Filtered by vendor Trellix Subscriptions
Total 27 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-0400 2 Microsoft, Trellix 2 Windows, Data Loss Prevention 2024-11-21 5.9 Medium
The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to bypass DLP controls when uploading sensitive data from a mapped drive into a web email client. Loading from a local driver was correctly prevented. Versions prior to 11.9 correctly detected and blocked the attempted upload of sensitive data.
CVE-2023-0214 1 Trellix 1 Skyhigh Secure Web Gateway 2024-11-21 6.1 Medium
A cross-site scripting vulnerability in Skyhigh SWG in main releases 11.x prior to 11.2.6, 10.x prior to 10.2.17, and controlled release 12.x prior to 12.0.1 allows a remote attacker to craft SWG-specific internal requests with URL paths to any third-party website, causing arbitrary content to be injected into the response when accessed through SWG.
CVE-2022-4326 2 Microsoft, Trellix 2 Windows, Endpoint Security 2024-11-21 5.5 Medium
Improper preservation of permissions vulnerability in Trellix Endpoint Agent (xAgent) prior to V35.31.22 on Windows allows a local user with administrator privileges to bypass the product protection to uninstall the agent via incorrectly applied permissions in the removal protection functionality.
CVE-2022-3859 1 Trellix 1 Agent 2024-11-21 6.7 Medium
An uncontrolled search path vulnerability exists in Trellix Agent (TA) for Windows in versions prior to 5.7.8. This allows an attacker with admin access, which is required to place the DLL in the restricted Windows System folder, to elevate their privileges to System by placing a malicious DLL there.
CVE-2022-3340 1 Trellix 1 Intrusion Prevention System Manager 2024-11-21 5.9 Medium
XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported.
CVE-2024-5956 1 Trellix 1 Intrusion Prevention System Manager 2024-09-06 6.5 Medium
This vulnerability allows unauthenticated remote attackers to bypass authentication and gain partial data access to the vulnerable Trellix IPS Manager with garbage data in response mostly
CVE-2024-5957 1 Trellix 1 Intrusion Prevention System Manager 2024-09-06 6.3 Medium
This vulnerability allows unauthenticated remote attackers to bypass authentication and gain APIs access of the Manager.