Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Workstation Extension 12 package java-1_7_0-openjdk-plugin, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (2)
CVE-2015-5234 — CVSS 6.8 (medium): IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets…
CVE-2015-5235 — CVSS 4.3 (medium): IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers…