Vulnerabilities > Trellix > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-03 | CVE-2023-3438 | Unquoted Search Path or Element vulnerability in Trellix Move An unquoted Windows search path vulnerability existed in the install the MOVE 4.10.x and earlier Windows install service (mvagtsce.exe). | 7.8 |
| 2023-06-07 | CVE-2023-0976 | Uncontrolled Search Path Element vulnerability in Trellix Agent 5.7.7/5.7.8 A command Injection Vulnerability in TA for mac-OS prior to version 5.7.9 allows local users to place an arbitrary file into the /Library/Trellix/Agent/bin/ folder. | 7.8 |
| 2023-06-07 | CVE-2023-1388 | Out-of-bounds Write vulnerability in Trellix Agent 5.7.7/5.7.8 A heap-based overflow vulnerability in TA prior to version 5.7.9 allows a remote user to alter the page heap in the macmnsvc process memory block, resulting in the service becoming unavailable. | 8.1 |
| 2023-04-03 | CVE-2023-0975 | Improper Preservation of Permissions vulnerability in Trellix Agent 5.7.7/5.7.8 A vulnerability exists in Trellix Agent for Windows version 5.7.8 and earlier, that allows local users, during install/upgrade workflow, to replace one of the Agent’s executables before it can be executed. | 7.8 |
| 2023-02-02 | CVE-2023-0400 | Uncontrolled Search Path Element vulnerability in Trellix Data Loss Prevention 11.9.0/11.9.100 The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. | 8.2 |
| 2022-11-04 | CVE-2022-3340 | XXE vulnerability in Trellix Intrusion Prevention System Manager 10.1 XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported. | 7.2 |