icedtea
OSS Librariesoss-project
Top products
Latest CVEs
The 5 most recently published vulnerabilities affecting icedtea.
- CVE-2010-2783IcedTea6 before 1.7.4 allow unsigned apps to read and write arbitrary files, related to Extended JNLP Services.9.1
- CVE-2010-2548IcedTea6 before 1.7.4 does not properly check property access, which allows unsigned apps to read and write arbitrary files.9.1
- CVE-2019-10181It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw...8.1
- CVE-2019-10182It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially crafted applicatio...8.2
- CVE-2019-10185It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitra...8.6