15 matches found
MiracleLinux 4 : icedtea-web-1.6.2-1.0.1.AXS4 (AXSA:2016-504:01)
The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2016-504:01 advisory. The IcedTea-Web project provides a Java web browser plugin, an implementation of Java Web Start originally based on the Netx project and a settings...
CentOS 6 : icedtea-web (CESA-2016:0778)
An update for icedtea-web is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
RHEL 6 : icedtea-web (RHSA-2016:0778)
An update for icedtea-web is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
RedHat Update for icedtea-web RHSA-2016:0778-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Moderate: Red Hat Security Advisory: icedtea-web security, bug fix, and enhancement update
An update for icedtea-web is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
Ubuntu: Security Advisory (USN-2817-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-2817-1: IcedTea Web vulnerabilities
It was discovered that IcedTea Web incorrectly handled applet URLs. A remote attacker could possibly use this issue to inject applets into the .appletTrustSettings configuration file and bypass user approval. CVE-2015-5234 Andrea Palazzo discovered that IcedTea Web incorrectly determined the orig...
Mageia: Security Advisory (MGASA-2015-0376)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2015-5235
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page...
CVE-2015-5235
CVE-2015-5235 affects IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1, where the origin of unsigned applets is not properly determined, allowing remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page. The issue is addressed in icedtea...
SUSE SLED12 Security Update : icedtea-web (SUSE-SU-2015:1682-1)
The Java IcedTea-Web Plugin was updated to 1.6.1 bringing various features, bug- and securityfixes. - Enabled Entry-Point attribute check - permissions sandbox and signed app and unsigned app with permissions all-permissions now run in sandbox instead of not t all. - fixed DownloadService -...
openSUSE: Security Advisory for icedtea-web (openSUSE-SU-2015:1595-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 21 : icedtea-web-1.6.1-1.fc21 (2015-15677)
update to security release of 1.6.1 http://mail.openjdk.java.net/pipermail /distro-pkg-dev/2015-September/033546.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and forma...
Updated icedtea-web packages fix security vulnerabilities
Updated icedtea-web packages fix security vulnerabilities: It was discovered that IcedTea-Web did not properly sanitize applet URLs when storing applet trust settings. A malicious web page could use this flaw to inject trust-settings configuration, and cause applets to be executed without user...
icedtea-web: multiple issues
CVE-2015-5234 unexpected permanent authorization of unsigned applets It was discovered that IcedTea-Web did not properly sanitize applet URLs when storing applet trust settings. A malicious web page could use this flaw to inject trust-settings configuration, and cause applets to be executed...