NotCVE - vendor:"Symantec" product:"Data Loss Prevention" version:" <= 12.5.1"

Page 2 of 19 results (0.013 seconds)

CVSS: 7.6EPSS: 0%CPEs: 3EXPL: 0

CVE-2020-7304 – DLP ePO extension - Cross-site request forgery

https://notcve.org/view.php?id=CVE-2020-7304

13 Aug 2020 — Cross site request forgery vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote attacker to embed a CRSF script via adding a new label. Una vulnerabilidad de tipo cross site request forgery en la extensión ePO de McAfee Data Loss Prevention (DLP) versiones anteriores a 11.5.3, permite a un atacante remoto autenticado insertar un script de tipo CRSF al agregar una nueva etiqueta • https://kc.mcafee.com/corporate/index?page=content&id=SB10326 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.1EPSS: 0%CPEs: 3EXPL: 0

CVE-2020-7303 – DLP ePO extension - Cross-site scripting

https://notcve.org/view.php?id=CVE-2020-7303

13 Aug 2020 — Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote user to trigger scripts to run in a user's browser via adding a new label. Una vulnerabilidad de tipo Cross Site Scripting en la extensión ePO de McAfee Data Loss Prevention (DLP) versiones anteriores a 11.5.3, permite a un usuario autenticado remoto activar scripts para que se ejecuten en el navegador de un usuario al agregar una nueva etiqueta • https://kc.mcafee.com/corporate/index?page=content&id=SB10326 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0

CVE-2020-7302 – DLP ePO extension - Unrestricted Upload of File with Dangerous Type

https://notcve.org/view.php?id=CVE-2020-7302

13 Aug 2020 — Unrestricted Upload of File with Dangerous Type in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to upload malicious files to the DLP case management section via lack of sanity checking. Una Carga de Archivos Sin Restricciones con Tipo Peligroso en la extensión ePO de McAfee Data Loss Prevention (DLP) versiones anteriores a 11.5.3, permite a atacantes autenticados cargar archivos maliciosos en la sección de administración de casos de DLP por falta de comproba... • https://kc.mcafee.com/corporate/index?page=content&id=SB10326 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0

CVE-2020-7301 – DLP ePO extension - Cross site scripting

https://notcve.org/view.php?id=CVE-2020-7301

12 Aug 2020 — Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to trigger alerts via the file upload tab in the DLP case management section. Una vulnerabilidad de tipo Cross Site scripting en la extensión ePO de McAfee Data Loss Prevention (DLP) versiones anteriores a 11.5.3, permite a atacantes autenticados activar alertas por medio de la pestaña de carga de archivos en la sección de administración de casos de DLP • https://kc.mcafee.com/corporate/index?page=content&id=SB10326 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2020-7300 – DLP ePO extension - Improper Authorization

https://notcve.org/view.php?id=CVE-2020-7300

12 Aug 2020 — Improper Authorization vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote attackers to change the configuration when logged in with view only privileges via carefully constructed HTTP post messages. Una vulnerabilidad de Autorización Inapropiada en la extensión ePO de McAfee Data Loss Prevention (DLP) versiones anteriores a 11.5.3, permite a atacantes remotos autenticados cambiar la configuración cuando inician sesión con privilegios de solo visualiz... • https://kc.mcafee.com/corporate/index?page=content&id=SB10326 • CWE-863: Incorrect Authorization •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-3640 – Data Loss Prevention - Unprotected Transport of Credentials

https://notcve.org/view.php?id=CVE-2019-3640

14 Nov 2019 — Unprotected Transport of Credentials in ePO extension in McAfee Data Loss Prevention 11.x prior to 11.4.0 allows remote attackers with access to the network to collect login details to the LDAP server via the ePO extension not using a secure connection when testing LDAP connectivity. El Transporte Desprotegido de Credenciales en la extensión ePO en McAfee Data Loss Prevention versiones 11.x anteriores a la versión 11.4.0, permite a atacantes remotos con acceso a la red recopilar detalles de inicio de sesión... • https://kc.mcafee.com/corporate/index?page=content&id=SB10298 • CWE-319: Cleartext Transmission of Sensitive Information •

CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 0

CVE-2014-9230

https://notcve.org/view.php?id=CVE-2014-9230

28 Jun 2015 — Cross-site scripting (XSS) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la consola de administración en Enforce Server en Symantec Data Loss Prevention (DLP) anterior a 12.5.2 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificados. • http://www.securityfocus.com/bid/75288 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-1485

https://notcve.org/view.php?id=CVE-2015-1485

28 Jun 2015 — Cross-site request forgery (CSRF) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to hijack the authentication of administrators. Vulnerabilidad de CSRF en la consola de administración en Enforce Server en Symantec Data Loss Prevention (DLP) anterior a 12.5.2 permite a atacantes remotos secuestrar la autenticación de administradores. • http://www.securityfocus.com/bid/75289 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 9.3EPSS: 10%CPEs: 24EXPL: 0

CVE-2011-0548

https://notcve.org/view.php?id=CVE-2011-0548

18 Jul 2011 — Buffer overflow in the Lotus Freelance Graphics PRZ file viewer in Autonomy KeyView, as used in Symantec Mail Security (SMS) 6.x through 8.x, Symantec Brightmail and Messaging Gateway before 9.5.1, and Symantec Data Loss Prevention (DLP) before 10.5.3 and 11.x before 11.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .prz file. NOTE: this may overlap CVE-2011-1217. Desbordamiento de búfer en Lotus Freelance Graphics PRZ file viewer... • http://secunia.com/advisories/44779 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

1 2