McAfee Policy Auditor

Do you want an email whenever new security vulnerabilities are reported in McAfee Policy Auditor?

By the Year

In 2024 there have been 0 vulnerabilities in McAfee Policy Auditor . Policy Auditor did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 0 0.00
2022 0 0.00
2021 2 6.10
2020 1 4.20
2019 2 5.70
2018 0 0.00

It may take a day or so for new Policy Auditor vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent McAfee Policy Auditor Security Vulnerabilities

A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2

CVE-2021-31852 6.1 - Medium - November 23, 2021

A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the UID request parameter. The malicious script is reflected unmodified into the Policy Auditor web-based interface which could lead to the extract of end user session token or login credentials. These may be used to access additional security-critical applications or conduct arbitrary cross-domain requests.

XSS

A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2

CVE-2021-31851 6.1 - Medium - November 23, 2021

A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the profileNodeID request parameters. The malicious script is reflected unmodified into the Policy Auditor web-based interface which could lead to the extraction of end user session token or login credentials. These may be used to access additional security-critical applications or conduct arbitrary cross-domain requests.

XSS

libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support

CVE-2020-15719 4.2 - Medium - July 14, 2020

libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.

Improper Certificate Validation

In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application

CVE-2019-16168 6.5 - Medium - September 09, 2019

In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."

Divide By Zero

An issue was discovered in the server in OpenLDAP before 2.4.48

CVE-2019-13057 4.9 - Medium - July 26, 2019

An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.)

contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer

CVE-2017-17740 7.5 - High - December 18, 2017

contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.

Buffer Overflow

servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability

CVE-2017-9287 6.5 - Medium - May 29, 2017

servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.

Double-free

The overflow protection in Expat is removed by compilers with certain optimization settings, which

CVE-2016-4472 8.1 - High - June 30, 2016

The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.

Buffer Overflow

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code

CVE-2016-0718 9.8 - Critical - May 26, 2016

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.

Buffer Overflow

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Python or by McAfee? Click the Watch button to subscribe.

 

McAfee
Vendor

 
subscribe