Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Icedtea-web Project Subscribe

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-10182 2 Icedtea-web Project, Redhat 6 Icedtea-web, Enterprise Linux Desktop, Enterprise Linux Server and 3 more 2019-08-15 5.8 MEDIUM 6.5 MEDIUM
It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the context of the user.