Vulnerabilities in Trellix
52 resultsCVE-2024-11482CRITICALA vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API and enables remote code execution through commaEPSS 2.5%CVE-2023-5607HIGH
An improper limitation of a path name to a restricted directory (path traversal) vulnerability in the TACC ePO extension, for on-premises eEPSS 0.9%CVE-2024-5671CRITICALInsecure Deserialization in some workflows of the IPS Manager allows unauthenticated remote attackers to perform arbitrary code execution anEPSS 0.9%CVE-2023-3314HIGH
A vulnerability arises out of a failure to comprehensively sanitize the processing of a zip file(s). Incomplete neutralization of external EPSS 0.9%CVE-2023-6071HIGH
An Improper Neutralization of Special Elements used in a command vulnerability in ESM prior to version 11.6.9 allows a remote administratorEPSS 0.9%CVE-2024-9678MEDIUMAn SQL Injection vulnerability existed in DLP Extension 11.11.1.3. The vulnerability allowed an attacker to perform arbitrary SQL queries pEPSS 0.7%CVE-2022-2330MEDIUMXXE vulnerability in DLP Endpoint for WindowsEPSS 0.7%CVE-2023-0976MEDIUM
A command Injection Vulnerability in TA for mac-OS prior to version 5.7.9 allows local users to place an arbitrary file into the /Library/TEPSS 0.6%CVE-2025-0618MEDIUMA malicious third party could invoke a persistent denial of service vulnerability in FireEye EDR agent by sending a specially-crafted tamperEPSS 0.6%CVE-2023-1388MEDIUM
A heap-based overflow vulnerability in TA prior to version 5.7.9 allows a remote user to alter the page heap in the macmnsvc process memoryEPSS 0.6%CVE-2022-3339MEDIUMReflected XSS in Trellix ePO serverEPSS 0.6%CVE-2022-3340MEDIUMTrellix IPS Manager vulnerable to XXEEPSS 0.5%CVE-2023-0977MEDIUM
A heap-based overflow vulnerability in Trellix Agent (Windows and Linux) version 5.7.8 and earlier, allows a remote user to alter the page EPSS 0.5%CVE-2023-3313HIGH
An OS common injection vulnerability exists in the ESM certificate API, whereby incorrectly neutralized special elements may have allowed aEPSS 0.5%CVE-2023-3946MEDIUM
A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 SP1 Update 1allows a remote unauthenticated attacker to potentialEPSS 0.5%CVE-2022-3338MEDIUMXXE in Trellix ePO serverEPSS 0.5%CVE-2024-11481HIGHA vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API. This leads to improper handling of path traverEPSS 0.4%CVE-2024-0310MEDIUM
A content-security-policy vulnerability in ENS Control browser extension prior to 10.7.0 Update 15 allows a remote attacker to alter the reEPSS 0.4%CVE-2023-0400MEDIUM
The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to bypass DLP contEPSS 0.4%CVE-2023-5445MEDIUM
An open redirect vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2, allows a remote low privileged user to modify the URL EPSS 0.4%