Vendor CVEs
Trend Micro
All CVEs
696 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-25241 | 0.00 | — | 0.02 | Feb 4, 2021 | A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a sweep. | |||
| CVE-2021-25242 | 0.00 | — | 0.02 | Feb 4, 2021 | An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain version and build information. | |||
| CVE-2021-25240 | 0.00 | — | 0.02 | Feb 4, 2021 | An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain x64 agent hofitx information. | |||
| CVE-2021-25238 | 0.00 | — | 0.02 | Feb 4, 2021 | An improper access control information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about an agent's managing port. | |||
| CVE-2021-25239 | 0.00 | — | 0.02 | Feb 4, 2021 | An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about x86 agent hotfixes. | |||
| CVE-2021-25237 | 0.00 | — | 0.02 | Feb 4, 2021 | An improper access control vulnerability in Trend Micro Apex One (on-prem) could allow an unauthenticated user to obtain information about the managing port used by agents. | |||
| CVE-2021-25236 | 0.00 | — | 0.02 | Feb 4, 2021 | A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a specific sweep. | |||
| CVE-2021-25235 | 0.00 | — | 0.02 | Feb 4, 2021 | An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about a content inspection configuration file. | |||
| CVE-2021-25234 | 0.00 | — | 0.02 | Feb 4, 2021 | An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific notification configuration file. | |||
| CVE-2021-25233 | 0.00 | — | 0.02 | Feb 4, 2021 | An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific configuration download file. | |||
| CVE-2021-25232 | 0.00 | — | 0.02 | Feb 4, 2021 | An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the SQL database. | |||
| CVE-2021-25231 | 0.00 | — | 0.02 | Feb 4, 2021 | An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific hotfix history file. | |||
| CVE-2021-25230 | 0.00 | — | 0.02 | Feb 4, 2021 | An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the contents of a scan connection exception file. | |||
| CVE-2021-25228 | 0.00 | — | 0.02 | Feb 4, 2021 | An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about hotfix history. | |||
| CVE-2021-25229 | 0.00 | — | 0.02 | Feb 4, 2021 | An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the database server. | |||
| CVE-2021-25227 | 0.00 | — | 0.00 | Feb 4, 2021 | Trend Micro Antivirus for Mac 2021 (Consumer) is vulnerable to a memory exhaustion vulnerability that could lead to disabling all the scanning functionality within the application. Please note: an attacker must first obtain the ability to execute low-privileged code on the… | |||
| CVE-2021-25247 | 0.00 | — | 0.01 | Jan 27, 2021 | A DLL hijacking vulnerability Trend Micro HouseCall for Home Networks version 5.3.1063 and below could allow an attacker to use a malicious DLL to escalate privileges and perform arbitrary code execution. An attacker must already have user privileges on the machine to exploit… | |||
| CVE-2021-25226 | 0.00 | — | 0.00 | Jan 27, 2021 | A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a scan engine component. An attacker must first obtain… | |||
| CVE-2021-25225 | 0.00 | — | 0.00 | Jan 27, 2021 | A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a scheduled scan component. An attacker must first obtain… | |||
| CVE-2021-25224 | 0.00 | — | 0.00 | Jan 27, 2021 | A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a manual scan component. An attacker must first obtain… | |||
| CVE-2020-8465 | 0.00 | — | 0.03 | Dec 17, 2020 | A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and authentication bypass (CVE-2020-8464) to execute code as user root. | |||
| CVE-2020-8464 | 0.00 | — | 0.06 | Dec 17, 2020 | A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access. | |||
| CVE-2020-8463 | 0.00 | — | 0.06 | Dec 17, 2020 | A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to bypass a global authorization check for anonymous users by manipulating request paths. | |||
| CVE-2020-8462 | 0.00 | — | 0.01 | Dec 17, 2020 | A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product. | |||
| CVE-2020-8461 | 0.00 | — | 0.01 | Dec 17, 2020 | A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim's browser to send a specifically encoded request without requiring a valid CSRF token. | |||
| CVE-2020-27010 | 0.00 | — | 0.01 | Dec 17, 2020 | A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product in a manner separate from the similar CVE-2020-8462. | |||
| CVE-2020-28583 | 0.00 | — | 0.03 | Dec 1, 2020 | An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version, build and patch information. | |||
| CVE-2020-28582 | 0.00 | — | 0.03 | Dec 1, 2020 | An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of managed agents. | |||
| CVE-2020-28575 | 0.00 | — | 0.01 | Dec 1, 2020 | A heap-based buffer overflow privilege escalation vulnerability in Trend Micro ServerProtect for Linux 3.0 may allow an attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute high-privileged code on the target in order to… | |||
| CVE-2020-28576 | 0.00 | — | 0.03 | Dec 1, 2020 | An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version and build information. | |||
