verify the origin or authenticity of data. An attacker could exploit...

CVE-2011-2514

The Java Network Launching Protocol JNLP implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims into granting access to local files by modifying the content of the Java Web Start Security Warnin...

DEBIAN-CVE-2011-2514

The Java Network Launching Protocol JNLP implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims into granting access to local files by modifying the content of the Java Web Start Security Warnin...

CVE-2011-2514

The Java Network Launching Protocol JNLP implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims into granting access to local files by modifying the content of the Java Web Start Security Warnin...

CVE-2011-2513

The Java Network Launching Protocol JNLP implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader...

Design/Logic Flaw

The Java Network Launching Protocol JNLP implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims into granting access to local files by modifying the content of the Java Web Start Security Warnin...

Design/Logic Flaw

The Java Network Launching Protocol JNLP implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader...

CVE-2011-2513

CVE-2011-2513 affects IcedTea6/ IcedTea-Web: the JNLP implementation allows remote attackers to obtain the username and full paths of the home and cache directories by querying ClassLoader properties. Affected versions include IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x be...

CVE-2011-2513

The Java Network Launching Protocol JNLP implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader...

Ubuntu Update for icedtea-web USN-1804-2

Check for the Version of icedtea-web OpenVAS Vulnerability Test $Id: gbubuntuUSN18042.nasl 8672 2018-02-05 16:39:18Z teissa $ Ubuntu Update for icedtea-web USN-1804-2 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free...

Ubuntu: Security Advisory (USN-1804-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RedHat Update for icedtea-web RHSA-2011:1100-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

icedtea-web: home directory path disclosure to untrusted applications

The Java Network Launching Protocol JNLP implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader...

CVE-2009-2719

The Java Web Start implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service NullPointerException via a crafted .jnlp file, as demonstrated by the jnlpfile/appletDesc/index.htmlmisc test in the Technology Compatibility Kit TCK for the Java...