Redhat

Icedtea

9 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.1

CVE-2017-3539

  • EPSS 0.73%
  • Published 24.04.2017 19:59:04
  • Last modified 20.04.2025 01:37:25

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthen...

4.3

CVE-2017-3544

  • EPSS 0.38%
  • Published 24.04.2017 19:59:04
  • Last modified 20.04.2025 01:37:25

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit...

8.3

CVE-2017-3512

  • EPSS 5.13%
  • Published 24.04.2017 19:59:03
  • Last modified 20.04.2025 01:37:25

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple proto...

4.3

CVE-2017-3533

  • EPSS 0.65%
  • Published 24.04.2017 19:59:03
  • Last modified 20.04.2025 01:37:25

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit...

4.3

CVE-2015-5235

  • EPSS 0.94%
  • Published 09.10.2015 14:59:05
  • Last modified 12.04.2025 10:46:40

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page.

6.8

CVE-2015-5234

  • EPSS 0.92%
  • Published 09.10.2015 14:59:01
  • Last modified 12.04.2025 10:46:40

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web ...

6.8

CVE-2011-0025

  • EPSS 2.55%
  • Published 04.02.2011 20:00:02
  • Last modified 11.04.2025 00:51:21

IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are "partially signed" or (2) signed by multiple entities, which allows remote attackers to trick users into executing code th...

6.8

CVE-2010-4351

  • EPSS 1.59%
  • Published 20.01.2011 19:00:06
  • Last modified 11.04.2025 00:51:21

The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-de...

5

CVE-2010-3860

  • EPSS 1.53%
  • Published 08.12.2010 20:00:01
  • Last modified 11.04.2025 00:51:21

IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including (1) user.name, (2) user.home, and ...