9 matches found
CVE-2019-16168
CVE-2019-16168 affects SQLite up to version 3.29.0, whereLoopAddBtreeIndex in sqlite3.c may crash a browser/application due to missing validation of sqlite_stat1 sz, described as a severe division by zero in the query planner. Connected documents show multiple advisories referencing the fix in SQ...
CVE-2019-13057
CVE-2019-13057 affects Cloud Pak for Security (CP4S) via OpenLDAP openldap server delegation: slapd may allow a rootDN (database admin) to be granted authorization as an identity from another database during SASL bind or RFC 4370 proxyAuthz control, enabling potential leakage of sensitive informa...
CVE-2020-15719
CVE-2020-15719 affects libldap in certain third‑party OpenLDAP packages. A certificate‑validation flaw occurs when RFC6125 support is asserted: CN is considered valid even if SAN does not match. The issue is fixed in at least openldap-2.4.46-10.el8 (Red Hat Enterprise Linux). The connected docume...
CVE-2016-0718
CVE-2016-0718 is evidenced in connected Apple documents as part of the Expat (libexpat) updates applied to OS X El Capitan and iTunes-related components. The Expat/libexpat entry notes that processing XML can trigger vulnerabilities in affected builds, with CVE-2016-0718 specifically associated w...
CVE-2017-9287
CVE-2017-9287 affects OpenLDAP slapd back-mdb/search.c and allows a remote crash via a search using Paged Results with page size 0. Public sources in connected docs confirm OpenLDAP versions up to 2.4.44 are affected, with multiple advisories noting a double-free denial-of-service in OpenLDAP and...
CVE-2016-4472
CVE-2016-4472 affects the Expat XML parser: overflow protections can be removed by compilers with certain optimizations, allowing remote attackers to cause a crash or potentially execute code via crafted XML. The entry notes this stems from an incomplete fix for CVE-2015-1283 and CVE-2015-2716. C...
CVE-2017-17740
CVE-2017-17740 : OpenLDAP up to 2.4.45 is affected when both the nops module and the memberof overlay are enabled. The code path in contrib/slapd-modules/nops/nops.c frees a buffer allocated on the stack, which can cause a denial of service (slapd crash) via a remote client issuing a member MODDN...
CVE-2021-31852
The CVE-2021-31852 entry concerns McAfee Policy Auditor prior to 6.5.2, where a Reflected Cross-Site Scripting vulnerability exists in the web interface via the UID parameter. The attacker can remotely inject arbitrary script or HTML, reflected into the UI, potentially exfiltrating end‑user sessi...
CVE-2021-31851
The CVE-2021-31851 entry concerns McAfee Policy Auditor prior to version 6.5.2, which is affected by a Reflected Cross-Site Scripting vulnerability. A remote unauthenticated attacker can inject arbitrary web script or HTML via the profileNodeID parameter; the script is reflected into the Policy A...