VYPR
Vendor

AdoptOpenJDK

Products
1
CVEs
3
Across products
3
Status
Private

Products

1

Recent CVEs

3
  • CVE-2019-10185HigJul 31, 2019
    risk 0.00cvss 8.6epss 0.04

    It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace the main running application and,…

  • CVE-2019-10181HigJul 31, 2019
    risk 0.00cvss 8.1epss 0.01

    It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox.

  • CVE-2019-10182HigJul 31, 2019
    risk 0.00cvss 8.2epss 0.03

    It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the…