CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2022-1700
https://notcve.org/view.php?id=CVE-2022-1700
12 Sep 2022 — Improper Restriction of XML External Entity Reference ('XXE') vulnerability in the Policy Engine of Forcepoint Data Loss Prevention (DLP), which is also leveraged by Forcepoint One Endpoint (F1E), Web Security Content Gateway, Email Security with DLP enabled, and Cloud Security Gateway prior to June 20, 2022. The XML parser in the Policy Engine was found to be improperly configured to support external entities and external DTD (Document Type Definitions), which can lead to an XXE attack. This issue affects:... • https://help.forcepoint.com/security/CVE/CVE-2022-1700.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.2EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31832 – Cross site scripting vulnerability in DLP Endpoint for Windows
https://notcve.org/view.php?id=CVE-2021-31832
09 Jun 2021 — Improper Neutralization of Input in the ePO administrator extension for McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a remote ePO DLP administrator to inject JavaScript code into the alert configuration text field. This JavaScript will be executed when an end user triggers a DLP policy on their machine. Una Neutralización Inapropiada de la Entrada en la extensión del administrador de ePO para McAfee Data Loss Prevention (DLP) Endpoint para Windows anterior a 11.6.200 permi... • https://kc.mcafee.com/corporate/index?page=content&id=SB10360 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-6590
https://notcve.org/view.php?id=CVE-2020-6590
08 Apr 2021 — Forcepoint Web Security Content Gateway versions prior to 8.5.4 improperly process XML input, leading to information disclosure. Forcepoint Web Security Content Gateway versiones anteriores a 8.5.4, procesan inapropiadamente una entrada XML, conllevando a una divulgación de información • https://help.forcepoint.com/security/CVE/CVE-2020-6590.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7346 – Privilege escalation in McAfee DLP Endpoint for Windows
https://notcve.org/view.php?id=CVE-2020-7346
23 Mar 2021 — Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) for Windows prior to 11.6.100 allows a local, low privileged, attacker through the use of junctions to cause the product to load DLLs of the attacker's choosing. This requires the creation and removal of junctions by the attacker along with sending a specific IOTL command at the correct time. Una vulnerabilidad de Escalada de Privilegios en McAfee Data Loss Prevention (DLP) para Windows versiones anteriores a 11.6.100, permite a un atac... • https://kc.mcafee.com/corporate/index?page=content&id=SB10344 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 0CVE-2014-9230
https://notcve.org/view.php?id=CVE-2014-9230
28 Jun 2015 — Cross-site scripting (XSS) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la consola de administración en Enforce Server en Symantec Data Loss Prevention (DLP) anterior a 12.5.2 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificados. • http://www.securityfocus.com/bid/75288 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1485
https://notcve.org/view.php?id=CVE-2015-1485
28 Jun 2015 — Cross-site request forgery (CSRF) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to hijack the authentication of administrators. Vulnerabilidad de CSRF en la consola de administración en Enforce Server en Symantec Data Loss Prevention (DLP) anterior a 12.5.2 permite a atacantes remotos secuestrar la autenticación de administradores. • http://www.securityfocus.com/bid/75289 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.3EPSS: 10%CPEs: 24EXPL: 0CVE-2011-0548
https://notcve.org/view.php?id=CVE-2011-0548
18 Jul 2011 — Buffer overflow in the Lotus Freelance Graphics PRZ file viewer in Autonomy KeyView, as used in Symantec Mail Security (SMS) 6.x through 8.x, Symantec Brightmail and Messaging Gateway before 9.5.1, and Symantec Data Loss Prevention (DLP) before 10.5.3 and 11.x before 11.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .prz file. NOTE: this may overlap CVE-2011-1217. Desbordamiento de búfer en Lotus Freelance Graphics PRZ file viewer... • http://secunia.com/advisories/44779 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •