VYPR

Trend Micro Security (Consumer) 2020

by Trend Micro

CVEs (34)

  • CVE-2019-18190CriDec 9, 2019
    risk 0.64cvss 9.8epss 0.03

    Trend Micro Security (Consumer) 2020 (v16.x) is affected by a vulnerability in where null pointer dereference errors result in the crash of application, which could potentially lead to possible unsigned code execution under certain circumstances.

  • CVE-2018-3608CriJul 6, 2018
    risk 0.64cvss 9.8epss 0.03

    A vulnerability in Trend Micro Maximum Security's (Consumer) 2018 (versions 12.0.1191 and below) User-Mode Hooking (UMH) driver could allow an attacker to create a specially crafted packet that could alter a vulnerable system in such a way that malicious code could be injected…

  • CVE-2023-28929HigJun 26, 2023
    risk 0.51cvss 7.8epss 0.00

    Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file…

  • CVE-2022-34893HigSep 19, 2022
    risk 0.51cvss 7.8epss 0.00

    Trend Micro Security 2022 (consumer) has a link following vulnerability where an attacker with lower privileges could manipulate a mountpoint which could lead to escalation of privilege on an affected machine.

  • CVE-2022-30703HigJun 9, 2022
    risk 0.51cvss 7.8epss 0.00

    Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an exposed dangerous method vulnerability that could allow an attacker to obtain access to leaked kernel addresses and disclose sensitive information. This vulnerability could also potentially be chained for…

  • CVE-2021-36744HigSep 6, 2021
    risk 0.51cvss 7.8epss 0.00

    Trend Micro Security (Consumer) 2021 and 2020 are vulnerable to a directory junction vulnerability which could allow an attacker to exploit the system to escalate privileges and create a denial of service.

  • CVE-2021-32460HigJun 3, 2021
    risk 0.51cvss 7.8epss 0.00

    The Trend Micro Maximum Security 2021 (v17) consumer product is vulnerable to an improper access control vulnerability in the installer which could allow a local attacker to escalate privileges on a target machine. Please note than an attacker must already have local user…

  • CVE-2020-27697HigNov 18, 2020
    risk 0.51cvss 7.8epss 0.01

    Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a non-protected location with high privileges (symlink attack) which can lead to obtaining administrative privileges during the…

  • CVE-2020-27696HigNov 18, 2020
    risk 0.51cvss 7.8epss 0.00

    Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a specific Windows system directory which can lead to obtaining administrative privileges during the installation of the product.

  • CVE-2020-27695HigNov 18, 2020
    risk 0.51cvss 7.8epss 0.00

    Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a local directory which can lead to obtaining administrative privileges during the installation of the product.

  • CVE-2020-15602HigJul 15, 2020
    risk 0.51cvss 7.8epss 0.01

    An untrusted search path remote code execution (RCE) vulnerability in the Trend Micro Secuity 2020 (v16.0.0.1146 and below) consumer family of products could allow an attacker to run arbitrary code on a vulnerable system. As the Trend Micro installer tries to load DLL files from…

  • CVE-2019-20357HigJan 18, 2020
    risk 0.51cvss 7.8epss 0.01

    A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a…

  • CVE-2019-15628HigDec 2, 2019
    risk 0.51cvss 7.8epss 0.01

    Trend Micro Security (Consumer) 2020 (v16.0.1221 and below) is affected by a DLL hijacking vulnerability that could allow an attacker to use a specific service as an execution and/or persistence mechanism which could execute a malicious program each time the service is started.

  • CVE-2019-14686HigAug 21, 2019
    risk 0.51cvss 7.8epss 0.01

    A DLL hijacking vulnerability exists in the Trend Micro Security's 2019 consumer family of products (v15) Folder Shield component and the standalone Trend Micro Ransom Buster (1.0) tool in which, if exploited, would allow an attacker to load a malicious DLL, leading to elevated…

  • CVE-2019-14685HigAug 21, 2019
    risk 0.51cvss 7.8epss 0.01

    A local privilege escalation vulnerability exists in Trend Micro Security 2019 (v15.0) in which, if exploited, would allow an attacker to manipulate a specific product feature to load a malicious service.

  • CVE-2018-18333HigFeb 5, 2019
    risk 0.51cvss 7.8epss 0.02

    A DLL hijacking vulnerability in Trend Micro Security 2019 (Consumer) versions below 15.0.0.1163 and below could allow an attacker to manipulate a specific DLL and escalate privileges on vulnerable installations.

  • CVE-2018-15363HigAug 30, 2018
    risk 0.51cvss 7.8epss 0.00

    An Out-of-Bounds Read Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target…

  • CVE-2018-10514HigAug 30, 2018
    risk 0.51cvss 7.8epss 0.00

    A Missing Impersonation Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target…

  • CVE-2018-10513HigAug 30, 2018
    risk 0.51cvss 7.8epss 0.01

    A Deserialization of Untrusted Data Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on…

  • CVE-2020-24560HigSep 24, 2020
    risk 0.49cvss 7.5epss 0.02

    An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of…

Page 1 of 2