CVE-2025-60790

ProcessWire CMS 3.0.246 allows a low-privileged user with lang-edit to upload a crafted ZIP to Language Support that is auto-extracted without limits prior to validation, enabling resource-exhaustion Denial of Service...

EUVD-2025-35198

ProcessWire CMS 3.0.246 allows a low-privileged user with lang-edit to upload a crafted ZIP to Language Support that is auto-extracted without limits prior to validation, enabling resource-exhaustion Denial of Service...

SUSE-SU-2022:1259-1 Security update for icedtea-web

This update for icedtea-web fixes the following issues: - CVE-2019-10181: Fixed an issue where an attacker could inject unsigned code in a signed JAR file bsc1142835. - CVE-2019-10182: Fixed a path traversal issue where an attacker could upload arbritrary files by tricking a victim into running a...

EulerOS 2.0 SP8 : icedtea-web (EulerOS-SA-2020-1856)

According to the versions of the icedtea-web package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising th...

EulerOS 2.0 SP5 : icedtea-web (EulerOS-SA-2019-1905)

According to the versions of the icedtea-web package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was found that executable code could be injected in a JAR file without compromising the signature verification. An attacker could use thi...

Debian DLA-1914-1 : icedtea-web security update

Several security vulnerabilities were found in icedtea-web, an implementation of the Java Network Launching Protocol JNLP. CVE-2019-10181 It was found that in icedtea-web executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this fl...

Debian: Security Advisory (DLA-1914-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 1914-1] icedtea-web security update

Package : icedtea-web Version : 1.5.3-1+deb8u1 CVE ID : CVE-2019-10181 CVE-2019-10182 CVE-2019-10185 Debian Bug : 934319 Several security vulnerabilities were found in icedtea-web, an implementation of the Java Network Launching Protocol JNLP. CVE-2019-10181 It was found that in icedtea-web...

Updated icedtea-web packages fix security vulnerabilities

Updated icedtea-web packages fix security vulnerabilities: It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The cod...

Directory Traversal

icedtea-web is vulnerable to directory traversal in the nested jar auto-extraction leading to arbitrary file overwrite...

Code injection

It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace the main running application and, possibly, break o...

CVE-2019-10185

It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace the main running application and, possibly, break o...

CVE-2019-10185

It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace the main running application and, possibly, break o...

icedtea-web: directory traversal in the nested jar auto-extraction leading to arbitrary file overwrite

It was found that icedtea-web was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace the main running application and, possibly, break out of the sandbox...