Vulnerabilities > Mcafee > Data Loss Prevention Endpoint > 9.3.300
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-30 | CVE-2022-2330 | XXE vulnerability in Mcafee Data Loss Prevention Endpoint Improper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows prior to 11.9.100 allows a remote attacker to cause the DLP Agent to access a local service that the attacker wouldn't usually have access to via a carefully constructed XML file, which the DLP Agent doesn't parse correctly. | 6.5 |
| 2021-09-17 | CVE-2021-31844 | Classic Buffer Overflow vulnerability in Mcafee Data Loss Prevention Endpoint A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a local attacker to execute arbitrary code with elevated privileges through placing carefully constructed Ami Pro (.sam) files onto the local system and triggering a DLP Endpoint scan through accessing a file. | 7.3 |
| 2018-07-23 | CVE-2018-6683 | Incorrect Default Permissions vulnerability in Mcafee Data Loss Prevention Endpoint Exploiting Incorrectly Configured Access Control Security Levels vulnerability in McAfee Data Loss Prevention (DLP) for Windows versions prior to 10.0.505 and 11.0.405 allows local users to bypass DLP policy via editing of local policy files when offline. | 7.4 |
| 2018-05-25 | CVE-2018-6664 | Improper Verification of Cryptographic Signature vulnerability in Mcafee Data Loss Prevention Endpoint Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 allows authenticated users to bypass the product block action via a command-line utility. | 8.8 |
| 2017-03-14 | CVE-2016-8012 | Permissions, Privileges, and Access Controls vulnerability in Mcafee Data Loss Prevention Endpoint Access control vulnerability in Intel Security Data Loss Prevention Endpoint (DLPe) 9.4.200 and 9.3.600 allows authenticated users with Read-Write-Execute permissions to inject hook DLLs into other processes via pages in the target process memory get. | 4.6 |
| 2015-03-27 | CVE-2015-2760 | Cross-site Scripting vulnerability in Mcafee Data Loss Prevention Endpoint Cross-site scripting (XSS) vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2015-03-27 | CVE-2015-2759 | Cross-Site Request Forgery (CSRF) vulnerability in Mcafee Data Loss Prevention Endpoint Multiple cross-site request forgery (CSRF) vulnerabilities in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allow remote attackers to hijack the authentication of users for requests that (1) obtain sensitive information or (2) modify the database via unspecified vectors. | 6.8 |
| 2015-03-27 | CVE-2015-2758 | Permissions, Privileges, and Access Controls vulnerability in Mcafee Data Loss Prevention Endpoint The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to obtain sensitive information, modify the database, or possibly have other unspecified impact via a crafted URL. | 6.5 |
| 2015-03-27 | CVE-2015-2757 | Resource Management Errors vulnerability in Mcafee Data Loss Prevention Endpoint The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to cause a denial of service (database lock or license corruption) via unspecified vectors. | 4.0 |
| 2015-02-17 | CVE-2015-1618 | Information Exposure vulnerability in Mcafee Data Loss Prevention Endpoint The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to obtain sensitive password information via a crafted URL. | 4.0 |