CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4814
https://notcve.org/view.php?id=CVE-2023-4814
14 Sep 2023 — A Privilege escalation vulnerability exists in Trellix Windows DLP endpoint for windows which can be abused to delete any file/folder for which the user does not have permission to. Existe una vulnerabilidad de escalada de privilegios en Trellix Windows DLP endpoint para Windows de la que se puede abusar para eliminar cualquier archivo/carpeta para el cual el usuario no tiene permiso. • https://kcm.trellix.com/corporate/index?page=content&id=SB10407 • CWE-250: Execution with Unnecessary Privileges CWE-863: Incorrect Authorization •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 1CVE-2023-0400
https://notcve.org/view.php?id=CVE-2023-0400
01 Feb 2023 — The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to bypass DLP controls when uploading sensitive data from a mapped drive into a web email client. Loading from a local driver was correctly prevented. Versions prior to 11.9 correctly detected and blocked the attempted upload of sensitive data. • https://github.com/pinpinsec/CVE-2023-0400 • CWE-427: Uncontrolled Search Path Element CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2022-1700
https://notcve.org/view.php?id=CVE-2022-1700
12 Sep 2022 — Improper Restriction of XML External Entity Reference ('XXE') vulnerability in the Policy Engine of Forcepoint Data Loss Prevention (DLP), which is also leveraged by Forcepoint One Endpoint (F1E), Web Security Content Gateway, Email Security with DLP enabled, and Cloud Security Gateway prior to June 20, 2022. The XML parser in the Policy Engine was found to be improperly configured to support external entities and external DTD (Document Type Definitions), which can lead to an XXE attack. This issue affects:... • https://help.forcepoint.com/security/CVE/CVE-2022-1700.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2021-4088 – Blind SQL injection in DLP ePO extension
https://notcve.org/view.php?id=CVE-2021-4088
24 Jan 2022 — SQL injection vulnerability in Data Loss Protection (DLP) ePO extension 11.8.x prior to 11.8.100, 11.7.x prior to 11.7.101, and 11.6.401 allows a remote authenticated attacker to inject unfiltered SQL into the DLP part of the ePO database. This could lead to remote code execution on the ePO server with privilege escalation. Una vulnerabilidad de inyección SQL en la extensión de ePO de Data Loss Protection (DLP) versiones 11.8.x anteriores a 11.8.100, versiones 11.7.x anteriores a 11.7.101 y versiones 11.6.4... • https://kc.mcafee.com/corporate/index?page=content&id=SB10376 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.2EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31832 – Cross site scripting vulnerability in DLP Endpoint for Windows
https://notcve.org/view.php?id=CVE-2021-31832
09 Jun 2021 — Improper Neutralization of Input in the ePO administrator extension for McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a remote ePO DLP administrator to inject JavaScript code into the alert configuration text field. This JavaScript will be executed when an end user triggers a DLP policy on their machine. Una Neutralización Inapropiada de la Entrada en la extensión del administrador de ePO para McAfee Data Loss Prevention (DLP) Endpoint para Windows anterior a 11.6.200 permi... • https://kc.mcafee.com/corporate/index?page=content&id=SB10360 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-6590
https://notcve.org/view.php?id=CVE-2020-6590
08 Apr 2021 — Forcepoint Web Security Content Gateway versions prior to 8.5.4 improperly process XML input, leading to information disclosure. Forcepoint Web Security Content Gateway versiones anteriores a 8.5.4, procesan inapropiadamente una entrada XML, conllevando a una divulgación de información • https://help.forcepoint.com/security/CVE/CVE-2020-6590.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7346 – Privilege escalation in McAfee DLP Endpoint for Windows
https://notcve.org/view.php?id=CVE-2020-7346
23 Mar 2021 — Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) for Windows prior to 11.6.100 allows a local, low privileged, attacker through the use of junctions to cause the product to load DLLs of the attacker's choosing. This requires the creation and removal of junctions by the attacker along with sending a specific IOTL command at the correct time. Una vulnerabilidad de Escalada de Privilegios en McAfee Data Loss Prevention (DLP) para Windows versiones anteriores a 11.6.100, permite a un atac... • https://kc.mcafee.com/corporate/index?page=content&id=SB10344 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.2EPSS: 0%CPEs: 3EXPL: 0CVE-2020-7307 – DLP for Mac - Unprotected Storage of Credentials
https://notcve.org/view.php?id=CVE-2020-7307
13 Aug 2020 — Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows local users to gain access to the RiskDB username and password via unprotected log files containing plain text credentials. Una vulnerabilidad de Almacenamiento de Credenciales Desprotegido en McAfee Data Loss Prevention (DLP) para Mac versiones anteriores a 11.5.2, permite a usuarios locales conseguir acceso al nombre de usuario y contraseña de RiskDB por medio de archivos de registro no pro... • https://kc.mcafee.com/corporate/index?page=content&id=SB10326 • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.2EPSS: 0%CPEs: 3EXPL: 0CVE-2020-7306 – DLP for Mac - Unprotected Storage of Credentials
https://notcve.org/view.php?id=CVE-2020-7306
13 Aug 2020 — Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows local users to gain access to the ADRMS username and password via unprotected log files containing plain text Una vulnerabilidad de Almacenamiento de Credenciales No Protegido en McAfee Data Loss Prevention (DLP) para Mac versiones anteriores a 11.5.2, permite a usuarios locales conseguir acceso al nombre de usuario y contraseña de ADRMS por medio de archivos de registro no protegidos que con... • https://kc.mcafee.com/corporate/index?page=content&id=SB10326 • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2020-7305 – DLP ePO extension - Privilege escalation
https://notcve.org/view.php?id=CVE-2020-7305
13 Aug 2020 — Privilege escalation vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows a low privileged remote attacker to create new rule sets via incorrect validation of user credentials. Una vulnerabilidad de escalada de privilegios en la extensión ePO de McAfee Data Loss Prevention (DLP) versiones anteriores a 11.5.3, permite a un atacante remoto con poco privilegiado crear nuevos conjuntos de reglas por medio una comprobación incorrecta de las credenciales del usuario • https://kc.mcafee.com/corporate/index?page=content&id=SB10326 • CWE-269: Improper Privilege Management •