Summary
Detail | |||
---|---|---|---|
Vendor | Hp | First view | 2013-09-23 |
Product | Icewall File Manager | Last view | 2018-07-30 |
Version | Type | Application | |
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
7.5 | 2018-07-30 | CVE-2016-9597 | It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705. |
7.5 | 2016-05-17 | CVE-2016-3705 | The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references. |
7.5 | 2016-05-17 | CVE-2016-3627 | The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document. |
5 | 2015-12-15 | CVE-2015-8317 | The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read. |
5.8 | 2015-12-15 | CVE-2015-8242 | The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. |
6.4 | 2015-12-15 | CVE-2015-8241 | The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. |
5 | 2015-12-15 | CVE-2015-7500 | The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags. |
5 | 2015-12-15 | CVE-2015-7499 | Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors. |
5 | 2015-12-15 | CVE-2015-7498 | Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure. |
5 | 2015-12-15 | CVE-2015-7497 | Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors. |
7.1 | 2015-12-15 | CVE-2015-5312 | The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660. |
6.8 | 2015-11-18 | CVE-2015-7942 | The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941. |
2.1 | 2013-09-23 | CVE-2013-4820 | Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option 10.0, IceWall SSO SAML2 Agent Option 8.0, IceWall SSO JAVA Agent Library 8.0 through 10.0, IceWall Federation Agent 3.0, and IceWall File Manager 3.0 through SP4 allows remote authenticated users to obtain sensitive information via unknown vectors. |
5 | 2013-09-23 | CVE-2013-4818 | Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option 10.0, and IceWall File Manager 3.0 through SP4 allows remote attackers to obtain sensitive information via unknown vectors. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
66% (8) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
16% (2) | CWE-674 | Uncontrolled Recursion |
8% (1) | CWE-399 | Resource Management Errors |
8% (1) | CWE-20 | Improper Input Validation |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2019-01-11 | Name: The remote device is missing a vendor-supplied security patch. File: juniper_jsa10916.nasl - Type: ACT_GATHER_INFO |
2017-05-23 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2017-1366-1.nasl - Type: ACT_GATHER_INFO |
2017-03-22 | Name: A data aggregation application installed on the remote host is affected by mu... File: lce_4_8_1.nasl - Type: ACT_GATHER_INFO |
2017-02-13 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2017-244.nasl - Type: ACT_GATHER_INFO |
2017-02-06 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2017-0380-1.nasl - Type: ACT_GATHER_INFO |
2017-01-17 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201701-37.nasl - Type: ACT_GATHER_INFO |
2016-12-21 | Name: The remote device is missing a vendor-supplied security patch. File: f5_bigip_SOL54225343.nasl - Type: ACT_GATHER_INFO |
2016-08-29 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2016-1604-1.nasl - Type: ACT_GATHER_INFO |
2016-08-29 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_e195679d045b4953bb33be0073ba2ac6.nasl - Type: ACT_GATHER_INFO |
2016-07-15 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2016-719.nasl - Type: ACT_GATHER_INFO |
2016-06-24 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2016-1292.nasl - Type: ACT_GATHER_INFO |
2016-06-24 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2016-1292.nasl - Type: ACT_GATHER_INFO |
2016-06-24 | Name: The remote OracleVM host is missing one or more security updates. File: oraclevm_OVMSA-2016-0087.nasl - Type: ACT_GATHER_INFO |
2016-06-24 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20160623_libxml2_on_SL6_x.nasl - Type: ACT_GATHER_INFO |
2016-06-24 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2016-1292.nasl - Type: ACT_GATHER_INFO |
2016-06-17 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2016-1538-1.nasl - Type: ACT_GATHER_INFO |
2016-06-17 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2016-734.nasl - Type: ACT_GATHER_INFO |
2016-06-17 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2016-733.nasl - Type: ACT_GATHER_INFO |
2016-06-07 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-2994-1.nasl - Type: ACT_GATHER_INFO |
2016-06-06 | Name: The remote Debian host is missing a security update. File: debian_DLA-503.nasl - Type: ACT_GATHER_INFO |
2016-06-03 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3593.nasl - Type: ACT_GATHER_INFO |
2016-06-01 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2016-662.nasl - Type: ACT_GATHER_INFO |
2016-05-19 | Name: The remote AIX host is missing a vendor-supplied security patch. File: aix_U870330.nasl - Type: ACT_GATHER_INFO |
2016-05-19 | Name: The remote AIX host is missing a vendor-supplied security patch. File: aix_U868931.nasl - Type: ACT_GATHER_INFO |
2016-05-19 | Name: The remote AIX host is missing a vendor-supplied security patch. File: aix_U866671.nasl - Type: ACT_GATHER_INFO |