3 results (0.008 seconds)

CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 1

The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to bypass DLP controls when uploading sensitive data from a mapped drive into a web email client. Loading from a local driver was correctly prevented. Versions prior to 11.9 correctly detected and blocked the attempted upload of sensitive data. • https://github.com/pinpinsec/CVE-2023-0400 https://kcm.trellix.com/corporate/index?page=content&id=SB10394&locale=en_US • CWE-427: Uncontrolled Search Path Element CWE-670: Always-Incorrect Control Flow Implementation •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

Cross-site request forgery (CSRF) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to hijack the authentication of administrators. Vulnerabilidad de CSRF en la consola de administración en Enforce Server en Symantec Data Loss Prevention (DLP) anterior a 12.5.2 permite a atacantes remotos secuestrar la autenticación de administradores. • http://www.securityfocus.com/bid/75289 http://www.securitytracker.com/id/1032710 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150622_00 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la consola de administración en Enforce Server en Symantec Data Loss Prevention (DLP) anterior a 12.5.2 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificados. • http://www.securityfocus.com/bid/75288 http://www.securitytracker.com/id/1032710 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150622_00 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •