VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
>
Icedtea WEB Project
>
Icedtea WEB
> 1.6
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2019-07-31
CVE-2019-10185
It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file.
network
low complexity
icedtea-web-project
debian
opensuse
8.6
8.6
2019-07-31
CVE-2019-10181
It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification.
network
high complexity
icedtea-web-project
debian
opensuse
8.1
8.1
2019-07-31
CVE-2019-10182
It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files.
network
low complexity
icedtea-web-project
redhat
6.5
6.5