33 matches found
Trellix Data Loss Prevention Endpoint Privilege Escalation (SB10407)
The version of the Trellix Data Loss Prevention Endpoint DLPe Agent installed on the remote Windows host is 11.10.100.17. It is, therefore, affected by a privilege escalation vulnerability which can be abused to delete any file/folder for which the user does not have permission to. Note that Ness...
Unspecified Vulnerability in Mcafee Data Loss Prevention Endpoint
Mcafee Data Loss Prevention Endpoint DLPe is an integrated endpoint data protection solution from Mcafee. The solution prevents theft and accidental disclosure of confidential data and provides security policies for file handling and transfer, shared endpoint data flow control, and data encryptio...
McAfee Data Loss Prevention ePO extension Cross-Site Request Forgery Vulnerability
McAfee Data Loss Prevention Endpoint DLPe is an integrated endpoint data protection solution from McAfee, Inc. that prevents theft and accidental disclosure of confidential data and provides security policies for file processing and transmission, shared data flow control and data encryption. The...
CVE-2019-3634
Buffer overflow in McAfee Data Loss Prevention DLPe for Windows 11.x prior to 11.3.2.8 allows local user to cause the Windows operating system to "blue screen" via an encrypted message sent to DLPe which when decrypted results in DLPe reading unallocated memory...
CVE-2019-3633
CVE-2019-3633 concerns the McAfee Data Loss Prevention Endpoint (DLPe) for Windows 11.x prior to 11.3.2.8. A buffer overflow in DLPe allows a local user to trigger a Windows blue screen by sending a crafted message, bypassing internal checks and causing DLPe to read unallocated memory. Public det...
McAfee DLPe Agent < 10.0.500 / 11.x < 11.0.400 Master Bypass Vulnerability (SB10233)
The version of the McAfee Data Loss Prevention Endpoint DLPe Agent installed on the remote Windows host is prior to 10.0.500 or 11.x prior to 11.0.400. It is, therefore, affected by a master bypass vulnerability. An authenticated attacker can exploit this issue using a command line utility to...
McAfee DLPe Agent < 11.1.200 / 11.2.x Multiple Vulnerabilities (SB10289) (SB10290)
The version of the McAfee Data Loss Prevention Endpoint DLPe Agent installed on the remote Windows host is prior to 11.1.200 or 11.2.x. It is, therefore, affected by multiple vulnerabilities: - Stored XSS in the ePO extension UI. CVE-2019-3591 - Authenticated command injection in the ePO extensio...
CVE-2019-3622
Files or Directories Accessible to External Parties in McAfee Data Loss Prevention DLPe for Windows 11.x prior to 11.3.0 allows authenticated user to redirect DLPe log files to arbitrary locations via incorrect access control applied to the DLPe log folder allowing privileged users to create...
CVE-2019-3622
CVE-2019-3622 affects McAfee Data Loss Prevention Endpoint (DLPe) for Windows 11.x before 11.3.0. An incorrect access control on the DLPe log folder lets an authenticated user create symbolic links to redirect DLPe log files to arbitrary locations, enabling log file redirection by privileged user...
CVE-2019-3622 DLP Endpoint log file redirection to arbitrary locations
Files or Directories Accessible to External Parties in McAfee Data Loss Prevention DLPe for Windows 11.x prior to 11.3.0 allows authenticated user to redirect DLPe log files to arbitrary locations via incorrect access control applied to the DLPe log folder allowing privileged users to create...
Cross site scripting
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in ePO extension in McAfee Data Loss Prevention DLPe for Windows 11.x prior to 11.3.0 allows unauthenticated remote user to trigger specially crafted JavaScript to render in the ePO UI via a carefully crafted uploa...
CVE-2019-3591
McAfee DLPe (Data Loss Prevention Endpoint) with the ePO extension for Windows has a stored XSS vulnerability (CVE-2019-3591) due to improper input neutralization during web page generation in the ePO UI. A remote, unauthenticated user can trigger JavaScript via a crafted upload to a remote websi...
Authentication flaw
Authentication Bypass vulnerability in McAfee Data Loss Prevention Endpoint DLPe 10.0.x earlier than 10.0.510, and 11.0.x earlier than 11.0.600 allows attackers to bypass local security protection via specific conditions...
CVE-2018-6689
CVE-2018-6689 corresponds to an Authentication Bypass in McAfee Data Loss Prevention Endpoint (DLPe). The vulnerability affects DLPe 10.0.x before 10.0.510 and 11.0.x before 11.0.600, enabling bypass of local security protections under specific conditions. Affected products/versions are confirmed...
Improper access control
Access control vulnerability in Intel Security Data Loss Prevention Endpoint DLPe 9.4.200 and 9.3.600 allows authenticated users with Read-Write-Execute permissions to inject hook DLLs into other processes via pages in the target process memory get...
CVE-2016-8012
Access control vulnerability in Intel Security Data Loss Prevention Endpoint DLPe 9.4.200 and 9.3.600 allows authenticated users with Read-Write-Execute permissions to inject hook DLLs into other processes via pages in the target process memory get...
CVE-2016-3984
CVE-2016-3984 affects McAfee VirusScan Console and multiple McAfee components (MAR, MA, DXL, DLPe, MDC, ENS, IPS, VSE) on Windows. Local administrators can bypass self-protection rules and disable the antivirus engine by modifying registry keys. Impact: partial to full antivirus disablement; CVSS...
McAfee ePO DLPe Extension < 9.3.416.4 Multiple Vulnerabilities (SB10111)
The remote McAfee ePO server has a version of the McAfee Data Loss Protection Endpoint DLPe installed that is affected by multiple vulnerabilities : - The ePO extension is affected by an unspecified denial of service vulnerability via a database lock or license corruption, which can be exploited ...
CVE-2015-2760
Cross-site scripting XSS vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint DLPe before 9.3 Patch 4 Hotfix 16 9.3.416.4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
CVE-2015-2759
Multiple cross-site request forgery CSRF vulnerabilities in the ePO extension in McAfee Data Loss Prevention Endpoint DLPe before 9.3 Patch 4 Hotfix 16 9.3.416.4 allow remote attackers to hijack the authentication of users for requests that 1 obtain sensitive information or 2 modify the database...