Skip to main content

Policy Auditor

9 CVEs product

Monthly

CVE-2021-31852 MEDIUM This Month

A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the UID request parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Policy Auditor
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-31851 MEDIUM This Month

A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the profileNodeID request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Policy Auditor
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-15719 MEDIUM PATCH This Month

libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Red Hat Openldap Enterprise Linux Leap +2
NVD
CVSS 3.1
4.2
EPSS
2.4%
CVE-2019-16168 MEDIUM PATCH This Month

In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Sqlite Active Iq Unified Manager E Series Santricity Os Controller Oncommand Insight +16
NVD VulDB
CVSS 3.1
6.5
EPSS
0.8%
CVE-2019-13057 MEDIUM PATCH This Month

An issue was discovered in the server in OpenLDAP before 2.4.48. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Openldap Ubuntu Linux Debian Linux Leap +5
NVD
CVSS 3.1
4.9
EPSS
3.2%
CVE-2017-17740 HIGH PATCH This Week

contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Openldap Leap Blockchain Platform +1
NVD
CVSS 3.1
7.5
EPSS
6.1%
CVE-2017-9287 MEDIUM POC PATCH THREAT This Month

servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 26.5%.

Denial Of Service Openldap Debian Linux Enterprise Linux Desktop Enterprise Linux Eus +6
NVD
CVSS 3.1
6.5
EPSS
26.5%
CVE-2016-4472 HIGH PATCH This Week

The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service RCE Buffer Overflow Libexpat Ubuntu Linux +2
NVD
CVSS 3.1
8.1
EPSS
2.3%
CVE-2016-0718 CRITICAL PATCH Act Now

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service RCE Buffer Overflow Firefox Mac Os X +12
NVD
CVSS 3.1
9.8
EPSS
2.8%
EPSS 1% CVSS 6.1
MEDIUM This Month

A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the UID request parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Policy Auditor
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the profileNodeID request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Policy Auditor
NVD
EPSS 2% CVSS 4.2
MEDIUM PATCH This Month

libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Red Hat Openldap +4
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Sqlite Active Iq Unified Manager +18
NVD VulDB
EPSS 3% CVSS 4.9
MEDIUM PATCH This Month

An issue was discovered in the server in OpenLDAP before 2.4.48. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Openldap Ubuntu Linux +7
NVD
EPSS 6% CVSS 7.5
HIGH PATCH This Week

contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Openldap +3
NVD
EPSS 27% CVSS 6.5
MEDIUM POC PATCH THREAT This Month

servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 26.5%.

Denial Of Service Openldap Debian Linux +8
NVD
EPSS 2% CVSS 8.1
HIGH PATCH This Week

The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service RCE Buffer Overflow +4
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service RCE Buffer Overflow +14
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy