Icewall Federation Agent

DATE	CVE	VULNERABILITY TITLE	RISK
2018-07-30	CVE-2016-9597	Uncontrolled Recursion vulnerability in multiple products It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. network low complexity canonical xmlsoft debian hp opensuse CWE-674	7.5
2018-02-15	CVE-2017-8945	Open Redirect vulnerability in HP Icewall Federation Agent 3.0 A Remote Unauthorized Disclosure of Information vulnerability in HPE IceWall Federation Agent version 3.0 was found. network low complexity hp CWE-601	6.1
2016-09-26	CVE-2016-6306	Out-of-bounds Read vulnerability in multiple products The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c. network high complexity openssl hp novell nodejs debian canonical CWE-125	5.9
2016-09-16	CVE-2016-2182	Out-of-bounds Write vulnerability in multiple products The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors. network low complexity hp openssl oracle CWE-787 critical	9.8
2016-06-09	CVE-2016-4448	Use of Externally-Controlled Format String vulnerability in multiple products Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. network low complexity hp apple xmlsoft redhat slackware oracle tenable mcafee CWE-134 critical	9.8
2016-06-09	CVE-2016-4447	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName. network low complexity hp canonical debian oracle apple xmlsoft mcafee CWE-119	7.5
2016-05-17	CVE-2016-3705	Improper Input Validation vulnerability in multiple products The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references. network low complexity canonical xmlsoft debian hp opensuse CWE-20	7.5
2016-05-17	CVE-2016-3627	Uncontrolled Recursion vulnerability in multiple products The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document. network low complexity opensuse debian hp xmlsoft canonical redhat oracle CWE-674	7.5