VYPR

Vendor CVEs

Trend Micro

All CVEs

696 total · sorted by risk
  • CVE-2021-25241Feb 4, 2021
    risk 0.00cvss epss 0.02

    A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a sweep.

  • CVE-2021-25242Feb 4, 2021
    risk 0.00cvss epss 0.02

    An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain version and build information.

  • CVE-2021-25240Feb 4, 2021
    risk 0.00cvss epss 0.02

    An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain x64 agent hofitx information.

  • CVE-2021-25238Feb 4, 2021
    risk 0.00cvss epss 0.02

    An improper access control information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about an agent's managing port.

  • CVE-2021-25239Feb 4, 2021
    risk 0.00cvss epss 0.02

    An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about x86 agent hotfixes.

  • CVE-2021-25237Feb 4, 2021
    risk 0.00cvss epss 0.02

    An improper access control vulnerability in Trend Micro Apex One (on-prem) could allow an unauthenticated user to obtain information about the managing port used by agents.

  • CVE-2021-25236Feb 4, 2021
    risk 0.00cvss epss 0.02

    A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a specific sweep.

  • CVE-2021-25235Feb 4, 2021
    risk 0.00cvss epss 0.02

    An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about a content inspection configuration file.

  • CVE-2021-25234Feb 4, 2021
    risk 0.00cvss epss 0.02

    An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific notification configuration file.

  • CVE-2021-25233Feb 4, 2021
    risk 0.00cvss epss 0.02

    An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific configuration download file.

  • CVE-2021-25232Feb 4, 2021
    risk 0.00cvss epss 0.02

    An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the SQL database.

  • CVE-2021-25231Feb 4, 2021
    risk 0.00cvss epss 0.02

    An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific hotfix history file.

  • CVE-2021-25230Feb 4, 2021
    risk 0.00cvss epss 0.02

    An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the contents of a scan connection exception file.

  • CVE-2021-25228Feb 4, 2021
    risk 0.00cvss epss 0.02

    An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about hotfix history.

  • CVE-2021-25229Feb 4, 2021
    risk 0.00cvss epss 0.02

    An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the database server.

  • CVE-2021-25227Feb 4, 2021
    risk 0.00cvss epss 0.00

    Trend Micro Antivirus for Mac 2021 (Consumer) is vulnerable to a memory exhaustion vulnerability that could lead to disabling all the scanning functionality within the application. Please note: an attacker must first obtain the ability to execute low-privileged code on the…

  • CVE-2021-25247Jan 27, 2021
    risk 0.00cvss epss 0.01

    A DLL hijacking vulnerability Trend Micro HouseCall for Home Networks version 5.3.1063 and below could allow an attacker to use a malicious DLL to escalate privileges and perform arbitrary code execution. An attacker must already have user privileges on the machine to exploit…

  • CVE-2021-25226Jan 27, 2021
    risk 0.00cvss epss 0.00

    A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a scan engine component. An attacker must first obtain…

  • CVE-2021-25225Jan 27, 2021
    risk 0.00cvss epss 0.00

    A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a scheduled scan component. An attacker must first obtain…

  • CVE-2021-25224Jan 27, 2021
    risk 0.00cvss epss 0.00

    A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a manual scan component. An attacker must first obtain…

  • CVE-2020-8465Dec 17, 2020
    risk 0.00cvss epss 0.03

    A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and authentication bypass (CVE-2020-8464) to execute code as user root.

  • CVE-2020-8464Dec 17, 2020
    risk 0.00cvss epss 0.06

    A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access.

  • CVE-2020-8463Dec 17, 2020
    risk 0.00cvss epss 0.06

    A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to bypass a global authorization check for anonymous users by manipulating request paths.

  • CVE-2020-8462Dec 17, 2020
    risk 0.00cvss epss 0.01

    A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product.

  • CVE-2020-8461Dec 17, 2020
    risk 0.00cvss epss 0.01

    A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim's browser to send a specifically encoded request without requiring a valid CSRF token.

  • CVE-2020-27010Dec 17, 2020
    risk 0.00cvss epss 0.01

    A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product in a manner separate from the similar CVE-2020-8462.

  • CVE-2020-28583Dec 1, 2020
    risk 0.00cvss epss 0.03

    An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version, build and patch information.

  • CVE-2020-28582Dec 1, 2020
    risk 0.00cvss epss 0.03

    An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of managed agents.

