Vulnerabilities > Icedtea WEB Project

DATE	CVE	VULNERABILITY TITLE	RISK
2022-07-07	CVE-2015-5236	Insufficient Verification of Data Authenticity vulnerability in Icedtea-Web Project Icedtea-Web It was discovered that the IcedTea-Web used codebase attribute of the <applet> tag on the HTML page that hosts Java applet in the Same Origin Policy (SOP) checks. network low complexity icedtea-web-project CWE-345	5.0
2019-07-31	CVE-2019-10185	Path Traversal vulnerability in multiple products It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. network low complexity icedtea-web-project debian opensuse CWE-22	8.6
2019-07-31	CVE-2019-10181	Insufficient Verification of Data Authenticity vulnerability in multiple products It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. network high complexity icedtea-web-project debian opensuse CWE-345	8.1
2019-07-31	CVE-2019-10182	Code Injection vulnerability in multiple products It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. network low complexity icedtea-web-project redhat CWE-94	6.5

Vulnerabilities > Icedtea WEB Project {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Icedtea WEB Project"}]}