Filtered by vendor Trendmicro
Subscribe
Total
414 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8467 | 1 Trendmicro | 2 Apex One, Officescan | 2020-03-20 | 6.5 MEDIUM | 8.8 HIGH |
| A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE). An attempted attack requires user authentication. | |||||
| CVE-2019-14688 | 2 Microsoft, Trendmicro | 9 Windows, Control Manager, Endpoint Sensor and 6 more | 2020-03-04 | 5.1 MEDIUM | 7.0 HIGH |
| Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation. The vulnerability was found to ONLY be exploitable during an initial product installation by an authorized user. The attacker must convince the target to download malicious DLL locally which must be present when the installer is run. | |||||
| CVE-2020-8601 | 2 Microsoft, Trendmicro | 2 Windows, Vulnerability Protection | 2020-02-25 | 4.6 MEDIUM | 7.8 HIGH |
| Trend Micro Vulnerability Protection 2.0 is affected by a vulnerability that could allow an attack to use the product installer to load other DLL files located in the same directory. | |||||
| CVE-2019-19692 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2020-01-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Trend Micro Apex One (2019) is affected by a cross-site scripting (XSS) vulnerability on the product console. Note that the Japanese version of the product is NOT affected. | |||||
| CVE-2019-19690 | 2 Google, Trendmicro | 2 Android, Mobile Security | 2019-12-28 | 7.5 HIGH | 9.8 CRITICAL |
| Trend Micro Mobile Security for Android (Consumer) versions 10.3.1 and below on Android 8.0+ has an issue in which an attacker could bypass the product's App Password Protection feature. | |||||
| CVE-2019-15628 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus \+ Security 2020, Internet Security 2020 and 2 more | 2019-12-13 | 6.9 MEDIUM | 7.8 HIGH |
| Trend Micro Security (Consumer) 2020 (v16.0.1221 and below) is affected by a DLL hijacking vulnerability that could allow an attacker to use a specific service as an execution and/or persistence mechanism which could execute a malicious program each time the service is started. | |||||
| CVE-2019-18190 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus\+ Security 2020, Internet Security 2020 and 2 more | 2019-12-12 | 7.5 HIGH | 9.8 CRITICAL |
| Trend Micro Security (Consumer) 2020 (v16.x) is affected by a vulnerability in where null pointer dereference errors result in the crash of application, which could potentially lead to possible unsigned code execution under certain circumstances. | |||||
| CVE-2019-18189 | 1 Trendmicro | 3 Apex One, Officescan, Worry-free Business Security | 2019-11-05 | 10.0 HIGH | 9.8 CRITICAL |
| A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulnerability does not require authentication. | |||||
| CVE-2019-18187 | 2 Microsoft, Trendmicro | 2 Windows, Officescan | 2019-10-31 | 5.0 MEDIUM | 7.5 HIGH |
| Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to a web service account, which depending on the web platform used may have restricted permissions. An attempted attack requires user authentication. | |||||
| CVE-2018-3609 | 1 Trendmicro | 1 Interscan Messaging Security Virtual Appliance | 2019-10-09 | 4.3 MEDIUM | 8.1 HIGH |
| A vulnerability in the Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 9.1 management portal could allow an unauthenticated user to access sensitive information in a particular log file that could be used to bypass authentication on vulnerable installations. | |||||
| CVE-2017-14095 | 1 Trendmicro | 1 Smart Protection Server | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a local file inclusion on a vulnerable system. | |||||
| CVE-2017-14094 | 1 Trendmicro | 1 Smart Protection Server | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a cron job injection on a vulnerable system. | |||||
| CVE-2017-11398 | 1 Trendmicro | 1 Smart Protection Server | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system. | |||||
| CVE-2017-11381 | 1 Trendmicro | 1 Deep Discovery Director | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulnerability exists in Trend Micro Deep Discovery Director 1.1 that allows an attacker to restore accounts that can access the pre-configuration console. | |||||
| CVE-2018-6232 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus\+, Internet Security and 2 more | 2019-10-02 | 7.2 HIGH | 7.8 HIGH |
| A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x22205C by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2018-6231 | 1 Trendmicro | 1 Smart Protection Server | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| A server auth command injection authentication bypass vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.3 and below could allow remote attackers to escalate privileges on vulnerable installations. | |||||
| CVE-2017-11382 | 1 Trendmicro | 1 Deep Discovery Email Inspector | 2019-10-02 | 6.4 MEDIUM | 7.5 HIGH |
| Denial of Service vulnerability in Trend Micro Deep Discovery Email Inspector 2.5.1 allows remote attackers to delete arbitrary files on vulnerable installations, thus disabling the service. Formerly ZDI-CAN-4350. | |||||
| CVE-2017-14083 | 1 Trendmicro | 1 Officescan | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote unauthenticated users who can access the system to download the OfficeScan encryption file. | |||||
| CVE-2017-14084 | 1 Trendmicro | 1 Officescan | 2019-10-02 | 6.8 MEDIUM | 8.1 HIGH |
| A potential Man-in-the-Middle (MitM) attack vulnerability in Trend Micro OfficeScan 11.0 and XG may allow attackers to execute arbitrary code on vulnerable installations. | |||||
| CVE-2018-10359 | 1 Trendmicro | 1 Officescan | 2019-10-02 | 5.4 MEDIUM | 6.3 MEDIUM |
| A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x220078 in the TMWFP driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||