Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Veracode
Veracodeadded 2020/04/10 1:1 a.m.21 views

Arbitrary Code Execution

icedtea-web is vulnerable to arbitrary code execution. The vulnerability exists as a flaw was discovered in the JNLP Java Network Launching Protocol implementation in IcedTea-Web. An unsigned Java Web Start application could use this flaw to manipulate the content of a Security Warning dialog box...

6.8CVSS2.9AI score0.00878EPSS
Exploits0References10Affected Software1
Veracode
Veracodeadded 2020/04/10 12:37 a.m.30 views

Spoofing Attack

ibm java is vulnerable to spoofing attack. A remote attacker is able to trick a user into trusting a signed applet by misrepresenting the security warning dialog...

4.3CVSS3.6AI score0.03473EPSS
Exploits0References33Affected Software1
NVD
NVDadded 2014/05/14 12:55 a.m.24 views

CVE-2011-2514

The Java Network Launching Protocol JNLP implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims into granting access to local files by modifying the content of the Java Web Start Security Warnin...

6.8CVSS6.3AI score0.00878EPSS
Exploits0References8
OSV
OSVadded 2014/05/14 12:55 a.m.6 views

CVE-2011-2514

The Java Network Launching Protocol JNLP implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims into granting access to local files by modifying the content of the Java Web Start Security Warnin...

6.3AI score
Exploits0References9
Prion
Prionadded 2014/05/14 12:55 a.m.16 views

Design/Logic Flaw

The Java Network Launching Protocol JNLP implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims into granting access to local files by modifying the content of the Java Web Start Security Warnin...

6.8CVSS6.9AI score0.00878EPSS
Exploits0References8Affected Software2
Tenable Nessus
Tenable Nessusadded 2011/07/28 12:0 a.m.25 views

Ubuntu 10.04 LTS / 10.10 / 11.04 : icedtea-web, openjdk-6, openjdk-6b18 vulnerabilities (USN-1178-1)

Omair Majid discovered that an unsigned Web Start application or applet could determine the path to the cache directory used to store downloaded class and jar files by querying class loader properties. This could allow a remote attacker to discover a user's name and home directory path...

6.8CVSS5.5AI score0.00878EPSS
Exploits0References3
Prion
Prionadded 2009/03/25 11:30 p.m.23 views

Spoofing

The Java Plug-in in Java SE Development Kit JDK and Java Runtime Environment JRE 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a "Swing...

4.3CVSS6.7AI score0.03473EPSS
Exploits0References30
Cvelist
Cvelistadded 2009/03/25 11:0 p.m.35 views

CVE-2009-1107

The Java Plug-in in Java SE Development Kit JDK and Java Runtime Environment JRE 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a "Swing...

7.1AI score0.03473EPSS
Exploits0References30
Rows per page
Query Builder