Redhat Icedtea6 vulnerabilities

6 known vulnerabilities affecting redhat/icedtea6.

Total CVEs
6
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL3MEDIUM2LOW1

Vulnerabilities

Page 1 of 1
CVE-2010-2783CRITICALCVSS 9.1fixed in 1.7.42019-10-31
CVE-2010-2783 [CRITICAL] CWE-200 CVE-2010-2783: IcedTea6 before 1.7.4 allow unsigned apps to read and write arbitrary files, related to Extended JNL IcedTea6 before 1.7.4 allow unsigned apps to read and write arbitrary files, related to Extended JNLP Services.
nvd
CVE-2010-2548CRITICALCVSS 9.1fixed in 1.7.42019-10-31
CVE-2010-2548 [CRITICAL] CWE-863 CVE-2010-2548: IcedTea6 before 1.7.4 does not properly check property access, which allows unsigned apps to read an IcedTea6 before 1.7.4 does not properly check property access, which allows unsigned apps to read and write arbitrary files.
nvd
CVE-2011-2513MEDIUMCVSS 5.0≤ 1.8.8v1.8+15 more2014-05-14
CVE-2011-2513 [MEDIUM] CWE-200 CVE-2011-2513: The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader.
nvd
CVE-2011-2514MEDIUMCVSS 6.8≤ 1.8.8v1.8+15 more2014-05-14
CVE-2011-2514 [MEDIUM] CWE-264 CVE-2011-2514: The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims into granting access to local files by modifying the content of the Java Web Start Security Warning dialog box to represent a different filename than the
nvd
CVE-2012-1723CRITICALCVSS 9.8KEVPoCfixed in 1.10.8≥ 1.11.0, < 1.11.32012-06-16
CVE-2012-1723 [CRITICAL] CWE-284 CVE-2012-1723: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
nvd
CVE-2012-1717LOWCVSS 2.1fixed in 1.10.8≥ 1.11.0, < 1.11.32012-06-16
CVE-2012-1717 [LOW] CVE-2012-1717: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors related to printing on Solaris or Linux.
nvd