RSS   Vulnerabilities for 'Icedtea'   RSS

2017-04-24
 
CVE-2017-3544

CWE-284
 

 
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

 
 
CVE-2017-3539

CWE-284
 

 
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).

 
 
CVE-2017-3533

CWE-284
 

 
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via FTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

 
 
CVE-2017-3512

CWE-284
 

 
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

 
2015-10-09
 
CVE-2015-5235

CWE-20
 

 
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page.

 
 
CVE-2015-5234

CWE-20
 

 
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks.

 
2011-02-04
 
CVE-2011-0025

CWE-20
 

 
IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are "partially signed" or (2) signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source.

 
2011-01-20
 
CVE-2010-4351

CWE-264
 

 
The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader.

 
2010-12-08
 
CVE-2010-3860

CWE-200
 

 
IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including (1) user.name, (2) user.home, and (3) java.home system properties, and other sensitive information such as installation directories.

 

 >>> Vendor: Redhat 277 Products
Linux
Enterprise linux
Enterprise linux desktop
Linux powertools
Tmpwatch
Stronghold
Redhat package manager
Docbook stylesheets
Docbook utils
Pre-execution environment
Interchange
Linux advanced workstation
Rhmask
LV
Tcpdump
Analog real-time synthesizer
Kdebase
Kdelibs
Kdelibs devel
Kdelibs sound
Kdelibs sound devel
Wu ftpd
Daredevil skk
Ddskk-xemacs
Up2date
Pam smb
Sendmail
Kernel
Rsync
Bigmem kernel
Kernel doc
Kernel source
Openssl
Sysstat
Gdk pixbuf
LHA
Fedora core
Libpng
Sysreport
Open iscsi
Cluster suite
Network satelite server
Fedora
Conga
Mcstrans
Certificate server
Cairo
Network satellite server
Cygwin
Directory server
Fedora directory server
Nfs utils
Desktop
Enterprise linux desktop workstation
Desktop workstation
Fedora 8
Certificate system
Vsftpd
Adminutil
Enterprise ipa
Freeipa
Jboss enterprise application platform
Initscripts
CMAN
dogtag certificate system
Cluster project
Gfs2-utils
Rgmanager
Dogtag certificate system
Enterprise mrg
Spacewalk-java
Enterprise virtualization
Qspice
KVM
Network satellite
Yum-rhn-plugin
Enterprise virtualization hypervisor
Enterprise virtualization manager
Jboss enterprise service bus
Jboss enterprise soa platform
Evince
Spice-xpi
Spice-activex
LUCI
Icedtea
Jboss enterprise web platform
Jboss remoting
Icedtea-web
Policycoreutils
Libvirt
Jboss seam 2 framework
Policykit
System-config-firewall
System-config-printer
Jboss operations network
Automatic bug reporting tool
SOS
Dtach
Jboss community application server
Mod cluster
See all Products for Vendor Redhat


Copyright 2019, cxsecurity.com

 

Back to Top