Filtered by vendor Trendmicro
Subscribe
Search
Total
364 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-25242 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Officescan and 1 more | 2021-02-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain version and build information. | |||||
| CVE-2021-25243 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Officescan and 1 more | 2021-02-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain patch level information. | |||||
| CVE-2021-25247 | 2 Microsoft, Trendmicro | 2 Windows, Housecall For Home Networks | 2021-02-03 | 4.4 MEDIUM | 7.8 HIGH |
| A DLL hijacking vulnerability Trend Micro HouseCall for Home Networks version 5.3.1063 and below could allow an attacker to use a malicious DLL to escalate privileges and perform arbitrary code execution. An attacker must already have user privileges on the machine to exploit this vulnerability. | |||||
| CVE-2021-25224 | 1 Trendmicro | 1 Serverprotect | 2021-02-01 | 2.1 LOW | 5.5 MEDIUM |
| A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a manual scan component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2021-25225 | 1 Trendmicro | 1 Serverprotect | 2021-02-01 | 2.1 LOW | 5.5 MEDIUM |
| A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a scheduled scan component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2021-25226 | 1 Trendmicro | 1 Serverprotect | 2021-02-01 | 2.1 LOW | 5.5 MEDIUM |
| A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a scan engine component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2020-8464 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2020-12-22 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access. | |||||
| CVE-2020-27010 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2020-12-21 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product in a manner separate from the similar CVE-2020-8462. | |||||
| CVE-2020-8462 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2020-12-21 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product. | |||||
| CVE-2020-8461 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2020-12-21 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim's browser to send a specifically encoded request without requiring a valid CSRF token. | |||||
| CVE-2018-10511 | 1 Trendmicro | 1 Control Manager | 2020-12-08 | 6.4 MEDIUM | 10.0 CRITICAL |
| A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request forgery (SSRF) attack on vulnerable installations. | |||||
| CVE-2020-28579 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2020-12-02 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges. | |||||
| CVE-2020-28574 | 1 Trendmicro | 1 Worry-free Business Security | 2020-12-02 | 6.4 MEDIUM | 7.5 HIGH |
| A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-Free Business Security 10 SP1 could allow an unauthenticated attacker to exploit the vulnerability and modify or delete arbitrary files on the product's management console. | |||||
| CVE-2020-27696 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus\+ Security 2020, Internet Security 2020 and 2 more | 2020-12-02 | 6.9 MEDIUM | 7.8 HIGH |
| Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a specific Windows system directory which can lead to obtaining administrative privileges during the installation of the product. | |||||
| CVE-2020-28575 | 1 Trendmicro | 1 Serverprotect | 2020-12-02 | 4.6 MEDIUM | 6.7 MEDIUM |
| A heap-based buffer overflow privilege escalation vulnerability in Trend Micro ServerProtect for Linux 3.0 may allow an attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute high-privileged code on the target in order to exploit this vulnerability. | |||||
| CVE-2020-27695 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus\+ Security 2020, Internet Security 2020 and 2 more | 2020-12-01 | 6.9 MEDIUM | 7.8 HIGH |
| Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a local directory which can lead to obtaining administrative privileges during the installation of the product. | |||||
| CVE-2020-28578 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2020-11-30 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges. | |||||
| CVE-2020-28581 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2020-11-28 | 9.0 HIGH | 7.2 HIGH |
| A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges. | |||||
| CVE-2020-28580 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2020-11-28 | 9.0 HIGH | 7.2 HIGH |
| A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges. | |||||
| CVE-2020-27016 | 2 Microsoft, Trendmicro | 2 Windows, Interscan Messaging Security Virtual Appliance | 2020-11-24 | 6.8 MEDIUM | 8.8 HIGH |
| Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a cross-site request forgery (CSRF) vulnerability which could allow an attacker to modify policy rules by tricking an authenticated administrator into accessing an attacker-controlled web page. An attacker must already have obtained product administrator/root privileges to exploit this vulnerability. | |||||
| CVE-2020-27018 | 2 Microsoft, Trendmicro | 2 Windows, Interscan Messaging Security Virtual Appliance | 2020-11-24 | 2.1 LOW | 5.5 MEDIUM |
| Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a server side request forgery vulnerability which could allow an authenticated attacker to abuse the product's web server and grant access to web resources or parts of local files. An attacker must already have obtained authenticated privileges on the product to exploit this vulnerability. | |||||
| CVE-2020-27693 | 2 Microsoft, Trendmicro | 2 Windows, Interscan Messaging Security Virtual Appliance | 2020-11-24 | 2.1 LOW | 4.4 MEDIUM |
| Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 stores administrative passwords using a hash that is considered outdated. | |||||
| CVE-2020-27694 | 2 Microsoft, Trendmicro | 2 Windows, Interscan Messaging Security Virtual Appliance | 2020-11-24 | 6.5 MEDIUM | 8.8 HIGH |
| Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 has updated a specific critical library that may vulnerable to attack. | |||||
| CVE-2020-27014 | 1 Trendmicro | 1 Antivirus | 2020-11-05 | 6.9 MEDIUM | 6.4 MEDIUM |
| Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash.\n\n\r\nAn attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2020-27015 | 1 Trendmicro | 1 Antivirus | 2020-11-05 | 2.1 LOW | 4.4 MEDIUM |
| Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2020-27013 | 1 Trendmicro | 1 Antivirus | 2020-10-26 | 3.6 LOW | 4.4 MEDIUM |
| Trend Micro Antivirus for Mac 2020 (Consumer) contains a vulnerability in the product that occurs when a webserver is started that implements an API with several properties that can be read and written to allowing the attacker to gather and modify sensitive product and user data. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2020-25777 | 1 Trendmicro | 1 Antivirus | 2020-10-26 | 5.8 MEDIUM | 5.4 MEDIUM |
| Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a specific kernel extension request attack where an attacker could bypass the Web Threat Protection feature of the product. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | |||||
| CVE-2020-25774 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2020-10-09 | 4.3 MEDIUM | 4.3 MEDIUM |
| A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to trigger an out-of-bounds red information disclosure which would disclose sensitive information to an unprivileged account. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | |||||
| CVE-2020-25775 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus\+ 2020, Internet Security 2020 and 2 more | 2020-10-07 | 6.3 MEDIUM | 6.3 MEDIUM |
| The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product's secure erase feature to delete files with a higher set of privileges. | |||||
| CVE-2019-19688 | 1 Trendmicro | 1 Housecall For Home Networks | 2020-10-07 | 4.4 MEDIUM | 7.8 HIGH |
| A privilege escalation vulnerability in Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited allowing an attacker to place a malicious DLL file into the application directory and elevate privileges. | |||||
| CVE-2020-25773 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2020-10-02 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to execute arbitrary code on affected products. User interaction is required to exploit this vulnerability in that the target must import a corrupted configuration file. | |||||
| CVE-2020-24564 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2020-10-02 | 2.1 LOW | 5.5 MEDIUM |
| An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24565 and CVE-2020-25770. | |||||
| CVE-2020-24565 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2020-10-02 | 2.1 LOW | 5.5 MEDIUM |
| An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25770. | |||||
| CVE-2020-25770 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2020-10-02 | 2.1 LOW | 5.5 MEDIUM |
| An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25771. | |||||
| CVE-2020-25771 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2020-10-02 | 2.1 LOW | 5.5 MEDIUM |
| An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25770. | |||||
| CVE-2020-25772 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2020-10-02 | 2.1 LOW | 5.5 MEDIUM |
| An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25771. | |||||
| CVE-2020-24560 | 2 Microsoft, Trendmicro | 6 Windows, Antivirus\+ 2019, Internet Security 2019 and 3 more | 2020-09-30 | 5.0 MEDIUM | 7.5 HIGH |
| An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CWE-295: Improper server certificate verification in the communication with the update server. | |||||
| CVE-2020-24561 | 1 Trendmicro | 1 Serverprotect | 2020-09-24 | 9.0 HIGH | 9.1 CRITICAL |