| CVE-2020-28577 | 0.00 | — | 0.03 | Dec 1, 2020 | An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names. | |||
| CVE-2020-28573 | 0.00 | — | 0.03 | Dec 1, 2020 | An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal the total agents managed by the server. | |||
| CVE-2020-28574 | 0.00 | — | 0.03 | Nov 18, 2020 | A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-Free Business Security 10 SP1 could allow an unauthenticated attacker to exploit the vulnerability and modify or delete arbitrary files on the product's management console. | |||
| CVE-2020-28572 | 0.00 | — | 0.00 | Nov 18, 2020 | A vulnerability in Trend Micro Apex One could allow an unprivileged user to abuse the product installer to reinstall the agent with additional malicious code in the context of a higher privilege. | |||
| CVE-2020-27697 | 0.00 | — | 0.01 | Nov 18, 2020 | Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a non-protected location with high privileges (symlink attack) which can lead to obtaining administrative privileges during the… | |||
| CVE-2020-27695 | 0.00 | — | 0.00 | Nov 18, 2020 | Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a local directory which can lead to obtaining administrative privileges during the installation of the product. | |||
| CVE-2020-27696 | 0.00 | — | 0.00 | Nov 18, 2020 | Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a specific Windows system directory which can lead to obtaining administrative privileges during the installation of the product. | |||
| CVE-2020-7962 | 0.00 | — | 0.01 | Nov 13, 2020 | An issue was discovered in One Identity Password Manager 5.8. An attacker could enumerate valid answers for a user. It is possible for an attacker to detect a valid answer based on the HTTP response content, and reuse this answer later for a password reset on a chosen password.… | |||
| CVE-2020-27694 | 0.00 | — | 0.07 | Nov 9, 2020 | Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 has updated a specific critical library that may vulnerable to attack. | |||
| CVE-2020-27693 | 0.00 | — | 0.02 | Nov 9, 2020 | Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 stores administrative passwords using a hash that is considered outdated. | |||
| CVE-2020-27019 | 0.00 | — | 0.18 | Nov 9, 2020 | Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an information disclosure vulnerability which could allow an attacker to access a specific database and key. | |||
| CVE-2020-27017 | 0.00 | — | 0.06 | Nov 9, 2020 | Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an XML External Entity Processing (XXE) vulnerability which could allow an authenticated administrator to read arbitrary local files. An attacker must already have obtained product… | |||
| CVE-2020-27018 | 0.00 | — | 0.03 | Nov 9, 2020 | Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a server side request forgery vulnerability which could allow an authenticated attacker to abuse the product's web server and grant access to web resources or parts of local files. An… | |||
| CVE-2020-27016 | 0.00 | — | 0.02 | Nov 9, 2020 | Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a cross-site request forgery (CSRF) vulnerability which could allow an attacker to modify policy rules by tricking an authenticated administrator into accessing an attacker-controlled web… | |||
| CVE-2020-27015 | 0.00 | — | 0.01 | Oct 29, 2020 | Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland. An attacker must first obtain the ability to execute high-privileged code on the… | |||
| CVE-2020-27014 | 0.00 | — | 0.00 | Oct 29, 2020 | Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash.\n\n\r\nAn attacker must first obtain the ability to execute… | |||
| CVE-2020-25778 | 0.00 | — | 0.01 | Oct 14, 2020 | Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in a specific kernel extension where an attacker could supply a kernel pointer and leak several bytes of memory. An attacker must first obtain the ability to execute high-privileged code on the target system in… | |||
| CVE-2020-27013 | 0.00 | — | 0.00 | Oct 14, 2020 | Trend Micro Antivirus for Mac 2020 (Consumer) contains a vulnerability in the product that occurs when a webserver is started that implements an API with several properties that can be read and written to allowing the attacker to gather and modify sensitive product and user… | |||
| CVE-2020-25777 | 0.00 | — | 0.01 | Oct 14, 2020 | Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a specific kernel extension request attack where an attacker could bypass the Web Threat Protection feature of the product. User interaction is required to exploit this vulnerability in that the target must visit a… | |||
| CVE-2020-25779 | 0.00 | — | 0.01 | Oct 13, 2020 | Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in which a Internationalized Domain Name homograph attack (Puny-code) could be used to add a malicious website to the approved websites list of Trend Micro Antivirus for Mac to bypass the web threat protection… |
- CVE-2021-25241Feb 4, 2021risk 0.00cvss —epss 0.02
A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a sweep.
