Filtered by vendor Trellix
Subscriptions
Total
27 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-5607 | 1 Trellix | 1 Application And Change Control | 2024-11-21 | 8.4 High |
| An improper limitation of a path name to a restricted directory (path traversal) vulnerability in the TACC ePO extension, for on-premises ePO servers, prior to version 8.4.0 could lead to an authorised administrator attacker executing arbitrary code through uploading a specially crafted GTI reputation file. The attacker would need the appropriate privileges to access the relevant section of the User Interface. The import logic has been updated to restrict file types and content. | ||||
| CVE-2023-4814 | 1 Trellix | 1 Data Loss Prevention | 2024-11-21 | 7.1 High |
| A Privilege escalation vulnerability exists in Trellix Windows DLP endpoint for windows which can be abused to delete any file/folder for which the user does not have permission to. | ||||
| CVE-2023-3665 | 1 Trellix | 1 Endpoint Security | 2024-11-21 | 5.5 Medium |
| A code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a local user to disable the ENS AMSI component via environment variables, leading to denial of service and or the execution of arbitrary code. | ||||
| CVE-2023-3438 | 1 Trellix | 1 Move | 2024-11-21 | 4.4 Medium |
| An unquoted Windows search path vulnerability existed in the install the MOVE 4.10.x and earlier Windows install service (mvagtsce.exe). The misconfiguration allowed an unauthorized local user to insert arbitrary code into the unquoted service path to obtain privilege escalation and stop antimalware services. | ||||
| CVE-2023-3314 | 1 Trellix | 1 Enterprise Security Manager | 2024-11-21 | 8.1 High |
| A vulnerability arises out of a failure to comprehensively sanitize the processing of a zip file(s). Incomplete neutralization of external commands used to control the process execution of the .zip application allows an authorized user to obtain control of the .zip application to execute arbitrary commands or obtain elevation of system privileges. | ||||
| CVE-2024-5956 | 1 Trellix | 1 Intrusion Prevention System Manager | 2024-09-06 | 6.5 Medium |
| This vulnerability allows unauthenticated remote attackers to bypass authentication and gain partial data access to the vulnerable Trellix IPS Manager with garbage data in response mostly | ||||
| CVE-2024-5957 | 1 Trellix | 1 Intrusion Prevention System Manager | 2024-09-06 | 6.3 Medium |
| This vulnerability allows unauthenticated remote attackers to bypass authentication and gain APIs access of the Manager. | ||||