McAfee Policy Auditor
By the Year
In 2024 there have been 0 vulnerabilities in McAfee Policy Auditor . Policy Auditor did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 2 | 6.10 |
| 2020 | 1 | 4.20 |
| 2019 | 2 | 5.70 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Policy Auditor vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent McAfee Policy Auditor Security Vulnerabilities
A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2
CVE-2021-31852
6.1 - Medium
- November 23, 2021
A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the UID request parameter. The malicious script is reflected unmodified into the Policy Auditor web-based interface which could lead to the extract of end user session token or login credentials. These may be used to access additional security-critical applications or conduct arbitrary cross-domain requests.
XSS
A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2
CVE-2021-31851
6.1 - Medium
- November 23, 2021
A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the profileNodeID request parameters. The malicious script is reflected unmodified into the Policy Auditor web-based interface which could lead to the extraction of end user session token or login credentials. These may be used to access additional security-critical applications or conduct arbitrary cross-domain requests.
XSS
libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support
CVE-2020-15719
4.2 - Medium
- July 14, 2020
libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.
Improper Certificate Validation
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application
CVE-2019-16168
6.5 - Medium
- September 09, 2019
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."
Divide By Zero
An issue was discovered in the server in OpenLDAP before 2.4.48
CVE-2019-13057
4.9 - Medium
- July 26, 2019
An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.)
contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer
CVE-2017-17740
7.5 - High
- December 18, 2017
contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.
Buffer Overflow
servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability
CVE-2017-9287
6.5 - Medium
- May 29, 2017
servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.
Double-free
The overflow protection in Expat is removed by compilers with certain optimization settings, which
CVE-2016-4472
8.1 - High
- June 30, 2016
The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.
Buffer Overflow
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code
CVE-2016-0718
9.8 - Critical
- May 26, 2016
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
Buffer Overflow
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Python or by McAfee? Click the Watch button to subscribe.