- CVE-2021-25242Feb 4, 2021risk 0.00cvss —epss 0.02
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain version and build information.
- CVE-2021-25240Feb 4, 2021risk 0.00cvss —epss 0.02
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain x64 agent hofitx information.
- CVE-2021-25238Feb 4, 2021risk 0.00cvss —epss 0.02
An improper access control information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about an agent's managing port.
- CVE-2021-25239Feb 4, 2021risk 0.00cvss —epss 0.02
An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about x86 agent hotfixes.
- CVE-2021-25237Feb 4, 2021risk 0.00cvss —epss 0.02
An improper access control vulnerability in Trend Micro Apex One (on-prem) could allow an unauthenticated user to obtain information about the managing port used by agents.
- CVE-2021-25236Feb 4, 2021risk 0.00cvss —epss 0.02
A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a specific sweep.
- CVE-2021-25235Feb 4, 2021risk 0.00cvss —epss 0.02
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about a content inspection configuration file.
- CVE-2021-25234Feb 4, 2021risk 0.00cvss —epss 0.02
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific notification configuration file.
- CVE-2021-25233Feb 4, 2021risk 0.00cvss —epss 0.02
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific configuration download file.
- CVE-2021-25232Feb 4, 2021risk 0.00cvss —epss 0.02
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the SQL database.
- CVE-2021-25231Feb 4, 2021risk 0.00cvss —epss 0.02
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific hotfix history file.
- CVE-2021-25230Feb 4, 2021risk 0.00cvss —epss 0.02
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the contents of a scan connection exception file.
- CVE-2021-25228Feb 4, 2021risk 0.00cvss —epss 0.02
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about hotfix history.
- CVE-2021-25229Feb 4, 2021risk 0.00cvss —epss 0.02
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the database server.
- CVE-2021-25227Feb 4, 2021risk 0.00cvss —epss 0.00
Trend Micro Antivirus for Mac 2021 (Consumer) is vulnerable to a memory exhaustion vulnerability that could lead to disabling all the scanning functionality within the application. Please note: an attacker must first obtain the ability to execute low-privileged code on the…
- CVE-2021-25247Jan 27, 2021risk 0.00cvss —epss 0.01
A DLL hijacking vulnerability Trend Micro HouseCall for Home Networks version 5.3.1063 and below could allow an attacker to use a malicious DLL to escalate privileges and perform arbitrary code execution. An attacker must already have user privileges on the machine to exploit…
- CVE-2021-25226Jan 27, 2021risk 0.00cvss —epss 0.00
A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a scan engine component. An attacker must first obtain…
- CVE-2021-25225Jan 27, 2021risk 0.00cvss —epss 0.00
A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a scheduled scan component. An attacker must first obtain…
- CVE-2021-25224Jan 27, 2021risk 0.00cvss —epss 0.00
A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a manual scan component. An attacker must first obtain…
- CVE-2020-8465Dec 17, 2020risk 0.00cvss —epss 0.03
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and authentication bypass (CVE-2020-8464) to execute code as user root.
- CVE-2020-8464Dec 17, 2020risk 0.00cvss —epss 0.06
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access.
- CVE-2020-8463Dec 17, 2020risk 0.00cvss —epss 0.06
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to bypass a global authorization check for anonymous users by manipulating request paths.
- CVE-2020-8462Dec 17, 2020risk 0.00cvss —epss 0.01
A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product.
- CVE-2020-8461Dec 17, 2020risk 0.00cvss —epss 0.01
A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim's browser to send a specifically encoded request without requiring a valid CSRF token.
- CVE-2020-27010Dec 17, 2020risk 0.00cvss —epss 0.01
A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product in a manner separate from the similar CVE-2020-8462.
- CVE-2020-28583Dec 1, 2020risk 0.00cvss —epss 0.03
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version, build and patch information.
- CVE-2020-28582Dec 1, 2020risk 0.00cvss —epss 0.03
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of managed agents.
