Summary
Detail | |||
---|---|---|---|
Vendor | Redhat | First view | 2012-11-11 |
Product | Icedtea-Web | Last view | 2014-03-03 |
Version | 1.3 | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:redhat:icedtea-web |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
2.1 | 2014-03-03 | CVE-2013-6493 | The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp. |
6.8 | 2013-04-29 | CVE-2013-1927 | The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR." |
5.8 | 2013-04-29 | CVE-2013-1926 | The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet. |
6.8 | 2012-11-11 | CVE-2012-4540 | Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x before 1.1.7, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.x before 1.4.1 allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly execute arbitrary code via a crafted webpage that triggers a heap-based buffer overflow, related to an error message and a "triggering event attached to applet." NOTE: the 1.4.x versions were originally associated with CVE-2013-4349, but that entry has been MERGED with this one. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
50% (1) | CWE-200 | Information Exposure |
50% (1) | CWE-189 | Numeric Errors |
OpenVAS Exploits
id | Description |
---|---|
2012-11-15 | Name : Fedora Update for icedtea-web FEDORA-2012-17745 File : nvt/gb_fedora_2012_17745_icedtea-web_fc16.nasl |
2012-11-15 | Name : Fedora Update for icedtea-web FEDORA-2012-17762 File : nvt/gb_fedora_2012_17762_icedtea-web_fc17.nasl |
2012-11-09 | Name : CentOS Update for icedtea-web CESA-2012:1434 centos6 File : nvt/gb_CESA-2012_1434_icedtea-web_centos6.nasl |
2012-11-09 | Name : RedHat Update for icedtea-web RHSA-2012:1434-01 File : nvt/gb_RHSA-2012_1434-01_icedtea-web.nasl |
2012-11-09 | Name : Ubuntu Update for icedtea-web USN-1625-1 File : nvt/gb_ubuntu_USN_1625_1.nasl |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2015-09-23 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2015-602.nasl - Type: ACT_GATHER_INFO |
2014-06-30 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201406-32.nasl - Type: ACT_GATHER_INFO |
2014-06-13 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2012-797.nasl - Type: ACT_GATHER_INFO |
2014-06-13 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2013-371.nasl - Type: ACT_GATHER_INFO |
2014-06-13 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2013-372.nasl - Type: ACT_GATHER_INFO |
2014-06-13 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2013-373.nasl - Type: ACT_GATHER_INFO |
2014-06-13 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2013-439.nasl - Type: ACT_GATHER_INFO |
2014-06-13 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2013-733.nasl - Type: ACT_GATHER_INFO |
2014-06-13 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2014-176.nasl - Type: ACT_GATHER_INFO |
2014-03-20 | Name: The remote SuSE 11 host is missing a security update. File: suse_11_icedtea-web-140304.nasl - Type: ACT_GATHER_INFO |
2014-03-07 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-2131-1.nasl - Type: ACT_GATHER_INFO |
2013-10-06 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-2768.nasl - Type: ACT_GATHER_INFO |
2013-10-04 | Name: The remote Fedora host is missing a security update. File: fedora_2013-17016.nasl - Type: ACT_GATHER_INFO |
2013-10-03 | Name: The remote SuSE 11 host is missing a security update. File: suse_11_icedtea-web-130924.nasl - Type: ACT_GATHER_INFO |
2013-09-23 | Name: The remote Fedora host is missing a security update. File: fedora_2013-16971.nasl - Type: ACT_GATHER_INFO |
2013-09-21 | Name: The remote Fedora host is missing a security update. File: fedora_2013-17026.nasl - Type: ACT_GATHER_INFO |
2013-07-18 | Name: The remote SuSE 11 host is missing a security update. File: suse_11_icedtea-web-130702.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2013-0753.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2012-1434.nasl - Type: ACT_GATHER_INFO |
2013-06-02 | Name: The remote SuSE 11 host is missing a security update. File: suse_11_icedtea-web-130517.nasl - Type: ACT_GATHER_INFO |
2013-04-29 | Name: The remote SuSE 11 host is missing a security update. File: suse_11_icedtea-web-130419.nasl - Type: ACT_GATHER_INFO |
2013-04-26 | Name: The remote Fedora host is missing a security update. File: fedora_2013-5877.nasl - Type: ACT_GATHER_INFO |
2013-04-24 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-1804-2.nasl - Type: ACT_GATHER_INFO |
2013-04-20 | Name: The remote Fedora host is missing a security update. File: fedora_2013-5925.nasl - Type: ACT_GATHER_INFO |
2013-04-19 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-1804-1.nasl - Type: ACT_GATHER_INFO |