Red Hat IcedTea-Web 1.2.1

CPE Details

Red Hat IcedTea-Web 1.2.1
redhat
icedtea-web
1.2.1
2012-11-12
20h31 +00:00
2013-05-08
12h48 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:redhat:icedtea-web:1.2.1:*:*:*:*:*:*:*

Informations

Vendor

redhat

Product

icedtea-web

Version

1.2.1

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2013-6493 2014-03-03 15h00 +00:00 The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp.
2.1
CVE-2013-1926 2013-04-29 20h00 +00:00 The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet.
5.8
CVE-2013-1927 2013-04-29 20h00 +00:00 The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR."
6.8
CVE-2012-4540 2012-11-11 10h00 +00:00 Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x before 1.1.7, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.x before 1.4.1 allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly execute arbitrary code via a crafted webpage that triggers a heap-based buffer overflow, related to an error message and a "triggering event attached to applet." NOTE: the 1.4.x versions were originally associated with CVE-2013-4349, but that entry has been MERGED with this one.
6.8