Filtered by vendor Trellix
Subscribe
Total
6 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-0978 | 2 Mcafee, Trellix | 2 Advanced Threat Defense, Intelligent Sandbox | 2023-03-16 | N/A | 6.7 MEDIUM |
A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and execute arbitrary operating system commands using specially crafted strings. This vulnerability is due to insufficient validation of arguments that are passed to specific CLI command. The vulnerability allows the attack | |||||
CVE-2023-0400 | 2 Microsoft, Trellix | 2 Windows, Data Loss Prevention | 2023-02-13 | N/A | 8.2 HIGH |
The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to bypass DLP controls when uploading sensitive data from a mapped drive into a web email client. Loading from a local driver was correctly prevented. Versions prior to 11.9 correctly detected and blocked the attempted upload of sensitive data. | |||||
CVE-2023-0214 | 1 Trellix | 1 Skyhigh Secure Web Gateway | 2023-01-25 | N/A | 6.1 MEDIUM |
A cross-site scripting vulnerability in Skyhigh SWG in main releases 11.x prior to 11.2.6, 10.x prior to 10.2.17, and controlled release 12.x prior to 12.0.1 allows a remote attacker to craft SWG-specific internal requests with URL paths to any third-party website, causing arbitrary content to be injected into the response when accessed through SWG. | |||||
CVE-2022-4326 | 2 Microsoft, Trellix | 2 Windows, Endpoint Security | 2022-12-21 | N/A | 6.0 MEDIUM |
Improper preservation of permissions vulnerability in Trellix Endpoint Agent (xAgent) prior to V35.31.22 on Windows allows a local user with administrator privileges to bypass the product protection to uninstall the agent via incorrectly applied permissions in the removal protection functionality. | |||||
CVE-2022-3859 | 1 Trellix | 1 Agent | 2022-12-02 | N/A | 6.7 MEDIUM |
An uncontrolled search path vulnerability exists in Trellix Agent (TA) for Windows in versions prior to 5.7.8. This allows an attacker with admin access, which is required to place the DLL in the restricted Windows System folder, to elevate their privileges to System by placing a malicious DLL there. | |||||
CVE-2022-3340 | 1 Trellix | 1 Intrusion Prevention System Manager | 2022-11-08 | N/A | 7.2 HIGH |
XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported. |