CVE-2019-10185

HIGH Year: 2019
CVSS v3 Score
8.2
High
CVSS v2 Score
6.4
Medium
Weakness Type
CWE-22
View all →

Vulnerability Description

It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace the main running application and, possibly, break out of the sandbox.

Related Vulnerabilities

CVE-2017-2627

HIGH
CVSS:8.2(High)

A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11. The sudoers file as installed with OSP's openstack-tripleo-common package is much too permissive. I...

CWE-222017

CVE-2018-1000863

HIGH
CVSS:8.2(High)

A data modification vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in User.java, IdStrategy.java that allows attackers to submit crafted user names that can cause an improp...

CWE-222018

CVE-2019-11608

HIGH
CVSS:8.2(High)

doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/renamefile.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive informatio...

CWE-222019

CVE-2019-11609

HIGH
CVSS:8.2(High)

doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/movefile.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information ...

CWE-222019

CVE-2021-27278

HIGH
CVSS:8.2(High)

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.1-49141. An attacker must first obtain the ability to execute high-privileged code ...

CWE-222021

CVE-2021-27473

HIGH
CVSS:8.2(High)

Rockwell Automation Connected Components Workbench v12.00.00 and prior does not sanitize paths specified within the .ccwarc archive file during extraction. This type of vulnerability is also commonly ...

CWE-222021