  • CVE-2020-28575Dec 1, 2020
    risk 0.00cvss epss 0.01

    A heap-based buffer overflow privilege escalation vulnerability in Trend Micro ServerProtect for Linux 3.0 may allow an attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute high-privileged code on the target in order to…

  • CVE-2020-28576Dec 1, 2020
    risk 0.00cvss epss 0.03

    An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version and build information.

  • CVE-2020-28577Dec 1, 2020
    risk 0.00cvss epss 0.03

    An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names.

  • CVE-2020-28573Dec 1, 2020
    risk 0.00cvss epss 0.03

    An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal the total agents managed by the server.

  • CVE-2020-28574Nov 18, 2020
    risk 0.00cvss epss 0.03

    A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-Free Business Security 10 SP1 could allow an unauthenticated attacker to exploit the vulnerability and modify or delete arbitrary files on the product's management console.

  • CVE-2020-28572Nov 18, 2020
    risk 0.00cvss epss 0.00

    A vulnerability in Trend Micro Apex One could allow an unprivileged user to abuse the product installer to reinstall the agent with additional malicious code in the context of a higher privilege.

  • CVE-2020-27697Nov 18, 2020
    risk 0.00cvss epss 0.01

    Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a non-protected location with high privileges (symlink attack) which can lead to obtaining administrative privileges during the…

  • CVE-2020-27695Nov 18, 2020
    risk 0.00cvss epss 0.00

    Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a local directory which can lead to obtaining administrative privileges during the installation of the product.

  • CVE-2020-27696Nov 18, 2020
    risk 0.00cvss epss 0.00

    Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a specific Windows system directory which can lead to obtaining administrative privileges during the installation of the product.

  • CVE-2020-7962Nov 13, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in One Identity Password Manager 5.8. An attacker could enumerate valid answers for a user. It is possible for an attacker to detect a valid answer based on the HTTP response content, and reuse this answer later for a password reset on a chosen password.…

  • CVE-2020-27694Nov 9, 2020
    risk 0.00cvss epss 0.07

    Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 has updated a specific critical library that may vulnerable to attack.

  • CVE-2020-27693Nov 9, 2020
    risk 0.00cvss epss 0.02

    Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 stores administrative passwords using a hash that is considered outdated.

  • CVE-2020-27019Nov 9, 2020
    risk 0.00cvss epss 0.18

    Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an information disclosure vulnerability which could allow an attacker to access a specific database and key.

  • CVE-2020-27017Nov 9, 2020
    risk 0.00cvss epss 0.06

    Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an XML External Entity Processing (XXE) vulnerability which could allow an authenticated administrator to read arbitrary local files. An attacker must already have obtained product…

  • CVE-2020-27018Nov 9, 2020
    risk 0.00cvss epss 0.03

    Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a server side request forgery vulnerability which could allow an authenticated attacker to abuse the product's web server and grant access to web resources or parts of local files. An…

  • CVE-2020-27016Nov 9, 2020
    risk 0.00cvss epss 0.02

    Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a cross-site request forgery (CSRF) vulnerability which could allow an attacker to modify policy rules by tricking an authenticated administrator into accessing an attacker-controlled web…

  • CVE-2020-27015Oct 29, 2020
    risk 0.00cvss epss 0.01

    Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland. An attacker must first obtain the ability to execute high-privileged code on the…

  • CVE-2020-27014Oct 29, 2020
    risk 0.00cvss epss 0.00

    Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash.\n\n\r\nAn attacker must first obtain the ability to execute…

  • CVE-2020-25778Oct 14, 2020
    risk 0.00cvss epss 0.01

    Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in a specific kernel extension where an attacker could supply a kernel pointer and leak several bytes of memory. An attacker must first obtain the ability to execute high-privileged code on the target system in…

  • CVE-2020-27013Oct 14, 2020
    risk 0.00cvss epss 0.00

    Trend Micro Antivirus for Mac 2020 (Consumer) contains a vulnerability in the product that occurs when a webserver is started that implements an API with several properties that can be read and written to allowing the attacker to gather and modify sensitive product and user…

  • CVE-2020-25777Oct 14, 2020
    risk 0.00cvss epss 0.01

    Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a specific kernel extension request attack where an attacker could bypass the Web Threat Protection feature of the product. User interaction is required to exploit this vulnerability in that the target must visit a…

  • CVE-2020-25779Oct 13, 2020
    risk 0.00cvss epss 0.01

    Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in which a Internationalized Domain Name homograph attack (Puny-code) could be used to add a malicious website to the approved websites list of Trend Micro Antivirus for Mac to bypass the web threat protection…

Page 11 of 14