Vulnerabilities > Redhat > Icedtea > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-04-24 | CVE-2017-3544 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). | 4.3 |
2017-04-24 | CVE-2017-3533 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). | 4.3 |
2017-04-24 | CVE-2017-3512 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). | 5.1 |
2015-10-09 | CVE-2015-5235 | Improper Input Validation vulnerability in multiple products IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page. | 4.3 |
2015-10-09 | CVE-2015-5234 | Improper Input Validation vulnerability in multiple products IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks. | 6.8 |
2010-12-08 | CVE-2010-3860 | Information Exposure vulnerability in Redhat Icedtea IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including (1) user.name, (2) user.home, and (3) java.home system properties, and other sensitive information such as installation directories. | 5.0 |