Vulnerabilities > Trellix > Agent > 5.7.8

DATE CVE VULNERABILITY TITLE RISK
2023-06-07 CVE-2023-0976 Uncontrolled Search Path Element vulnerability in Trellix Agent 5.7.7/5.7.8
A command Injection Vulnerability in TA for mac-OS prior to version 5.7.9 allows local users to place an arbitrary file into the /Library/Trellix/Agent/bin/ folder.
local
low complexity
trellix CWE-427
7.8
2023-06-07 CVE-2023-1388 Out-of-bounds Write vulnerability in Trellix Agent 5.7.7/5.7.8
A heap-based overflow vulnerability in TA prior to version 5.7.9 allows a remote user to alter the page heap in the macmnsvc process memory block, resulting in the service becoming unavailable.
network
low complexity
trellix CWE-787
8.1
2023-04-03 CVE-2023-0975 Improper Preservation of Permissions vulnerability in Trellix Agent 5.7.7/5.7.8
A vulnerability exists in Trellix Agent for Windows version 5.7.8 and earlier, that allows local users, during install/upgrade workflow, to replace one of the Agent’s executables before it can be executed.
local
low complexity
trellix CWE-281
7.8
2023-04-03 CVE-2023-0977 Out-of-bounds Write vulnerability in Trellix Agent 5.7.7/5.7.8
A heap-based overflow vulnerability in Trellix Agent (Windows and Linux) version 5.7.8 and earlier, allows a remote user to alter the page heap in the macmnsvc process memory block resulting in the service becoming unavailable.
network
low complexity
trellix CWE-787
6.5