📄 Forcepoint One Endpoint macOS 25.08.5008 Forcepoint DLP Endpoint Process Suspension Bypass

This Metasploit auxiliary module targets Forcepoint Data Loss Prevention DLP Endpoint on macOS and attempts to manipulate or suspend related security processes. ================================================================================================================================== | Tit...

EUVD-2022-34599

Malicious code in bioql PyPI...

CVE-2022-2330

Improper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows prior to 11.9.100 allows a remote attacker to cause the DLP Agent to access a local service that the attacker wouldn't usually have access to via a carefully constructed XML file, which the DLP Agent...

CVE-2022-2330

Improper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows prior to 11.9.100 allows a remote attacker to cause the DLP Agent to access a local service that the attacker wouldn't usually have access to via a carefully constructed XML file, which the DLP Agent...

CVE-2022-2330

Improper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows prior to 11.9.100 allows a remote attacker to cause the DLP Agent to access a local service that the attacker wouldn't usually have access to via a carefully constructed XML file, which the DLP Agent...

Xxe

Improper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows prior to 11.9.100 allows a remote attacker to cause the DLP Agent to access a local service that the attacker wouldn't usually have access to via a carefully constructed XML file, which the DLP Agent...

CVE-2022-2330

CVE-2022-2330 affects McAfee DLP Endpoint for Windows (versions prior to 11.9.100 and 11.6.600). The issue is an improper restriction of XML External Entity references (XXE), allowing a remote attacker to cause the DLP Agent to access a local service the attacker wouldn’t normally access via a sp...

CVE-2022-2330 XXE vulnerability in DLP Endpoint for Windows

Improper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows prior to 11.9.100 allows a remote attacker to cause the DLP Agent to access a local service that the attacker wouldn't usually have access to via a carefully constructed XML file, which the DLP Agent...

PT-2022-15920 · Unknown · Dlp Endpoint For Windows

Name of the Vulnerable Software and Affected Versions: DLP Endpoint for Windows versions prior to 11.9.100 DLP Endpoint for Windows version 11.6.600 Description: The issue is related to an Improper Restriction of XML External Entity Reference, allowing a remote attacker to cause the DLP Agent to...

CVE-2021-31844

A buffer overflow vulnerability in McAfee Data Loss Prevention DLP Endpoint for Windows prior to 11.6.200 allows a local attacker to execute arbitrary code with elevated privileges through placing carefully constructed Ami Pro .sam files onto the local system and triggering a DLP Endpoint scan...

Buffer overflow

A buffer overflow vulnerability in McAfee Data Loss Prevention DLP Endpoint for Windows prior to 11.6.200 allows a local attacker to execute arbitrary code with elevated privileges through placing carefully constructed Ami Pro .sam files onto the local system and triggering a DLP Endpoint scan...

CVE-2021-31844 Local Privilege Escalation in McAfee DLP Endpoint for Windows

A buffer overflow vulnerability in McAfee Data Loss Prevention DLP Endpoint for Windows prior to 11.6.200 allows a local attacker to execute arbitrary code with elevated privileges through placing carefully constructed Ami Pro .sam files onto the local system and triggering a DLP Endpoint scan...

CVE-2021-31844

CVE-2021-31844 affects McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200. A buffer overflow allows a local attacker to execute arbitrary code with elevated privileges by placing crafted Ami Pro (.sam) files and triggering a DLP Endpoint scan; caused by a destination buffer ...

CVE-2021-31832 Cross site scripting vulnerability in DLP Endpoint for Windows

Improper Neutralization of Input in the ePO administrator extension for McAfee Data Loss Prevention DLP Endpoint for Windows prior to 11.6.200 allows a remote ePO DLP administrator to inject JavaScript code into the alert configuration text field. This JavaScript will be executed when an end user...

CVE-2021-23887 Privilege escalation in McAfee DLP Endpoint for Windows

Privilege Escalation vulnerability in McAfee Data Loss Prevention DLP Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to write to arbitrary controlled kernel addresses. This is achieved by launching applications, suspending them, modifying the memory and restarting...

The vulnerability of the McAfee Data Loss Prevention Endpoint software for Windows, related to insecure management of privileges, allows a perpetrator to execute DLL libraries.

The vulnerability of the McAfee Data Loss Prevention Endpoint software for Windows relates to insecure management of privileges. Exploiting this vulnerability could allow an attacker to load DLL libraries using specially crafted IOCTL calls...

CVE-2019-3591 DLP Endpoint ePO extension vulnerable to XSS

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in ePO extension in McAfee Data Loss Prevention DLPe for Windows 11.x prior to 11.3.0 allows unauthenticated remote user to trigger specially crafted JavaScript to render in the ePO UI via a carefully crafted uploa...

CVE-2019-3595 DLP Endpoint ePO extension not sanitizing CSV exports

Improper Neutralization of Special Elements used in a Command 'Command Injection' in ePO extension in McAfee Data Loss Prevention DLP 11.x prior to 11.3.0 allows Authenticated Adminstrator to execute arbitrary code with their local machine privileges via a specially crafted DLP policy, which is...

CVE-2018-6664

Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention DLP Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 allows authenticated users to bypass the product block action via a command-line utility...

CVE-2018-6664

CVE-2018-6664 affects McAfee Data Loss Prevention (DLP) Endpoint: the DLP Agent prior to 10.0.500 or 11.x prior to 11.0.400 allows an authenticated user to bypass the product block via a command-line utility. Impact is a master bypass of protection, with no details on exploitation in the wild pro...