rpm package
suse/icedtea-web&distro=SUSE Linux Enterprise Module for Package Hub 15 SP3
pkg:rpm/suse/icedtea-web&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-10181 | — | < 1.7.2-150100.7.3.1 | 1.7.2-150100.7.3.1 | Jul 31, 2019 | It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox. | ||
| CVE-2019-10182 | — | < 1.7.2-150100.7.3.1 | 1.7.2-150100.7.3.1 | Jul 31, 2019 | It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the context | ||
| CVE-2019-10185 | — | < 1.7.2-150100.7.3.1 | 1.7.2-150100.7.3.1 | Jul 31, 2019 | It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace the main running application and, |
- CVE-2019-10181Jul 31, 2019affected < 1.7.2-150100.7.3.1fixed 1.7.2-150100.7.3.1
It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox.
- CVE-2019-10182Jul 31, 2019affected < 1.7.2-150100.7.3.1fixed 1.7.2-150100.7.3.1
It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the context
- CVE-2019-10185Jul 31, 2019affected < 1.7.2-150100.7.3.1fixed 1.7.2-150100.7.3.1
It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace the main running application and,