Policy Auditor Security Vulnerabilities and Issues — Policy Auditor CVE List

Lucene search

McafeePolicy Auditor

9 matches found

CVE•added 2019/09/09 5:15 p.m.•558 views

CVE-2019-16168

In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."

6.5CVSS7AI score0.00944EPSS

CVE•added 2019/07/26 1:15 p.m.•507 views

CVE-2019-13057

An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization...

4.9CVSS5.9AI score0.00844EPSS

CVE•added 2020/07/14 2:15 p.m.•422 views

CVE-2020-15719

libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.

4.2CVSS4.2AI score0.00371EPSS

CVE•added 2016/05/26 4:59 p.m.•309 views

CVE-2016-0718

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.

9.8CVSS8.7AI score0.01504EPSS

CVE•added 2017/05/29 4:29 p.m.•211 views

CVE-2017-9287

servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.

6.5CVSS6.4AI score0.38966EPSS

CVE•added 2017/12/18 6:29 a.m.•194 views

CVE-2017-17740

contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.

7.5CVSS7.3AI score0.02838EPSS

CVE•added 2016/06/30 5:59 p.m.•189 views

CVE-2016-4472

The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and...

8.1CVSS8.9AI score0.05699EPSS

CVE•added 2021/11/23 8:15 p.m.•36 views

CVE-2021-31852

A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the UID request parameter. The malicious script is reflected unmodified into the Policy Auditor web-based interface which could ...

6.1CVSS6.1AI score0.00912EPSS

CVE•added 2021/11/23 8:15 p.m.•34 views

CVE-2021-31851

A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the profileNodeID request parameters. The malicious script is reflected unmodified into the Policy Auditor web-based interface w...

6.1CVSS6.1AI score0.00783EPSS