CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-28623
https://notcve.org/view.php?id=CVE-2022-28623
08 Jul 2022 — Security vulnerabilities in HPE IceWall SSO 10.0 certd could be exploited remotely to allow SQL injection or unauthorized data injection. HPE has provided the following updated modules to resolve these vulnerabilities. HPE IceWall SSO version 10.0 certd library Patch 9 for RHEL and HPE IceWall SSO version 10.0 certd library Patch 9 for HP-UX. Unas vulnerabilidades de seguridad en HPE IceWall SSO versión 10.0 certd, podrían ser explotadas de forma remota para permitir una inyección de SQL o una inyección de ... • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu04330en_us • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2021-26582
https://notcve.org/view.php?id=CVE-2021-26582
15 Apr 2021 — A security vulnerability in HPE IceWall SSO Domain Gateway Option (Dgfw) module version 10.0 on RHEL 5/6/7, version 10.0 on HP-UX 11i v3, version 10.0 on Windows and 11.0 on Windows could be exploited remotely to allow cross-site scripting (XSS). Una vulnerabilidad de seguridad en el módulo HPE IceWall SSO Domain Gateway Option (Dgfw) versión 10.0 en RHEL 5/6/7, versión 10.0 en HP-UX 11i versión v3, versión 10.0 en Windows y 11.0 en Windows, podría ser explotado remotamente para permitir ataques de tipo cro... • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04086en_us • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2020-7140
https://notcve.org/view.php?id=CVE-2020-7140
08 Jul 2020 — A security vulnerability in HPE IceWall SSO Dfw and Dgfw (Domain Gateway Option) could be exploited remotely to cause a remote cross-site scripting (XSS). HPE has provided the following information to resolve this vulnerability in HPE IceWall SSO DFW and Dgfw: https://www.hpe.com/jp/icewall_patchaccess Una vulnerabilidad de seguridad en HPE IceWall SSO Dfw y Dgfw (Domain Gateway Option) podría ser explotada remotamente para causar una vulnerabilidad de tipo cross-site scripting (XSS). HPE ha proporcionado l... • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu04011en_us • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 10EXPL: 0CVE-2019-11989
https://notcve.org/view.php?id=CVE-2019-11989
19 Jul 2019 — A security vulnerability in HPE IceWall SSO Agent Option and IceWall MFA (Agent module ) could be exploited remotely to cause a denial of service. The versions and platforms of Agent Option modules that are impacted are as follows: 10.0 for Apache 2.2 on RHEL 5 and 6, 10.0 for Apache 2.4 on RHEL 7, 10.0 for Apache 2.4 on HP-UX 11i v3, 10.0 for IIS on Windows, 11.0 for Apache 2.4 on RHEL 7, MFA Proxy 4.0 (Agent module only) for Apache 2.4 on RHEL 7. Una vulnerabilidad de seguridad en IceWall SSO Agent Option... • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03941en_us •
CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 0CVE-2017-8989
https://notcve.org/view.php?id=CVE-2017-8989
06 Aug 2018 — A security vulnerability in HPE IceWall SSO Dfw 10.0 and 11.0 on RHEL, HP-UX, and Windows could be exploited remotely to allow URL Redirection. Una vulnerabilidad de seguridad en HPE IceWall SSO Dfw 10.0 y 11.0 en RHEL, HP-UX y Windows podría ser explotado remotamente para permitir la redirección de URL. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03833en_us • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 4.9EPSS: 0%CPEs: 5EXPL: 0CVE-2017-8978 – HPE Security Bulletin HPESBMU03806 1
https://notcve.org/view.php?id=CVE-2017-8978
18 Jan 2018 — A Remote Unauthorized Disclosure of Information vulnerability in HPE IceWall Products version MFA 4.0 proxy was found. SAP CRM WebClient UI 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01 y S4FND 1.02, no valida suficientemente y/o codifica los campos ocultos, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS). A potential security vulnerability has been identified in HPE IceWall Products. The vulnerability could be exploited remotely resulting in unauthorized disclosure of information or unauthori... • https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03806en_us • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 10%CPEs: 51EXPL: 0CVE-2016-6306 – openssl: certificate message OOB reads
https://notcve.org/view.php?id=CVE-2016-6306
22 Sep 2016 — The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c. El analizador certificado en OpenSSL en versiones anteriores a 1.0.1u y 1.0.2 en versiones anteriores a 1.0.2i podría permitir a atacantes remotos provocar una denegación de servicio (lectura fuera de rango) a través de operaciones certificadas manipuladas, relacionado con s3_clnt.c y s3_... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 36%CPEs: 38EXPL: 0CVE-2016-2182 – openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec()
https://notcve.org/view.php?id=CVE-2016-2182
16 Sep 2016 — The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors. La función BN_bn2dec en crypto/bn/bn_print.c en OpenSSL en versiones anteriores a 1.1.0 no valida adecuadamente resultados de la división, lo que permite a atacantes remotos provocar una denegación de servicio (escritura fuera de ... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 • CWE-391: Unchecked Error Condition CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 43%CPEs: 94EXPL: 0CVE-2016-3092 – tomcat: Usage of vulnerable FileUpload package can result in denial of service
https://notcve.org/view.php?id=CVE-2016-3092
30 Jun 2016 — The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string. La clase MultipartStream en Apache Commons Fileupload en versiones anteriores a 1.3.2, tal como se utiliza en Apache Tomcat 7.x en versiones anteriores a 7.0.70, 8.x en versiones anteriores a 8.0.36, 8.5.x en versione... • http://jvn.jp/en/jp/JVN89379547/index.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 33%CPEs: 39EXPL: 0CVE-2016-2177 – openssl: Possible integer overflow vulnerabilities in codebase
https://notcve.org/view.php?id=CVE-2016-2177
20 Jun 2016 — OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c. OpenSSL hasta la versión 1.0.2h no utiliza correctamente la aritmética de puntero para comprobaciones de límites de buffer de memoria dinámica, lo que podría permitir a atacantes remo... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 • CWE-190: Integer Overflow or Wraparound •