CVE-2010-2783

< 1.7.4

IcedTea6 before 1.7.4 allow unsigned apps to read and write arbitrary files, related to Extended JNLP Services.

9.1CRITICAL

CVE-2010-2548

< 1.7.4

IcedTea6 before 1.7.4 does not properly check property access, which allows unsigned apps to read and write arbitrary files.

9.1CRITICAL

CVE-2017-3544

< 3.4.0

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions

3.7LOW

CVE-2017-3539

< 3.4.0

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are a

3.1LOW

CVE-2017-3533

< 3.4.0

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions

3.7LOW

CVE-2017-3512

< 3.4.0

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u

8.3HIGH

CVE-2016-0695

<= 2.6.6

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attack

5.9MEDIUM

CVE-2016-0636

<= 2.6.6

Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 allows remote attackers to affect confidentiality, integrity, and

8.1HIGH

CVE-2015-5235

<= 1.5.2

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote at

CVE-2015-5234

<= 1.5.2

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject ap

CVE-2011-2514

<= 1.0.3

The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x b

CVE-2011-2513

<= 1.0.3

The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x b

CVE-2013-6493

<= 1.3.2

The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the m

CVE-2011-3377

all versions

The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin

CVE-2013-1927

<= 1.2.2

The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file th

CVE-2013-1926

<= 1.2.2

The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but

CVE-2012-4540

all versions

Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x before 1.1.7, 1.2.x before 1.2.2,

CVE-2012-3423

<= 1.2

The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote atta

CVE-2012-3422

<= 1.2

The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_

CVE-2012-1723

< 1.10.8

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 an

9.8CRITICAL

CVE-2012-1717

< 1.10.8

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 an

CVE-2011-0706

all versions

The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to ga

CVE-2011-0025

all versions

IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are "p

CVE-2010-4351

all versions

The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns

CVE-2010-3860

<= 1.9.1

IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variabl