cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-31844,https://securityvulnerability.io/vulnerability/CVE-2021-31844,Local Privilege Escalation in McAfee DLP Endpoint for Windows,A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a local attacker to execute arbitrary code with elevated privileges through placing carefully constructed Ami Pro (.sam) files onto the local system and triggering a DLP Endpoint scan through accessing a file. This is caused by the destination buffer being of fixed size and incorrect checks being made on the source size.,"Mcafee,llc",Mcafee Data Loss Prevention (dlp) Endpoint For Windows,8.2,HIGH,0.0006000000284984708,false,,false,false,false,,,false,false,,2021-09-17T13:45:18.000Z,0
CVE-2021-31832,https://securityvulnerability.io/vulnerability/CVE-2021-31832,Cross site scripting vulnerability in DLP Endpoint for Windows,Improper Neutralization of Input in the ePO administrator extension for McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a remote ePO DLP administrator to inject JavaScript code into the alert configuration text field. This JavaScript will be executed when an end user triggers a DLP policy on their machine.,"Mcafee,llc",Mcafee Data Loss Prevention (dlp) Endpoint For Windows,5.2,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2021-06-09T13:45:17.000Z,0
CVE-2021-23887,https://securityvulnerability.io/vulnerability/CVE-2021-23887,Privilege escalation in McAfee DLP Endpoint for Windows,"Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to write to arbitrary controlled kernel addresses. This is achieved by launching applications, suspending them, modifying the memory and restarting them when they are monitored by McAfee DLP through the hdlphook driver.","Mcafee,llc",Mcafee Data Loss Prevention (dlp) Endpoint For Windows,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-04-15T07:55:15.000Z,0
CVE-2021-23886,https://securityvulnerability.io/vulnerability/CVE-2021-23886,Local Denial of Service in McAfee DLP Endpoint for Windows,"Denial of Service vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to cause a BSoD through suspending a process, modifying the processes memory and restarting it. This is triggered by the hdlphook driver reading invalid memory.","Mcafee,llc",Mcafee Data Loss Prevention (dlp) Endpoint For Windows,5.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-04-15T07:50:15.000Z,0
CVE-2020-7346,https://securityvulnerability.io/vulnerability/CVE-2020-7346,Privilege escalation in McAfee DLP Endpoint for Windows,"Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) for Windows prior to 11.6.100 allows a local, low privileged, attacker through the use of junctions to cause the product to load DLLs of the attacker's choosing. This requires the creation and removal of junctions by the attacker along with sending a specific IOTL command at the correct time.

","Mcafee,llc",Mcafee Data Loss Prevention (dlp) Endpoint For Windows,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-03-23T16:05:23.000Z,0
CVE-2018-6689,https://securityvulnerability.io/vulnerability/CVE-2018-6689," Data Loss Prevention Endpoint (DLPe) - Authentication Bypass vulnerability","Authentication Bypass vulnerability in McAfee Data Loss Prevention Endpoint (DLPe) 10.0.x earlier than 10.0.510, and 11.0.x earlier than 11.0.600 allows attackers to bypass local security protection via specific conditions.",Mcafee,Data Loss Prevention Endpoint (dlpe),7,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2018-10-03T12:00:00.000Z,0
CVE-2018-6664,https://securityvulnerability.io/vulnerability/CVE-2018-6664,SB10233 - Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 - Application Protections Bypass vulnerability,Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 allows authenticated users to bypass the product block action via a command-line utility.,Mcafee,Data Loss Prevention (dlp) Endpoint,5.8,MEDIUM,0.003599999938160181,false,,false,false,false,,,false,false,,2018-05-08T00:00:00.000Z,0
