Lucene search
+L
RedhatIcedtea

9 matches found

CVE
CVE
•added 2017/04/24 7:0 p.m.•227 views

CVE-2017-3533

CVE-2017-3533 is an access restriction bypass in the Networking component (FTP client) of Oracle/OpenJDK Java SE. The newline-injection flaw in the FTP client could allow a remote attacker to manipulate FTP connections established by a Java application. Affected: Java SE/Embedded and JRockit vari...

4.3CVSS4.2AI score0.0258EPSS
CVE
CVE
•added 2017/04/24 7:0 p.m.•222 views

CVE-2017-3544

CVE-2017-3544 is a content spoofing vulnerability in the Networking component of Oracle/OpenJDK’s Java SE/Java SE Embedded/JRockit, specifically an SMTP newline-injection issue in the SMTP client. The connected documents establish that a remote attacker could exploit this via SMTP to manipulate S...

4.3CVSS4.3AI score0.01686EPSS
CVE
CVE
•added 2017/04/24 7:0 p.m.•211 views

CVE-2017-3539

CVE-2017-3539 (OpenJDK/JRE): A vulnerability in the Security component prevented jar integrity verification from enforcing a restricted algorithm set, allowing an attacker to modify content in a Jar file using weak signing keys or hashes. Affected: OpenJDK/OpenJDK Runtime/JDK with Java SE Securit...

3.1CVSS3.9AI score0.01993EPSS
CVE
CVE
•added 2017/04/24 7:0 p.m.•153 views

CVE-2017-3512

CVE-2017-3512 affects Oracle Java SE AWT with affected Java versions 7u131 and 8u121; exploitation requires network access and user interaction, with high impact across confidentiality, integrity and availability. IBM Netezza-related bulletins show remediation by upgrading IBM Java JRE to 8.0-5.4...

8.3CVSS8.2AI score0.028EPSS
CVE
CVE
•added 2011/01/20 6:0 p.m.•92 views

CVE-2010-4351

The CVE-2010-4351 issue affects IcedTea JDK/OpenJDK (IcedTea.so) prior to versions 1.7.7, 1.8.4, and 1.9.4, where JNLP SecurityManager’s checkPermission could return instead of throwing an exception in certain circumstances. This can allow context-dependent attackers to bypass the intended securi...

6.8CVSS8.8AI score0.02533EPSS
CVE
CVE
•added 2011/02/04 7:0 p.m.•89 views

CVE-2011-0025

CVE-2011-0025 describes a vulnerability in IcedTea where Java OpenJDK jar signature verification fails for jars that are partially signed or signed by multiple entities. A remote attacker could trick users into executing code from a trusted source. Affected releases include IcedTea 1.7 prior to 1...

6.8CVSS9AI score0.02578EPSS
CVE
CVE
•added 2015/10/09 2:0 p.m.•89 views

CVE-2015-5234

CVE-2015-5234 affects IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1. The root cause is improper sanitization of applet URLs stored in the .appletTrustSettings configuration, which could allow a crafted page to inject applets and bypass user approval to execute the applet. The vulnerability enab...

6.8CVSS6.8AI score0.02127EPSS
CVE
CVE
•added 2010/12/08 7:0 p.m.•83 views

CVE-2010-3860

The CVE-2010-3860 issue affects IcedTea JDK (based on OpenJDK 6): IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2 declare multiple sensitive variables as public, enabling remote disclosure of information such as user.name, user.home, and java.home properties. Root cause: pu...

5CVSS8.6AI score0.02999EPSS
CVE
CVE
•added 2015/10/09 2:0 p.m.•81 views

CVE-2015-5235

CVE-2015-5235 affects IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1, where the origin of unsigned applets is not properly determined, allowing remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page. The issue is addressed in icedtea...

4.3CVSS6.5AI score0.03025EPSS