Vulnerabilities > Icedtea WEB Project

DATE CVE VULNERABILITY TITLE RISK
2022-07-07 CVE-2015-5236 Insufficient Verification of Data Authenticity vulnerability in Icedtea-Web Project Icedtea-Web
It was discovered that the IcedTea-Web used codebase attribute of the <applet> tag on the HTML page that hosts Java applet in the Same Origin Policy (SOP) checks.
network
low complexity
icedtea-web-project CWE-345
5.0
2019-07-31 CVE-2019-10185 Path Traversal vulnerability in multiple products
It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file.
network
low complexity
icedtea-web-project debian opensuse CWE-22
8.6
2019-07-31 CVE-2019-10181 Insufficient Verification of Data Authenticity vulnerability in multiple products
It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification.
network
high complexity
icedtea-web-project debian opensuse CWE-345
8.1
2019-07-31 CVE-2019-10182 Code Injection vulnerability in multiple products
It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files.
network
low complexity
icedtea-web-project redhat CWE-94
6.5