CVE-2017-3948,https://securityvulnerability.io/vulnerability/CVE-2017-3948,,Cross Site Scripting (XSS) in IMG Tags in the ePO extension in McAfee Data Loss Prevention Endpoint (DLP Endpoint) 10.0.x allows authenticated users to inject arbitrary web script or HTML via injecting malicious JavaScript into a user's browsing session.,Mcafee,Data Loss Prevention Endpoint (dlpe),5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2017-06-23T13:00:00.000Z,0
CVE-2016-3984,https://securityvulnerability.io/vulnerability/CVE-2016-3984,,"The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Device Control (MDC) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Endpoint Security (ENS) 10.x before 10.1, Host Intrusion Prevention Service (IPS) 8.0 before 8.0.0.3624, and VirusScan Enterprise (VSE) 8.8 before P7 (8.8.0.1528) on Windows allows local administrators to bypass intended self-protection rules and disable the antivirus engine by modifying registry keys.",Mcafee,"Data Loss Prevention Endpoint,Agent,Virusscan Enterprise,Host Intrusion Prevention,Active Response,Data Exchange Layer,Endpoint Security",5.1,MEDIUM,0.0009699999936856329,false,,false,false,false,,,false,false,,2016-04-08T15:00:00.000Z,0
CVE-2015-2757,https://securityvulnerability.io/vulnerability/CVE-2015-2757,,The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to cause a denial of service (database lock or license corruption) via unspecified vectors.,Mcafee,Data Loss Prevention Endpoint,,,0.001120000029914081,false,,false,false,false,,,false,false,,2015-03-27T14:00:00.000Z,0
CVE-2015-2758,https://securityvulnerability.io/vulnerability/CVE-2015-2758,,"The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to obtain sensitive information, modify the database, or possibly have other unspecified impact via a crafted URL.",Mcafee,Data Loss Prevention Endpoint,,,0.0015300000086426735,false,,false,false,false,,,false,false,,2015-03-27T14:00:00.000Z,0
CVE-2015-2759,https://securityvulnerability.io/vulnerability/CVE-2015-2759,,Multiple cross-site request forgery (CSRF) vulnerabilities in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allow remote attackers to hijack the authentication of users for requests that (1) obtain sensitive information or (2) modify the database via unspecified vectors.,Mcafee,Data Loss Prevention Endpoint,,,0.0009200000204145908,false,,false,false,false,,,false,false,,2015-03-27T14:00:00.000Z,0
CVE-2015-2760,https://securityvulnerability.io/vulnerability/CVE-2015-2760,,Cross-site scripting (XSS) vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.,Mcafee,Data Loss Prevention Endpoint,,,0.0006799999973736703,false,,false,false,false,,,false,false,,2015-03-27T14:00:00.000Z,0
CVE-2015-1616,https://securityvulnerability.io/vulnerability/CVE-2015-1616,,SQL injection vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated ePO users to execute arbitrary SQL commands via unspecified vectors.,Mcafee,Data Loss Prevention Endpoint,,,0.0011099999537691474,false,,false,false,false,,,false,false,,2015-02-17T15:59:00.000Z,0
CVE-2015-1617,https://securityvulnerability.io/vulnerability/CVE-2015-1617,,Cross-site scripting (XSS) vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.,Mcafee,Data Loss Prevention Endpoint,,,0.0006799999973736703,false,,false,false,false,,,false,false,,2015-02-17T15:59:00.000Z,0
CVE-2015-1618,https://securityvulnerability.io/vulnerability/CVE-2015-1618,,The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to obtain sensitive password information via a crafted URL.,Mcafee,Data Loss Prevention Endpoint,,,0.0012499999720603228,false,,false,false,false,,,false,false,,2015-02-17T15:59:00.000Z,0
CVE-2015-1305,https://securityvulnerability.io/vulnerability/CVE-2015-1305,,"McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted (1) 0x00224014 or (2) 0x0022c018 IOCTL call.",Mcafee,Data Loss Prevention Endpoint,,,0.0006099999882280827,false,,false,false,false,,,false,false,,2015-02-06T15:00:00.000Z,0