Filtered by vendor Trendmicro
Subscribe
Total
414 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18331 | 2 Microsoft, Trendmicro | 2 Windows, Officescan | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| A Trend Micro OfficeScan XG weak file permissions vulnerability on a particular folder for a particular group may allow an attacker to alter the files, which could lead to other exploits on vulnerable installations. | |||||
| CVE-2019-14685 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus \+ Security 2019, Internet Security 2019 and 2 more | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| A local privilege escalation vulnerability exists in Trend Micro Security 2019 (v15.0) in which, if exploited, would allow an attacker to manipulate a specific product feature to load a malicious service. | |||||
| CVE-2019-15626 | 1 Trendmicro | 1 Deep Security | 2020-08-24 | 4.3 MEDIUM | 7.5 HIGH |
| The Deep Security Manager application (Versions 10.0, 11.0 and 12.0), when configured in a certain way, may transmit initial LDAP communication in clear text. This may result in confidentiality impact but does not impact integrity or availability. | |||||
| CVE-2019-19691 | 2 Microsoft, Trendmicro | 3 Windows, Apex One, Officescan | 2020-08-24 | 4.0 MEDIUM | 4.9 MEDIUM |
| A vulnerability in Trend Micro Apex One and OfficeScan XG could allow an attacker to expose a masked credential key by manipulating page elements using development tools. Note that the attacker must already have admin/root privileges on the product console to exploit this vulnerability. | |||||
| CVE-2019-18191 | 1 Trendmicro | 1 Deep Security As A Service | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| A privilege escalation vulnerability in the Trend Micro Deep Security as a Service Quick Setup cloud formation template could allow an authenticated entity with certain unrestricted AWS execution privileges to escalate to full privileges within the target AWS account. | |||||
| CVE-2019-15627 | 2 Microsoft, Trendmicro | 2 Windows, Deep Security | 2020-08-24 | 6.6 MEDIUM | 7.1 HIGH |
| Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security Agent are vulnerable to an arbitrary file delete attack, which may lead to availability impact. Local OS access is required. Please note that only Windows agents are affected. | |||||
| CVE-2018-6223 | 1 Trendmicro | 1 Email Encryption Gateway | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| A missing authentication for appliance registration vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to manipulate the registration process of the product to reset configuration parameters. | |||||
| CVE-2019-9492 | 2 Microsoft, Trendmicro | 2 Windows, Officescan | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| A DLL side-loading vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow an authenticated attacker to gain code execution and terminate the product's process - disabling endpoint protection. The attacker must have already gained authentication and have local access to the vulnerable system. | |||||
| CVE-2019-9490 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2020-08-24 | 4.0 MEDIUM | 8.8 HIGH |
| A vulnerability in Trend Micro InterScan Web Security Virtual Appliance version 6.5 SP2 could allow an non-authorized user to disclose administrative credentials. An attacker must be an authenticated user in order to exploit the vulnerability. | |||||
| CVE-2018-18330 | 1 Trendmicro | 1 Dr. Safety | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| An Address Bar Spoofing vulnerability in Trend Micro Dr. Safety for Android (Consumer) versions 3.0.1324 and below could allow an attacker to potentially trick a victim into visiting a malicious URL using address bar spoofing on the Private Browser of the app on vulnerable installations. | |||||
| CVE-2019-19697 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus \+ Security 2019, Internet Security 2019 and 2 more | 2020-08-24 | 7.2 HIGH | 6.7 MEDIUM |
| An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administrator privileges on the target machine in order to exploit the vulnerability. | |||||
| CVE-2018-18332 | 2 Microsoft, Trendmicro | 2 Windows, Officescan | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| A Trend Micro OfficeScan XG weak file permissions vulnerability may allow an attacker to potentially manipulate permissions on some key files to modify other files and folders on vulnerable installations. | |||||
| CVE-2017-11396 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2020-08-19 | 9.0 HIGH | 7.2 HIGH |
| Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the console to implement remote code injections. | |||||
| CVE-2020-8607 | 2 Microsoft, Trendmicro | 13 Windows, Antivirus Toolkit, Apex One and 10 more | 2020-08-11 | 7.2 HIGH | 6.7 MEDIUM |
| An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or potentially lead to code execution in kernel mode. An attacker must already have obtained administrator access on the target machine (either legitimately or via a separate unrelated attack) to exploit this vulnerability. | |||||
| CVE-2020-15602 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus\+ 2020, Internet Security 2020 and 2 more | 2020-07-22 | 6.9 MEDIUM | 7.8 HIGH |
| An untrusted search path remote code execution (RCE) vulnerability in the Trend Micro Secuity 2020 (v16.0.0.1146 and below) consumer family of products could allow an attacker to run arbitrary code on a vulnerable system. As the Trend Micro installer tries to load DLL files from its current directory, an arbitrary DLL could also be loaded with the same privileges as the installer if run as Administrator. User interaction is required to exploit the vulnerbaility in that the target must open a malicious directory or device. | |||||
| CVE-2020-15603 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus\+ 2020, Internet Security 2020 and 2 more | 2020-07-22 | 7.8 HIGH | 7.5 HIGH |
| An invalid memory read vulnerability in a Trend Micro Secuity 2020 (v16.0.0.1302 and below) consumer family of products' driver could allow an attacker to manipulate the specific driver to do a system call operation with an invalid address, resulting in a potential system crash. | |||||
| CVE-2020-8469 | 1 Trendmicro | 1 Password Manager | 2020-06-23 | 6.9 MEDIUM | 7.8 HIGH |
| Trend Micro Password Manager for Windows version 5.0 is affected by a DLL hijacking vulnerability would could potentially allow an attacker privleged escalation. | |||||
| CVE-2020-8603 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2020-05-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting vulnerability (XSS) in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow a remote attacker to tamper with the web interface of affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | |||||
| CVE-2019-19695 | 1 Trendmicro | 1 Antivirus | 2020-05-04 | 5.0 MEDIUM | 7.5 HIGH |
| A privilege escalation vulnerability in Trend Micro Antivirus for Mac 2019 (v9.0.1379 and below) could potentially allow an attacker to create a symbolic link to a target file and modify it. | |||||
| CVE-2020-8600 | 1 Trendmicro | 1 Worry-free Business Security | 2020-03-20 | 7.5 HIGH | 9.8 CRITICAL |
| Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected by a directory traversal vulnerability that could allow an attacker to manipulate a key file to bypass authentication. | |||||