| A command injection vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow an attacker to execute arbitrary code on an affected system. An attacker must first obtain admin/root privileges on the SPLX console to exploit this vulnerability. | |||||
| CVE-2020-15605 | 2 Microsoft, Trendmicro | 3 Windows, Deep Security Manager, Vulnerability Protection | 2020-09-03 | 5.1 MEDIUM | 8.1 HIGH |
| If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Vulnerability Protection 2.0 SP2 could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling multi-factor authentication prevents this attack. Installations using manager native authentication or SAML authentication are not impacted by this vulnerability. | |||||
| CVE-2020-15601 | 2 Microsoft, Trendmicro | 3 Windows, Deep Security Manager, Vulnerability Protection | 2020-09-03 | 5.1 MEDIUM | 8.1 HIGH |
| If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Deep Security 10.x-12.x could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling multi-factor authentication prevents this attack. Installations using manager native authentication or SAML authentication are not impacted by this vulnerability. | |||||
| CVE-2019-9490 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2020-08-24 | 4.0 MEDIUM | 8.8 HIGH |
| A vulnerability in Trend Micro InterScan Web Security Virtual Appliance version 6.5 SP2 could allow an non-authorized user to disclose administrative credentials. An attacker must be an authenticated user in order to exploit the vulnerability. | |||||
| CVE-2018-18330 | 1 Trendmicro | 1 Dr. Safety | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| An Address Bar Spoofing vulnerability in Trend Micro Dr. Safety for Android (Consumer) versions 3.0.1324 and below could allow an attacker to potentially trick a victim into visiting a malicious URL using address bar spoofing on the Private Browser of the app on vulnerable installations. | |||||
| CVE-2018-18331 | 2 Microsoft, Trendmicro | 2 Windows, Officescan | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| A Trend Micro OfficeScan XG weak file permissions vulnerability on a particular folder for a particular group may allow an attacker to alter the files, which could lead to other exploits on vulnerable installations. | |||||
| CVE-2018-18332 | 2 Microsoft, Trendmicro | 2 Windows, Officescan | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| A Trend Micro OfficeScan XG weak file permissions vulnerability may allow an attacker to potentially manipulate permissions on some key files to modify other files and folders on vulnerable installations. | |||||
| CVE-2018-6223 | 1 Trendmicro | 1 Email Encryption Gateway | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| A missing authentication for appliance registration vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to manipulate the registration process of the product to reset configuration parameters. | |||||
| CVE-2019-14685 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus \+ Security 2019, Internet Security 2019 and 2 more | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| A local privilege escalation vulnerability exists in Trend Micro Security 2019 (v15.0) in which, if exploited, would allow an attacker to manipulate a specific product feature to load a malicious service. | |||||
| CVE-2019-15626 | 1 Trendmicro | 1 Deep Security | 2020-08-24 | 4.3 MEDIUM | 7.5 HIGH |
| The Deep Security Manager application (Versions 10.0, 11.0 and 12.0), when configured in a certain way, may transmit initial LDAP communication in clear text. This may result in confidentiality impact but does not impact integrity or availability. | |||||
| CVE-2019-15627 | 2 Microsoft, Trendmicro | 2 Windows, Deep Security | 2020-08-24 | 6.6 MEDIUM | 7.1 HIGH |
| Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security Agent are vulnerable to an arbitrary file delete attack, which may lead to availability impact. Local OS access is required. Please note that only Windows agents are affected. | |||||
| CVE-2019-18191 | 1 Trendmicro | 1 Deep Security As A Service | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| A privilege escalation vulnerability in the Trend Micro Deep Security as a Service Quick Setup cloud formation template could allow an authenticated entity with certain unrestricted AWS execution privileges to escalate to full privileges within the target AWS account. | |||||
| CVE-2019-19691 | 2 Microsoft, Trendmicro | 3 Windows, Apex One, Officescan | 2020-08-24 | 4.0 MEDIUM | 4.9 MEDIUM |
| A vulnerability in Trend Micro Apex One and OfficeScan XG could allow an attacker to expose a masked credential key by manipulating page elements using development tools. Note that the attacker must already have admin/root privileges on the product console to exploit this vulnerability. | |||||