Vulnerabilities > Trellix > High

DATE CVE VULNERABILITY TITLE RISK
2023-07-03 CVE-2023-3438 Unquoted Search Path or Element vulnerability in Trellix Move
An unquoted Windows search path vulnerability existed in the install the MOVE 4.10.x and earlier Windows install service (mvagtsce.exe).
local
low complexity
trellix CWE-428
7.8
2023-06-07 CVE-2023-0976 Uncontrolled Search Path Element vulnerability in Trellix Agent 5.7.7/5.7.8
A command Injection Vulnerability in TA for mac-OS prior to version 5.7.9 allows local users to place an arbitrary file into the /Library/Trellix/Agent/bin/ folder.
local
low complexity
trellix CWE-427
7.8
2023-06-07 CVE-2023-1388 Out-of-bounds Write vulnerability in Trellix Agent 5.7.7/5.7.8
A heap-based overflow vulnerability in TA prior to version 5.7.9 allows a remote user to alter the page heap in the macmnsvc process memory block, resulting in the service becoming unavailable.
network
low complexity
trellix CWE-787
8.1
2023-04-03 CVE-2023-0975 Improper Preservation of Permissions vulnerability in Trellix Agent 5.7.7/5.7.8
A vulnerability exists in Trellix Agent for Windows version 5.7.8 and earlier, that allows local users, during install/upgrade workflow, to replace one of the Agent’s executables before it can be executed.
local
low complexity
trellix CWE-281
7.8
2023-02-02 CVE-2023-0400 Uncontrolled Search Path Element vulnerability in Trellix Data Loss Prevention 11.9.0/11.9.100
The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0.
local
low complexity
trellix CWE-427
8.2
2022-11-04 CVE-2022-3340 XXE vulnerability in Trellix Intrusion Prevention System Manager 10.1
XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported.
network
low complexity
trellix CWE-611
7.2