Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): mcafee dlp
- Search Type: Search All
- CPE Name Search: false
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2021-4088 |
SQL injection vulnerability in Data Loss Protection (DLP) ePO extension 11.8.x prior to 11.8.100, 11.7.x prior to 11.7.101, and 11.6.401 allows a remote authenticated attacker to inject unfiltered SQL into the DLP part of the ePO database. This could lead to remote code execution on the ePO server with privilege escalation. Published: January 24, 2022; 11:15:08 AM -0500 |
V3.1: 7.2 HIGH V2.0: 6.5 MEDIUM |
CVE-2021-31849 |
SQL injection vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker logged into ePO as an administrator to inject arbitrary SQL into the ePO database through the user management section of the DLP ePO extension. Published: November 01, 2021; 4:15:07 PM -0400 |
V3.1: 7.2 HIGH V2.0: 6.5 MEDIUM |
CVE-2021-31848 |
Cross site scripting (XSS) vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker to highjack an active DLP ePO administrator session by convincing the logged in administrator to click on a carefully crafted link in the case management part of the DLP ePO extension. Published: November 01, 2021; 4:15:07 PM -0400 |
V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2021-31845 |
A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Discover prior to 11.6.100 allows an attacker in the same network as the DLP Discover to execute arbitrary code through placing carefully constructed Ami Pro (.sam) files onto a machine and having DLP Discover scan it, leading to remote code execution with elevated privileges. This is caused by the destination buffer being of fixed size and incorrect checks being made on the source size. Published: September 17, 2021; 10:15:08 AM -0400 |
V3.1: 7.3 HIGH V2.0: 6.0 MEDIUM |
CVE-2021-31844 |
A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a local attacker to execute arbitrary code with elevated privileges through placing carefully constructed Ami Pro (.sam) files onto the local system and triggering a DLP Endpoint scan through accessing a file. This is caused by the destination buffer being of fixed size and incorrect checks being made on the source size. Published: September 17, 2021; 10:15:08 AM -0400 |
V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2021-31832 |
Improper Neutralization of Input in the ePO administrator extension for McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a remote ePO DLP administrator to inject JavaScript code into the alert configuration text field. This JavaScript will be executed when an end user triggers a DLP policy on their machine. Published: June 09, 2021; 10:15:09 AM -0400 |
V3.1: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2021-23887 |
Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to write to arbitrary controlled kernel addresses. This is achieved by launching applications, suspending them, modifying the memory and restarting them when they are monitored by McAfee DLP through the hdlphook driver. Published: April 15, 2021; 4:15:14 AM -0400 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2021-23886 |
Denial of Service vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to cause a BSoD through suspending a process, modifying the processes memory and restarting it. This is triggered by the hdlphook driver reading invalid memory. Published: April 15, 2021; 4:15:14 AM -0400 |
V3.1: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2020-7346 |
Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) for Windows prior to 11.6.100 allows a local, low privileged, attacker through the use of junctions to cause the product to load DLLs of the attacker's choosing. This requires the creation and removal of junctions by the attacker along with sending a specific IOTL command at the correct time. Published: March 23, 2021; 12:15:13 PM -0400 |
V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2020-7307 |
Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows local users to gain access to the RiskDB username and password via unprotected log files containing plain text credentials. Published: August 13, 2020; 12:15:13 AM -0400 |
V3.1: 5.2 MEDIUM V2.0: 2.1 LOW |
CVE-2020-7306 |
Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows local users to gain access to the ADRMS username and password via unprotected log files containing plain text Published: August 12, 2020; 11:15:14 PM -0400 |
V3.1: 5.2 MEDIUM V2.0: 2.1 LOW |
CVE-2020-7305 |
Privilege escalation vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows a low privileged remote attacker to create new rule sets via incorrect validation of user credentials. Published: August 12, 2020; 11:15:14 PM -0400 |
V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2020-7304 |
Cross site request forgery vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote attacker to embed a CRSF script via adding a new label. Published: August 12, 2020; 11:15:14 PM -0400 |
V3.1: 7.6 HIGH V2.0: 5.2 MEDIUM |
CVE-2020-7303 |
Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote user to trigger scripts to run in a user's browser via adding a new label. Published: August 12, 2020; 11:15:14 PM -0400 |
V3.1: 4.1 MEDIUM V2.0: 2.3 LOW |
CVE-2020-7302 |
Unrestricted Upload of File with Dangerous Type in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to upload malicious files to the DLP case management section via lack of sanity checking. Published: August 12, 2020; 11:15:14 PM -0400 |
V3.1: 6.4 MEDIUM V2.0: 5.5 MEDIUM |
CVE-2020-7301 |
Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to trigger alerts via the file upload tab in the DLP case management section. Published: August 12, 2020; 6:15:12 PM -0400 |
V3.1: 4.6 MEDIUM V2.0: 3.5 LOW |
CVE-2020-7300 |
Improper Authorization vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote attackers to change the configuration when logged in with view only privileges via carefully constructed HTTP post messages. Published: August 12, 2020; 6:15:12 PM -0400 |
V3.1: 6.3 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2019-3634 |
Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.2.8 allows local user to cause the Windows operating system to "blue screen" via an encrypted message sent to DLPe which when decrypted results in DLPe reading unallocated memory. Published: August 21, 2019; 12:15:10 PM -0400 |
V3.1: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2019-3633 |
Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.2.8 allows local user to cause the Windows operating system to "blue screen" via a carefully constructed message sent to DLPe which bypasses DLPe internal checks and results in DLPe reading unallocated memory. Published: August 21, 2019; 12:15:09 PM -0400 |
V3.1: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2019-3621 |
Authentication protection bypass vulnerability in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows physical local user to bypass the Windows lock screen via DLPe processes being killed just prior to the screen being locked or when the screen is locked. The attacker requires physical access to the machine. Published: July 25, 2019; 1:15:14 PM -0400 |
V3.0: 6.2 MEDIUM V2.0: 4.6 MEDIUM |