Icedtea-web Project Icedtea-web — known CVE vulnerabilities
Every CVE whose affected-product data names Icedtea-web Project Icedtea-web, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2019-10185 — CVSS 8.6 (high): It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file…
CVE-2019-10182 — CVSS 8.2 (high): It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could…
CVE-2019-10181 — CVSS 8.1 (high): It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising…
CVE-2015-5236 — CVSS 7.5 (high): It was discovered that the IcedTea-Web used codebase attribute of the <applet> tag on the HTML page that hosts Java applet in the Same…