| Max CVSS | 6.8 | Min CVSS | 5.8 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-10181 | 6.8 |
It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be e
|
12-02-2023 - 23:33 | 31-07-2019 - 23:15 | |
| CVE-2019-10182 | 5.8 |
It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbi
|
12-02-2023 - 23:33 | 31-07-2019 - 22:15 | |
| CVE-2019-10185 | 6.4 |
It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace the
|
12-02-2023 - 23:33 | 31-07-2019 - 23:15 |