Hp Icewall Sso Agent Option vulnerabilities

CVE-2016-6306 [MEDIUM] CWE-125 CVE-2016-6306: The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.

CVE-2016-2182 [CRITICAL] CWE-787 CVE-2016-2182: The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate di The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.

CVE-2016-3092 [HIGH] CWE-20 CVE-2016-3092: The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x be The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.

CVE-2016-2177 [CRITICAL] CWE-190 CVE-2016-2177: OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which mi OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.

CVE-2015-3196 [MEDIUM] CWE-362 CVE-2015-3196: ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when use ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message.

CVE-2013-4818 [MEDIUM] CVE-2013-4818: Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 1 Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option 10.0, and IceWall File Manager 3.0 through SP4 allows remote attackers to obtain sensitive information via unknown vectors.

CVE-2013-4817 [MEDIUM] CVE-2013-4817: Unspecified vulnerability in HP IceWall SSO Agent Option 8.0 through 10.0 allows remote attackers to Unspecified vulnerability in HP IceWall SSO Agent Option 8.0 through 10.0 allows remote attackers to obtain sensitive information via unknown vectors.

CVE-2013-4819 [LOW] CVE-2013-4819: Unspecified vulnerability in HP IceWall SSO Agent Option 8.0 through 10.0 allows remote authenticate Unspecified vulnerability in HP IceWall SSO Agent Option 8.0 through 10.0 allows remote authenticated users to obtain sensitive information via unknown vectors.

CVE-2013-4820 [LOW] CVE-2013-4820: Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 1 Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option 10.0, IceWall SSO SAML2 Agent Option 8.0, IceWall SSO JAVA Agent Library 8.0 through 10.0, IceWall Federation Agent 3.0, and IceWall File Manager 3.0 through SP4 allows remote authenticated users to obtain sensitive information