Search CVE reports
111 – 120 of 243 results
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page.
1 affected package
icedtea-web
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| icedtea-web | — | — | — | — |
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the...
1 affected package
icedtea-web
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| icedtea-web | — | — | — | — |
A .desktop file in the Debian openjdk-7 package 7u79-2.5.5-1~deb8u1 includes a MIME type registration that is added to /etc/mailcap by mime-support, which allows remote attackers to execute arbitrary code via a JAR file.
4 affected packages
icedtea-web, openjdk-6, openjdk-7, openjdk-8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| icedtea-web | — | — | — | — |
| openjdk-6 | — | — | — | — |
| openjdk-7 | — | — | — | — |
| openjdk-8 | — | — | — | — |
Some fixes available 3 of 4
The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a...
1 affected package
icedtea-web
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| icedtea-web | — | — | — | — |
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-4540. Reason: This candidate was MERGED into CVE-2012-4540, since it was later discovered that it affected an additional version, but it does not constitute...
1 affected package
icedtea-web
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| icedtea-web | — | — | — | — |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via...
4 affected packages
openjdk-6, openjdk-7, icedtea-web, openjdk-6b18
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openjdk-6 | — | — | — | — |
| openjdk-7 | — | — | — | — |
| icedtea-web | — | — | — | — |
| openjdk-6b18 | — | — | — | — |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows local users to affect...
4 affected packages
icedtea-web, openjdk-6, openjdk-6b18, openjdk-7
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| icedtea-web | — | — | — | — |
| openjdk-6 | — | — | — | — |
| openjdk-6b18 | — | — | — | — |
| openjdk-7 | — | — | — | — |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect integrity via unknown vectors related to JavaFX.
4 affected packages
icedtea-web, openjdk-6, openjdk-6b18, openjdk-7
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| icedtea-web | — | — | — | — |
| openjdk-6 | — | — | — | — |
| openjdk-6b18 | — | — | — | — |
| openjdk-7 | — | — | — | — |
Some fixes available 4 of 7
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...
4 affected packages
icedtea-web, openjdk-6, openjdk-6b18, openjdk-7
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| icedtea-web | — | — | — | — |
| openjdk-6 | — | — | — | — |
| openjdk-6b18 | — | — | — | — |
| openjdk-7 | — | — | — | — |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via...
4 affected packages
icedtea-web, openjdk-6, openjdk-6b18, openjdk-7
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| icedtea-web | — | — | — | — |
| openjdk-6 | — | — | — | — |
| openjdk-6b18 | — | — | — | — |
| openjdk-7 | — | — | — | — |