pkg:Debian/icedtea-web

共 17 筆 CVEHIGH4MEDIUM1

✅ 檢查你的版本

所有已知漏洞

  • HIGH8.6CVE-2019-10185It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file.
    from 0, < 1.8.3-1
  • HIGH8.1CVE-2019-10181icedtea-web - security update
    from 0, < 1.8.3-1
  • HIGH8.1CVE-2019-10181icedtea-web - security update
    from 0, < 1.5.3-1+deb8u1
  • HIGH7.5CVE-2015-5236It was discovered that the IcedTea-Web used codebase attribute of the <applet> tag on the HTML page that hosts Java applet in the Same Orig…
    from 0
  • MEDIUM6.5CVE-2019-10182It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files.
    from 0, < 1.8.3-1
  • CVE-2015-5235IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers t…
    from 0, < 1.6.1-1
  • CVE-2015-5234IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets int…
    from 0, < 1.6.1-1
  • CVE-2011-2514The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1…
    from 0, < 1.1-1
  • CVE-2011-2513The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1…
    from 0, < 1.1.2-1
  • CVE-2013-6493The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages b…
    from 0, < 1.4.2-1
  • CVE-2011-3377openjdk-6 - several
    from 0, < 1.1.4-1
  • CVE-2013-1927The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that valida…
    from 0, < 1.3.2-1
  • CVE-2013-1926The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from diff…
    from 0, < 1.3.2-1
  • CVE-2012-4540icedtea-web - heap-based buffer overflow
    from 0, < 1.3.1-1
  • CVE-2012-4540icedtea-web - heap-based buffer overflow
    from 0, < 1.4-3~deb7u2
  • CVE-2012-3423The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to…
    from 0, < 1.3-1
  • CVE-2012-3422The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_id_map ha…
    from 0, < 1.3-1