Vulnerabilities > Mcafee > Data Loss Prevention Endpoint > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-08-30 CVE-2022-2330 XXE vulnerability in Mcafee Data Loss Prevention Endpoint
Improper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows prior to 11.9.100 allows a remote attacker to cause the DLP Agent to access a local service that the attacker wouldn't usually have access to via a carefully constructed XML file, which the DLP Agent doesn't parse correctly.
network
low complexity
mcafee CWE-611
6.5
2021-11-01 CVE-2021-31848 Cross-site Scripting vulnerability in Mcafee Data Loss Prevention Endpoint 11.6.0/11.6.100.41
Cross site scripting (XSS) vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker to highjack an active DLP ePO administrator session by convincing the logged in administrator to click on a carefully crafted link in the case management part of the DLP ePO extension.
network
low complexity
mcafee CWE-79
6.1
2021-04-15 CVE-2021-23886 Improper Handling of Exceptional Conditions vulnerability in Mcafee Data Loss Prevention Endpoint
Denial of Service vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to cause a BSoD through suspending a process, modifying the processes memory and restarting it.
local
low complexity
mcafee CWE-755
5.5
2019-08-21 CVE-2019-3634 Out-of-bounds Read vulnerability in Mcafee Data Loss Prevention Endpoint 11.3.0
Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.2.8 allows local user to cause the Windows operating system to "blue screen" via an encrypted message sent to DLPe which when decrypted results in DLPe reading unallocated memory.
local
low complexity
mcafee CWE-125
5.5
2019-08-21 CVE-2019-3633 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mcafee Data Loss Prevention Endpoint 11.3.0
Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.2.8 allows local user to cause the Windows operating system to "blue screen" via a carefully constructed message sent to DLPe which bypasses DLPe internal checks and results in DLPe reading unallocated memory.
local
low complexity
mcafee CWE-119
5.5
2019-07-25 CVE-2019-3621 Unspecified vulnerability in Mcafee Data Loss Prevention Endpoint
Authentication protection bypass vulnerability in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows physical local user to bypass the Windows lock screen via DLPe processes being killed just prior to the screen being locked or when the screen is locked.
low complexity
mcafee
6.2
2019-07-24 CVE-2019-3595 OS Command Injection vulnerability in Mcafee Data Loss Prevention Endpoint
Improper Neutralization of Special Elements used in a Command ('Command Injection') in ePO extension in McAfee Data Loss Prevention (DLP) 11.x prior to 11.3.0 allows Authenticated Adminstrator to execute arbitrary code with their local machine privileges via a specially crafted DLP policy, which is exported and opened on the their machine.
local
low complexity
mcafee CWE-78
6.5
2019-07-24 CVE-2019-3591 Cross-site Scripting vulnerability in Mcafee Data Loss Prevention Endpoint
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in ePO extension in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows unauthenticated remote user to trigger specially crafted JavaScript to render in the ePO UI via a carefully crafted upload to a remote website which is correctly blocked by DLPe Web Protection.
network
low complexity
mcafee CWE-79
6.1
2017-06-23 CVE-2017-3948 Cross-site Scripting vulnerability in Mcafee Data Loss Prevention Endpoint
Cross Site Scripting (XSS) in IMG Tags in the ePO extension in McAfee Data Loss Prevention Endpoint (DLP Endpoint) 10.0.x allows authenticated users to inject arbitrary web script or HTML via injecting malicious JavaScript into a user's browsing session.
network
low complexity
mcafee CWE-79
5.4
2016-04-08 CVE-2016-3984 Improper Access Control vulnerability in Mcafee products
The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Device Control (MDC) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Endpoint Security (ENS) 10.x before 10.1, Host Intrusion Prevention Service (IPS) 8.0 before 8.0.0.3624, and VirusScan Enterprise (VSE) 8.8 before P7 (8.8.0.1528) on Windows allows local administrators to bypass intended self-protection rules and disable the antivirus engine by modifying registry keys.
local
low complexity
mcafee CWE-284
5.1