Vulnerabilidades em IcedTea
5 resultadosCVE-2019-10185HIGHIt was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. EPSS 4.0%CVE-2019-10182HIGHIt was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could tEPSS 2.7%CVE-2010-2548—IcedTea6 before 1.7.4 does not properly check property access, which allows unsigned apps to read and write arbitrary files.EPSS 2.0%CVE-2010-2783—IcedTea6 before 1.7.4 allow unsigned apps to read and write arbitrary files, related to Extended JNLP Services.EPSS 1.9%CVE-2019-10181MEDIUMIt was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising thEPSS 1.1%