- CVE-2020-28575Dec 1, 2020risk 0.00cvss —epss 0.01
A heap-based buffer overflow privilege escalation vulnerability in Trend Micro ServerProtect for Linux 3.0 may allow an attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute high-privileged code on the target in order to…
- CVE-2020-28576Dec 1, 2020risk 0.00cvss —epss 0.03
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version and build information.
- CVE-2020-28577Dec 1, 2020risk 0.00cvss —epss 0.03
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names.
- CVE-2020-28573Dec 1, 2020risk 0.00cvss —epss 0.03
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal the total agents managed by the server.
- CVE-2020-28574Nov 18, 2020risk 0.00cvss —epss 0.03
A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-Free Business Security 10 SP1 could allow an unauthenticated attacker to exploit the vulnerability and modify or delete arbitrary files on the product's management console.
- CVE-2020-28572Nov 18, 2020risk 0.00cvss —epss 0.00
A vulnerability in Trend Micro Apex One could allow an unprivileged user to abuse the product installer to reinstall the agent with additional malicious code in the context of a higher privilege.
- CVE-2020-27697Nov 18, 2020risk 0.00cvss —epss 0.01
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a non-protected location with high privileges (symlink attack) which can lead to obtaining administrative privileges during the…
- CVE-2020-27695Nov 18, 2020risk 0.00cvss —epss 0.00
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a local directory which can lead to obtaining administrative privileges during the installation of the product.
- CVE-2020-27696Nov 18, 2020risk 0.00cvss —epss 0.00
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a specific Windows system directory which can lead to obtaining administrative privileges during the installation of the product.
- CVE-2020-7962Nov 13, 2020risk 0.00cvss —epss 0.01
An issue was discovered in One Identity Password Manager 5.8. An attacker could enumerate valid answers for a user. It is possible for an attacker to detect a valid answer based on the HTTP response content, and reuse this answer later for a password reset on a chosen password.…
- CVE-2020-27694Nov 9, 2020risk 0.00cvss —epss 0.07
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 has updated a specific critical library that may vulnerable to attack.
- CVE-2020-27693Nov 9, 2020risk 0.00cvss —epss 0.02
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 stores administrative passwords using a hash that is considered outdated.
- CVE-2020-27019Nov 9, 2020risk 0.00cvss —epss 0.18
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an information disclosure vulnerability which could allow an attacker to access a specific database and key.
- CVE-2020-27017Nov 9, 2020risk 0.00cvss —epss 0.06
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an XML External Entity Processing (XXE) vulnerability which could allow an authenticated administrator to read arbitrary local files. An attacker must already have obtained product…
- CVE-2020-27018Nov 9, 2020risk 0.00cvss —epss 0.03
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a server side request forgery vulnerability which could allow an authenticated attacker to abuse the product's web server and grant access to web resources or parts of local files. An…
- CVE-2020-27016Nov 9, 2020risk 0.00cvss —epss 0.02
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a cross-site request forgery (CSRF) vulnerability which could allow an attacker to modify policy rules by tricking an authenticated administrator into accessing an attacker-controlled web…
- CVE-2020-27015Oct 29, 2020risk 0.00cvss —epss 0.01
Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland. An attacker must first obtain the ability to execute high-privileged code on the…
- CVE-2020-27014Oct 29, 2020risk 0.00cvss —epss 0.00
Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash.\n\n\r\nAn attacker must first obtain the ability to execute…
- CVE-2020-25778Oct 14, 2020risk 0.00cvss —epss 0.01
Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in a specific kernel extension where an attacker could supply a kernel pointer and leak several bytes of memory. An attacker must first obtain the ability to execute high-privileged code on the target system in…
- CVE-2020-27013Oct 14, 2020risk 0.00cvss —epss 0.00
Trend Micro Antivirus for Mac 2020 (Consumer) contains a vulnerability in the product that occurs when a webserver is started that implements an API with several properties that can be read and written to allowing the attacker to gather and modify sensitive product and user…
- CVE-2020-25777Oct 14, 2020risk 0.00cvss —epss 0.01
Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a specific kernel extension request attack where an attacker could bypass the Web Threat Protection feature of the product. User interaction is required to exploit this vulnerability in that the target must visit a…
- CVE-2020-25779Oct 13, 2020risk 0.00cvss —epss 0.01
Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in which a Internationalized Domain Name homograph attack (Puny-code) could be used to add a malicious website to the approved websites list of Trend Micro Antivirus for Mac to bypass the web threat protection…
Page 11 of 14