Vulnerabilities > Trellix > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-10 | CVE-2024-0310 | Cross-site Scripting vulnerability in Trellix Endpoint Security web Control 10.7.0 A content-security-policy vulnerability in ENS Control browser extension prior to 10.7.0 Update 15 allows a remote attacker to alter the response header parameter setting to switch the content security policy into report-only mode, allowing an attacker to bypass the content-security-policy configuration. | 6.1 |
| 2023-11-29 | CVE-2023-6070 | Server-Side Request Forgery (SSRF) vulnerability in Trellix Enterprise Security Manager A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration. | 4.3 |
| 2023-04-03 | CVE-2023-0977 | Out-of-bounds Write vulnerability in Trellix Agent 5.7.7/5.7.8 A heap-based overflow vulnerability in Trellix Agent (Windows and Linux) version 5.7.8 and earlier, allows a remote user to alter the page heap in the macmnsvc process memory block resulting in the service becoming unavailable. | 6.5 |
| 2023-03-13 | CVE-2023-0978 | Command Injection vulnerability in multiple products A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and execute arbitrary operating system commands using specially crafted strings. | 6.7 |
| 2023-01-18 | CVE-2023-0214 | Cross-site Scripting vulnerability in Trellix Skyhigh Secure web Gateway A cross-site scripting vulnerability in Skyhigh SWG in main releases 11.x prior to 11.2.6, 10.x prior to 10.2.17, and controlled release 12.x prior to 12.0.1 allows a remote attacker to craft SWG-specific internal requests with URL paths to any third-party website, causing arbitrary content to be injected into the response when accessed through SWG. | 6.1 |
| 2022-12-16 | CVE-2022-4326 | Improper Preservation of Permissions vulnerability in Trellix Endpoint Security Improper preservation of permissions vulnerability in Trellix Endpoint Agent (xAgent) prior to V35.31.22 on Windows allows a local user with administrator privileges to bypass the product protection to uninstall the agent via incorrectly applied permissions in the removal protection functionality. | 6.0 |
| 2022-11-30 | CVE-2022-3859 | Uncontrolled Search Path Element vulnerability in Trellix Agent An uncontrolled search path vulnerability exists in Trellix Agent (TA) for Windows in versions prior to 5.7.8. | 6.7 |