Max CVSS | 7.5 | Min CVSS | 5.8 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2013-1927 | 6.8 |
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR." Per http://www.ubuntu.com/usn/USN-1804-1/ "A security issue
|
30-10-2018 - 16:27 | 29-04-2013 - 22:55 | |
CVE-2013-1926 | 5.8 |
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets vi
|
30-10-2018 - 16:27 | 29-04-2013 - 22:55 | |
CVE-2012-3422 | 6.8 |
The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_id_map hash is empty, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary
|
04-10-2014 - 04:53 | 07-08-2012 - 21:55 | |
CVE-2012-3423 | 7.5 |
The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service (crash), obtain sensitive information from memory, or execute arbitrary code via a cr
|
04-10-2014 - 04:53 | 07-08-2012 - 21:55 |