Vulnerabilities (CVE)

Filtered by vendor Mcafee Subscribe
Filtered by product Policy Auditor
Total 9 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-9287 5 Debian, Mcafee, Openldap and 2 more 10 Debian Linux, Policy Auditor, Openldap and 7 more 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.
CVE-2016-4472 4 Canonical, Libexpat Project, Mcafee and 1 more 4 Ubuntu Linux, Libexpat, Policy Auditor and 1 more 2024-11-21 6.8 MEDIUM 8.1 HIGH
The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.
CVE-2016-0718 9 Apple, Canonical, Debian and 6 more 14 Mac Os X, Ubuntu Linux, Debian Linux and 11 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
CVE-2021-31852 1 Mcafee 1 Policy Auditor 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the UID request parameter. The malicious script is reflected unmodified into the Policy Auditor web-based interface which could lead to the extract of end user session token or login credentials. These may be used to access additional security-critical applications or conduct arbitrary cross-domain requests.
CVE-2021-31851 1 Mcafee 1 Policy Auditor 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the profileNodeID request parameters. The malicious script is reflected unmodified into the Policy Auditor web-based interface which could lead to the extraction of end user session token or login credentials. These may be used to access additional security-critical applications or conduct arbitrary cross-domain requests.
CVE-2020-15719 5 Mcafee, Openldap, Opensuse and 2 more 5 Policy Auditor, Openldap, Leap and 2 more 2024-02-28 4.0 MEDIUM 4.2 MEDIUM
libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.
CVE-2019-13057 7 Apple, Canonical, Debian and 4 more 9 Mac Os X, Ubuntu Linux, Debian Linux and 6 more 2024-02-28 3.5 LOW 4.9 MEDIUM
An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.)
CVE-2019-16168 8 Canonical, Debian, Fedoraproject and 5 more 20 Ubuntu Linux, Debian Linux, Fedora and 17 more 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."
CVE-2017-17740 4 Mcafee, Openldap, Opensuse and 1 more 4 Policy Auditor, Openldap, Leap and 1 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.