20 matches found
RHEL 6 : icedtea-web (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - icedtea-web: unsigned code injection in a signed JAR file CVE-2019-10181 - icedtea-web: directory travers...
openSUSE: Security Advisory for icedtea-web (SUSE-SU-2022:1259-1)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE SLED15 / SLES15 Security Update : icedtea-web (SUSE-SU-2022:1259-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1259-1 advisory. - It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a...
Mageia: Security Advisory (MGASA-2019-0242)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GLSA-202107-51 : IcedTeaWeb: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202107-51 IcedTeaWeb: Multiple vulnerabilities Multiple vulnerabilities have been discovered in IcedTeaWeb. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for...
Huawei EulerOS: Security Advisory for icedtea-web (EulerOS-SA-2020-1856)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP8 : icedtea-web (EulerOS-SA-2020-1856)
According to the versions of the icedtea-web package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising th...
icedtea security update
CentOS Errata and Security Advisory CESA-2019:2003 An update for icedtea-web is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
Huawei EulerOS: Security Advisory for icedtea-web (EulerOS-SA-2019-1905)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-1914-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 1914-1] icedtea-web security update
Package : icedtea-web Version : 1.5.3-1+deb8u1 CVE ID : CVE-2019-10181 CVE-2019-10182 CVE-2019-10185 Debian Bug : 934319 Several security vulnerabilities were found in icedtea-web, an implementation of the Java Network Launching Protocol JNLP. CVE-2019-10181 It was found that in icedtea-web...
openSUSE Security Update : icedtea-web (openSUSE-2019-1911)
This update for icedtea-web to version 1.7.2 fixes the following issues : Security issues fixed : - CVE-2019-10181: Fixed an unsigned code injection in a signed JAR file bsc1142835 - CVE-2019-10182: Fixed a path traversal while processing elements of JNLP files results in arbitrary file overwrite...
openSUSE: Security Advisory for icedtea-web (openSUSE-SU-2019:1911-1)
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for icedtea-web (important)
openSUSE Security Update: Security update for icedtea-web Announcement ID: openSUSE-SU-2019:1911-1 Rating: important References: 1142825 1142832 1142835 Cross-References: CVE-2019-10181 CVE-2019-10182 CVE-2019-10185 Affected Products: openSUSE Leap 15.0 An update that fixes three vulnerabilities ...
Oracle Linux 8 : icedtea-web (ELSA-2019-2004)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2004 advisory. - added patch1, patch4 and patch11 to fix CVE-2019-10182 - added patch2 to fix CVE-2019-10181 - added patch3 and patch33 to fix CVE-2019-10185 Tenable...
Oracle Linux 7 : icedtea-web (ELSA-2019-2003)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2003 advisory. - added patch1, patch4 and patch11 to fix CVE-2019-10182 - added patch2 to fix CVE-2019-10181 - added patch3 and patch33 to fix CVE-2019-10185 Tenable...
icedtea-web security update
1.7.1-16 - Added Patch5, testTuning.patch to make tests pass inclean envirnment - Resolves: rhbz1724958 1.7.1-16 - added patch1, patch4 and patch11 to fix CVE-2019-10182 - added patch2 to fix CVE-2019-10181 - added patch3 and patch33 to fix CVE-2019-10185 - Resolves: rhbz1724958 - Resolves:...
CVE-2019-10185
The connected Nessus entries confirm CVE-2019-10185 affects icedtea-web up to and including 1.7.2 and 1.8.2, with a zip-slip vulnerability during auto-extraction of a JAR that can write files to arbitrary locations and potentially break out of the sandbox. This is tied to multiple advisories (e.g...
Important: Red Hat Security Advisory: icedtea-web security update
An update for icedtea-web is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...
icedtea-web security update
1.7.2-16 - added patch1, patch4 and patch11 to fix CVE-2019-10182 - added patch2 to fix CVE-2019-10181 - added patch3 and patch33 to fix CVE-2019-10185 - Resolves: rhbz1724958 - Resolves: rhbz1725928 - Resolves: rhbz1724989...