VYPR

Vendor CVEs

Trend Micro

All CVEs

696 total · sorted by risk
  • CVE-2021-45231Jan 8, 2022
    risk 0.00cvss epss 0.01

    A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to create a specially crafted file with arbitrary content which could grant local…

  • CVE-2021-44024Jan 8, 2022
    risk 0.00cvss epss 0.00

    A link following denial-of-service vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. Please note: an attacker must…

  • CVE-2021-44023Dec 16, 2021
    risk 0.00cvss epss 0.00

    A link following denial-of-service (DoS) vulnerability in the Trend Micro Security (Consumer) 2021 familiy of products could allow an attacker to abuse the PC Health Checkup feature of the product to create symlinks that would allow modification of files which could lead to a…

  • CVE-2021-44022Dec 3, 2021
    risk 0.00cvss epss 0.00

    A reachable assertion vulnerability in Trend Micro Apex One could allow an attacker to crash the program on affected installations, leading to a denial-of-service (DoS). Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in…

  • CVE-2021-44021Dec 3, 2021
    risk 0.00cvss epss 0.00

    An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system…

  • CVE-2021-44020Dec 3, 2021
    risk 0.00cvss epss 0.00

    An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system…

  • CVE-2021-44019Dec 3, 2021
    risk 0.00cvss epss 0.00

    An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system…

  • CVE-2021-43772Dec 3, 2021
    risk 0.00cvss epss 0.00

    Trend Micro Security 2021 v17.0 (Consumer) contains a vulnerability that allows files inside the protected folder to be modified without any detection.

  • CVE-2021-43771Nov 30, 2021
    risk 0.00cvss epss 0.00

    Trend Micro Antivirus for Mac 2021 v11 (Consumer) is vulnerable to an improper access control privilege escalation vulnerability that could allow an attacker to establish a connection that could lead to full local privilege escalation within the application. Please note that an…

  • CVE-2021-42108Oct 21, 2021
    risk 0.00cvss epss 0.00

    Unnecessary privilege vulnerabilities in the Web Console of Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability…

  • CVE-2021-42107Oct 21, 2021
    risk 0.00cvss epss 0.00

    Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must…

  • CVE-2021-42106Oct 21, 2021
    risk 0.00cvss epss 0.00

    Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must…

  • CVE-2021-42105Oct 21, 2021
    risk 0.00cvss epss 0.00

    Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must…

  • CVE-2021-42104Oct 21, 2021
    risk 0.00cvss epss 0.00

    Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must…

  • CVE-2021-42103Oct 21, 2021
    risk 0.00cvss epss 0.00

    An uncontrolled search path element vulnerabilities in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in…

  • CVE-2021-42102Oct 21, 2021
    risk 0.00cvss epss 0.00

    An uncontrolled search path element vulnerabilities in Trend Micro Apex One and Apex One as a Service agents could allow a local attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target…

  • CVE-2021-42101Oct 21, 2021
    risk 0.00cvss epss 0.00

    An uncontrolled search path element vulnerabilities in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in…

  • CVE-2021-42012Oct 21, 2021
    risk 0.00cvss epss 0.01

    A stack-based buffer overflow vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute…

  • CVE-2021-42011Oct 21, 2021
    risk 0.00cvss epss 0.00

    An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged…

  • CVE-2021-23139Oct 21, 2021
    risk 0.00cvss epss 0.01

    A null pointer vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an attacker to crash the CGI program on affected installations.

  • CVE-2021-3848Oct 6, 2021
    risk 0.00cvss epss 0.00

    An arbitrary file creation by privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1, and Worry-Free Business Security Services could allow a local attacker to create an arbitrary file with higher privileges that…

  • CVE-2021-32466Sep 29, 2021
    risk 0.00cvss epss 0.01

    An uncontrolled search path element privilege escalation vulnerability in Trend Micro HouseCall for Home Networks version 5.3.1225 and below could allow an attacker to escalate privileges by placing a custom crafted file in a specific directory to load a malicious library.…

  • CVE-2021-36744Sep 6, 2021
    risk 0.00cvss epss 0.00

    Trend Micro Security (Consumer) 2021 and 2020 are vulnerable to a directory junction vulnerability which could allow an attacker to exploit the system to escalate privileges and create a denial of service.

  • CVE-2021-32465Aug 4, 2021
    risk 0.00cvss epss 0.04

    An incorrect permission preservation vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a remote user to perform an attack and bypass authentication on affected installations. Please note: an attacker must first obtain the ability to…

  • CVE-2021-32464Aug 4, 2021
    risk 0.00cvss epss 0.01

    An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security Services could allow an attacker to modify a specific script before it is executed. Please note: an attacker must first obtain…

  • CVE-2021-32463Jul 20, 2021
    risk 0.00cvss epss 0.00

    An incorrect permission assignment denial-of-service vulnerability in Trend Micro Apex One, Apex One as a Service (SaaS), Worry-Free Business Security 10.0 SP1 and Worry-Free Servgices could allow a local attacker to escalate privileges and delete files with system privileges on…

  • CVE-2021-32461Jul 8, 2021
    risk 0.00cvss epss 0.00

    Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Integer Truncation Privilege Escalation vulnerability which could allow a local attacker to trigger a buffer overflow and escalate privileges on affected installations. An attacker must…

  • CVE-2021-31521Jun 17, 2021
    risk 0.00cvss epss 0.01

    Trend Micro InterScan Web Security Virtual Appliance version 6.5 was found to have a reflected cross-site scripting (XSS) vulnerability in the product's Captive Portal.

