CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2010-2548 – Gentoo Linux Security Advisory 201406-32
https://notcve.org/view.php?id=CVE-2010-2548
30 Jun 2014 — IcedTea6 before 1.7.4 does not properly check property access, which allows unsigned apps to read and write arbitrary files. IcedTea6 versiones anteriores a 1.7.4, no comprueba apropiadamente el acceso a la propiedad, lo que permite a aplicaciones sin firmar leer y escribir archivos arbitrarios. Multiple vulnerabilities have been found in the IcedTea JDK, the worst of which could lead to arbitrary code execution. Versions less than 6.1.13.3 are affected. • http://blog.fuseyism.com/index.php/2010/07/28/icedtea6-174-released • CWE-863: Incorrect Authorization •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2010-2783 – Gentoo Linux Security Advisory 201406-32
https://notcve.org/view.php?id=CVE-2010-2783
30 Jun 2014 — IcedTea6 before 1.7.4 allow unsigned apps to read and write arbitrary files, related to Extended JNLP Services. IcedTea6 versiones anteriores a 1.7.4, permite a aplicaciones sin firmar leer y escribir archivos arbitrarios, relacionados con Extended JNLP Services. Multiple vulnerabilities have been found in the IcedTea JDK, the worst of which could lead to arbitrary code execution. Versions less than 6.1.13.3 are affected. • http://blog.fuseyism.com/index.php/2010/07/28/icedtea6-174-released • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 22EXPL: 0CVE-2011-2513 – icedtea-web: home directory path disclosure to untrusted applications
https://notcve.org/view.php?id=CVE-2011-2513
14 May 2014 — The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader. La implementación Java Network Launching Protocol (JNLP) en IcedTea6 1.9.x anterior a 1.9.9 y anterior a 1.8.9 y IcedTea-Web 1.1.x anterior a 1.1.1 y anterior a 1.0.4, permite a atacantes remotos obtener el nombre... • http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b29fdd0f4d04 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 22EXPL: 0CVE-2011-2514 – icedtea-web: Java Web Start security warning dialog manipulation
https://notcve.org/view.php?id=CVE-2011-2514
14 May 2014 — The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims into granting access to local files by modifying the content of the Java Web Start Security Warning dialog box to represent a different filename than the file for which access will be granted. La implementación Java Network Launching Protocol (JNLP) en IcedTea6 1.9.x anterior a 1.9.9 y anterior a 1.8.9 y IcedT... • http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b99f9a9769e0 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 174EXPL: 0CVE-2012-1717 – OpenJDK: insecure temporary file permissions (JRE, 7143606)
https://notcve.org/view.php?id=CVE-2012-1717
16 Jun 2012 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors related to printing on Solaris or Linux. Vulnerabilidad no especificada en el Java Runtime Environment (JRE), componente de Oracle Java SE 7 Update 4 y anteriores, 6 Update 32 y anteriores, 5 actualización 35 y anteriores, y v1.4.2_37 y anteriores permite ... • http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00020.html • CWE-732: Incorrect Permission Assignment for Critical Resource •