CVE-2024-5957
https://notcve.org/view.php?id=CVE-2024-5957
This vulnerability allows unauthenticated remote attackers to bypass authentication and gain APIs access of the Manager. • https://thrive.trellix.com/s/article/000013870 • CWE-305: Authentication Bypass by Primary Weakness •
CVE-2024-5956
https://notcve.org/view.php?id=CVE-2024-5956
This vulnerability allows unauthenticated remote attackers to bypass authentication and gain partial data access to the vulnerable Trellix IPS Manager with garbage data in response mostly • https://thrive.trellix.com/s/article/000013870 • CWE-305: Authentication Bypass by Primary Weakness •
CVE-2024-4176
https://notcve.org/view.php?id=CVE-2024-4176
An Cross site scripting vulnerability in the EDR XConsole before this release allowed an attacker to potentially leverage an XSS/HTML-Injection using command line variables. A malicious threat actor could execute commands on the victim's browser for sending carefully crafted malicious links to the EDR XConsole end user. Una vulnerabilidad de cross-site scripting en EDR XConsole antes de esta versión permitía a un atacante aprovechar potencialmente una inyección XSS/HTML utilizando variables de línea de comando. Un actor de amenazas malicioso podría ejecutar comandos en el navegador de la víctima para enviar enlaces maliciosos cuidadosamente elaborados al usuario final de EDR XConsole. • https://thrive.trellix.com/s/article/000013455 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-6072
https://notcve.org/view.php?id=CVE-2023-6072
A cross-site scripting vulnerability in Trellix Central Management (CM) prior to 9.1.3.97129 allows a remote authenticated attacker to craft CM dashboard internal requests causing arbitrary content to be injected into the response when accessing the CM dashboard. Una vulnerabilidad de cross-site scripting en Trellix Central Management (CM) anterior a 9.1.3.97129 permite a un atacante remoto autenticado crear solicitudes internas del panel de CM, lo que provoca que se inyecte contenido arbitrario en la respuesta al acceder al panel de CM. • https://docs.trellix.com/bundle/cm_9-1-5_rn/page/UUID-fad8a50f-6f6f-e970-f418-06494a30932e.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-0310
https://notcve.org/view.php?id=CVE-2024-0310
A content-security-policy vulnerability in ENS Control browser extension prior to 10.7.0 Update 15 allows a remote attacker to alter the response header parameter setting to switch the content security policy into report-only mode, allowing an attacker to bypass the content-security-policy configuration. Una vulnerabilidad de política de seguridad de contenido en la extensión del navegador ENS Control anterior a 10.7.0 Actualización 15 permite a un atacante remoto alterar la configuración del parámetro del encabezado de respuesta para cambiar la política de seguridad de contenido al modo de solo informe, permitiendo a un atacante eludir la configuración de la política de seguridad de contenido. • https://kcm.trellix.com/corporate/index?page=content&id=SB10417 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •