Vulnerabilities > Mcafee > Data Loss Prevention Endpoint
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-30 | CVE-2022-2330 | XXE vulnerability in Mcafee Data Loss Prevention Endpoint Improper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows prior to 11.9.100 allows a remote attacker to cause the DLP Agent to access a local service that the attacker wouldn't usually have access to via a carefully constructed XML file, which the DLP Agent doesn't parse correctly. | 6.5 |
| 2021-11-01 | CVE-2021-31848 | Cross-site Scripting vulnerability in Mcafee Data Loss Prevention Endpoint 11.6.0/11.6.100.41 Cross site scripting (XSS) vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker to highjack an active DLP ePO administrator session by convincing the logged in administrator to click on a carefully crafted link in the case management part of the DLP ePO extension. | 6.1 |
| 2021-11-01 | CVE-2021-31849 | SQL Injection vulnerability in Mcafee Data Loss Prevention Endpoint 11.6.0/11.6.100.41 SQL injection vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker logged into ePO as an administrator to inject arbitrary SQL into the ePO database through the user management section of the DLP ePO extension. | 7.2 |
| 2021-09-17 | CVE-2021-31844 | Classic Buffer Overflow vulnerability in Mcafee Data Loss Prevention Endpoint A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a local attacker to execute arbitrary code with elevated privileges through placing carefully constructed Ami Pro (.sam) files onto the local system and triggering a DLP Endpoint scan through accessing a file. | 7.3 |
| 2021-04-15 | CVE-2021-23887 | Unspecified vulnerability in Mcafee Data Loss Prevention Endpoint Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to write to arbitrary controlled kernel addresses. | 7.8 |
| 2021-04-15 | CVE-2021-23886 | Improper Handling of Exceptional Conditions vulnerability in Mcafee Data Loss Prevention Endpoint Denial of Service vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to cause a BSoD through suspending a process, modifying the processes memory and restarting it. | 5.5 |
| 2019-08-21 | CVE-2019-3634 | Out-of-bounds Read vulnerability in Mcafee Data Loss Prevention Endpoint 11.3.0 Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.2.8 allows local user to cause the Windows operating system to "blue screen" via an encrypted message sent to DLPe which when decrypted results in DLPe reading unallocated memory. | 5.5 |
| 2019-08-21 | CVE-2019-3633 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mcafee Data Loss Prevention Endpoint 11.3.0 Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.2.8 allows local user to cause the Windows operating system to "blue screen" via a carefully constructed message sent to DLPe which bypasses DLPe internal checks and results in DLPe reading unallocated memory. | 5.5 |
| 2019-07-25 | CVE-2019-3621 | Unspecified vulnerability in Mcafee Data Loss Prevention Endpoint Authentication protection bypass vulnerability in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows physical local user to bypass the Windows lock screen via DLPe processes being killed just prior to the screen being locked or when the screen is locked. low complexity mcafee | 6.2 |
| 2019-07-24 | CVE-2019-3622 | Files or Directories Accessible to External Parties vulnerability in Mcafee Data Loss Prevention Endpoint Files or Directories Accessible to External Parties in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows authenticated user to redirect DLPe log files to arbitrary locations via incorrect access control applied to the DLPe log folder allowing privileged users to create symbolic links. | 8.2 |