Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Mcafee Subscribe
Filtered by product Data Loss Prevention Endpoint
Total 26 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-1305 2 Mcafee, Microsoft 2 Data Loss Prevention Endpoint, Windows Xp 2023-12-10 6.9 MEDIUM N/A
McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted (1) 0x00224014 or (2) 0x0022c018 IOCTL call.
CVE-2015-1616 1 Mcafee 1 Data Loss Prevention Endpoint 2023-12-10 6.5 MEDIUM N/A
SQL injection vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated ePO users to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-2758 1 Mcafee 1 Data Loss Prevention Endpoint 2023-12-10 6.5 MEDIUM N/A
The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to obtain sensitive information, modify the database, or possibly have other unspecified impact via a crafted URL.
CVE-2015-2757 1 Mcafee 1 Data Loss Prevention Endpoint 2023-12-10 4.0 MEDIUM N/A
The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to cause a denial of service (database lock or license corruption) via unspecified vectors.
CVE-2015-2759 1 Mcafee 1 Data Loss Prevention Endpoint 2023-12-10 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allow remote attackers to hijack the authentication of users for requests that (1) obtain sensitive information or (2) modify the database via unspecified vectors.
CVE-2015-1617 1 Mcafee 1 Data Loss Prevention Endpoint 2023-12-10 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.