Vulnerabilities > Trellix

DATE CVE VULNERABILITY TITLE RISK
2023-11-16 CVE-2023-6119 Improper Privilege Management vulnerability in Trellix Getsusp
An Improper Privilege Management vulnerability in Trellix GetSusp prior to version 5.0.0.27 allows a local, low privilege attacker to gain access to files that usually require a higher privilege level.
local
low complexity
trellix CWE-269
7.8
2023-10-04 CVE-2023-3665 Code Injection vulnerability in Trellix Endpoint Security
A code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a local user to disable the ENS AMSI component via environment variables, leading to denial of service and or the execution of arbitrary code.
local
low complexity
trellix CWE-94
7.8
2023-09-14 CVE-2023-4814 Incorrect Authorization vulnerability in Trellix Data Loss Prevention 11.10.100.17
A Privilege escalation vulnerability exists in Trellix Windows DLP endpoint for windows which can be abused to delete any file/folder for which the user does not have permission to.
local
low complexity
trellix CWE-863
7.1
2023-07-03 CVE-2023-3314 OS Command Injection vulnerability in Trellix Enterprise Security Manager 11.6.3
A vulnerability arises out of a failure to comprehensively sanitize the processing of a zip file(s).
network
low complexity
trellix CWE-78
8.8
2023-07-03 CVE-2023-3313 OS Command Injection vulnerability in Trellix Enterprise Security Manager 11.6.3
An OS common injection vulnerability exists in the ESM certificate API, whereby incorrectly neutralized special elements may have allowed an unauthorized user to execute system command injection for the purpose of privilege escalation or to execute arbitrary commands.
local
low complexity
trellix CWE-78
7.8
2023-07-03 CVE-2023-3438 Unquoted Search Path or Element vulnerability in Trellix Move
An unquoted Windows search path vulnerability existed in the install the MOVE 4.10.x and earlier Windows install service (mvagtsce.exe).
local
low complexity
trellix CWE-428
7.8
2023-06-07 CVE-2023-0976 Uncontrolled Search Path Element vulnerability in Trellix Agent 5.7.7/5.7.8
A command Injection Vulnerability in TA for mac-OS prior to version 5.7.9 allows local users to place an arbitrary file into the /Library/Trellix/Agent/bin/ folder.
local
low complexity
trellix CWE-427
7.8
2023-06-07 CVE-2023-1388 Out-of-bounds Write vulnerability in Trellix Agent 5.7.7/5.7.8
A heap-based overflow vulnerability in TA prior to version 5.7.9 allows a remote user to alter the page heap in the macmnsvc process memory block, resulting in the service becoming unavailable.
network
low complexity
trellix CWE-787
8.1
2023-04-03 CVE-2023-0975 Improper Preservation of Permissions vulnerability in Trellix Agent 5.7.7/5.7.8
A vulnerability exists in Trellix Agent for Windows version 5.7.8 and earlier, that allows local users, during install/upgrade workflow, to replace one of the Agent’s executables before it can be executed.
local
low complexity
trellix CWE-281
7.8
2023-04-03 CVE-2023-0977 Out-of-bounds Write vulnerability in Trellix Agent 5.7.7/5.7.8
A heap-based overflow vulnerability in Trellix Agent (Windows and Linux) version 5.7.8 and earlier, allows a remote user to alter the page heap in the macmnsvc process memory block resulting in the service becoming unavailable.
network
low complexity
trellix CWE-787
6.5