pkg:Debian/icedtea-web

All known vulnerabilities

• HIGH8.6CVE-2019-10185It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file.
  from 0, < 1.8.3-1
• HIGH8.1CVE-2019-10181icedtea-web - security update
  from 0, < 1.8.3-1
• HIGH8.1CVE-2019-10181icedtea-web - security update
  from 0, < 1.5.3-1+deb8u1
• HIGH7.5It was discovered that the IcedTea-Web used codebase attribute of the <applet> tag on the HTML page that hosts Java applet in the Same Orig…
  from 0
• MEDIUM6.5It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files.
  from 0, < 1.8.3-1
• —IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers t…
  from 0, < 1.6.1-1
• —IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets int…
  from 0, < 1.6.1-1
• —The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1…
  from 0, < 1.1-1
• —The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1…
  from 0, < 1.1.2-1
• —The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages b…
  from 0, < 1.4.2-1
• —openjdk-6 - several
  from 0, < 1.1.4-1
• —The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that valida…
  from 0, < 1.3.2-1
• —The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from diff…
  from 0, < 1.3.2-1
• —icedtea-web - heap-based buffer overflow
  from 0, < 1.3.1-1
• —icedtea-web - heap-based buffer overflow
  from 0, < 1.4-3~deb7u2
• —The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to…
  from 0, < 1.3-1
• —The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_id_map ha…
  from 0, < 1.3-1