  • CVE-2021-32460Jun 3, 2021
    risk 0.00cvss epss 0.00

    The Trend Micro Maximum Security 2021 (v17) consumer product is vulnerable to an improper access control vulnerability in the installer which could allow a local attacker to escalate privileges on a target machine. Please note than an attacker must already have local user…

  • CVE-2021-32459May 27, 2021
    risk 0.00cvss epss 0.01

    Trend Micro Home Network Security version 6.6.604 and earlier contains a hard-coded password vulnerability in the log collection server which could allow an attacker to use a specially crafted network request to lead to arbitrary authentication. An attacker must first obtain the…

  • CVE-2021-32458May 27, 2021
    risk 0.00cvss epss 0.00

    Trend Micro Home Network Security version 6.6.604 and earlier is vulnerable to an iotcl stack-based buffer overflow vulnerability which could allow an attacker to issue a specially crafted iotcl which could lead to code execution on affected devices. An attacker must first…

  • CVE-2021-32457May 26, 2021
    risk 0.00cvss epss 0.00

    Trend Micro Home Network Security version 6.6.604 and earlier is vulnerable to an iotcl stack-based buffer overflow vulnerability which could allow an attacker to issue a specially crafted iotcl to escalate privileges on affected devices. An attacker must first obtain the…

  • CVE-2021-31519May 12, 2021
    risk 0.00cvss epss 0.00

    An incorrect permission vulnerability in the product installer folders for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing arbitrary code on a specified folder and have that code be executed by an…

  • CVE-2021-28649May 12, 2021
    risk 0.00cvss epss 0.00

    An incorrect permission vulnerability in the product installer for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing arbitrary code on a specified folder and have that code be executed by an Administrator…

  • CVE-2021-31520May 10, 2021
    risk 0.00cvss epss 0.04

    A weak session token authentication bypass vulnerability in Trend Micro IM Security 1.6 and 1.6.5 could allow an remote attacker to guess currently logged-in administrators' session session token in order to gain access to the product's web management interface.

  • CVE-2021-31518May 5, 2021
    risk 0.00cvss epss 0.01

    Trend Micro Home Network Security 6.5.599 and earlier is vulnerable to a file-parsing vulnerability which could allow an attacker to exploit the vulnerability and cause a denial-of-service to the device. This vulnerability is similar, but not identical to CVE-2021-31517.

  • CVE-2021-31517May 5, 2021
    risk 0.00cvss epss 0.01

    Trend Micro Home Network Security 6.5.599 and earlier is vulnerable to a file-parsing vulnerability which could allow an attacker to exploit the vulnerability and cause a denial-of-service to the device. This vulnerability is similar, but not identical to CVE-2021-31518.

  • CVE-2021-28647Apr 13, 2021
    risk 0.00cvss epss 0.00

    Trend Micro Password Manager version 5 (Consumer) is vulnerable to a DLL Hijacking vulnerability which could allow an attacker to inject a malicious DLL file during the installation progress and could execute a malicious program each time a user installs a program.

  • CVE-2021-28646Apr 13, 2021
    risk 0.00cvss epss 0.00

    An insecure file permissions vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to take control of a specific log file on affected installations.

  • CVE-2021-28645Apr 13, 2021
    risk 0.00cvss epss 0.01

    An incorrect permission assignment vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged…

  • CVE-2021-25253Apr 13, 2021
    risk 0.00cvss epss 0.02

    An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a resource used by the service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain…

  • CVE-2021-25250Apr 13, 2021
    risk 0.00cvss epss 0.01

    An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a sensitive file could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to…

  • CVE-2021-25252Mar 3, 2021
    risk 0.00cvss epss 0.01

    Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.

  • CVE-2021-25251Feb 10, 2021
    risk 0.00cvss epss 0.02

    The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program's password protection and disable protection. An attacker must already have administrator privileges on the…

  • CVE-2021-25249Feb 4, 2021
    risk 0.00cvss epss 0.00

    An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to escalate privileges on affected installations. Please note: an…

  • CVE-2021-25248Feb 4, 2021
    risk 0.00cvss epss 0.01

    An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an attacker to disclose sensitive information about a named pipe. Please note: an…

  • CVE-2021-25246Feb 4, 2021
    risk 0.00cvss epss 0.02

    An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security could allow an unauthenticated user to create a bogus agent on an affected server that could be used then make…

  • CVE-2021-25245Feb 4, 2021
    risk 0.00cvss epss 0.02

    An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of settings informaiton.

  • CVE-2021-25244Feb 4, 2021
    risk 0.00cvss epss 0.02

    An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of configuration informaiton.

  • CVE-2021-25243Feb 4, 2021
    risk 0.00cvss epss 0.02

    An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain patch level information.

Page 10 of 14