Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:redhat:icedtea-web:1.2.2:*:*:*:*:*:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2013-6493 |
The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp. Published: March 03, 2014; 11:55:04 AM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2013-1927 |
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR." Published: April 29, 2013; 6:55:08 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2013-1926 |
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet. Published: April 29, 2013; 6:55:08 PM -0400 |
V3.x:(not available) V2.0: 5.8 MEDIUM |