CVE-2023-4814
https://notcve.org/view.php?id=CVE-2023-4814
A Privilege escalation vulnerability exists in Trellix Windows DLP endpoint for windows which can be abused to delete any file/folder for which the user does not have permission to. Existe una vulnerabilidad de escalada de privilegios en Trellix Windows DLP endpoint para Windows de la que se puede abusar para eliminar cualquier archivo/carpeta para el cual el usuario no tiene permiso. • https://kcm.trellix.com/corporate/index?page=content&id=SB10407 • CWE-250: Execution with Unnecessary Privileges CWE-863: Incorrect Authorization •
CVE-2023-0400
https://notcve.org/view.php?id=CVE-2023-0400
The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to bypass DLP controls when uploading sensitive data from a mapped drive into a web email client. Loading from a local driver was correctly prevented. Versions prior to 11.9 correctly detected and blocked the attempted upload of sensitive data. • https://github.com/pinpinsec/CVE-2023-0400 https://kcm.trellix.com/corporate/index?page=content&id=SB10394&locale=en_US • CWE-427: Uncontrolled Search Path Element CWE-670: Always-Incorrect Control Flow Implementation •