VYPR

Vendor CVEs

Trend Micro

All CVEs

696 total · sorted by risk
  • CVE-2020-25776Oct 2, 2020
    risk 0.00cvss epss 0.01

    Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a symbolic link privilege escalation attack where an attacker could exploit a critical file on the system to escalate their privileges. An attacker must first obtain the ability to execute low-privileged code on the…

  • CVE-2020-25775Sep 28, 2020
    risk 0.00cvss epss 0.00

    The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product's secure erase feature to delete files with a higher set of privileges.

  • CVE-2020-25774Sep 28, 2020
    risk 0.00cvss epss 0.02

    A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to trigger an out-of-bounds red information disclosure which would disclose sensitive information to an unprivileged account. User interaction is required to exploit this…

  • CVE-2020-25773Sep 28, 2020
    risk 0.00cvss epss 0.02

    A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to execute arbitrary code on affected products. User interaction is required to exploit this vulnerability in that the target must import a corrupted configuration file.

  • CVE-2020-25772Sep 28, 2020
    risk 0.00cvss epss 0.01

    An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute…

  • CVE-2020-25770Sep 28, 2020
    risk 0.00cvss epss 0.01

    An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute…

  • CVE-2020-25771Sep 28, 2020
    risk 0.00cvss epss 0.01

    An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute…

  • CVE-2020-24565Sep 28, 2020
    risk 0.00cvss epss 0.01

    An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute…

  • CVE-2020-24564Sep 28, 2020
    risk 0.00cvss epss 0.01

    An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute…

  • CVE-2020-24563Sep 28, 2020
    risk 0.00cvss epss 0.00

    A vulnerability in Trend Micro Apex One may allow a local attacker to manipulate the process of the security agent unload option (if configured), which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to…

  • CVE-2020-24562Sep 28, 2020
    risk 0.00cvss epss 0.01

    A vulnerability in Trend Micro OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute…

  • CVE-2020-24560Sep 24, 2020
    risk 0.00cvss epss 0.02

    An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of…

  • CVE-2020-15604Sep 24, 2020
    risk 0.00cvss epss 0.02

    An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of…

  • CVE-2020-24561Sep 15, 2020
    risk 0.00cvss epss 0.05

    A command injection vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow an attacker to execute arbitrary code on an affected system. An attacker must first obtain admin/root privileges on the SPLX console to exploit this vulnerability.

  • CVE-2020-24559Sep 1, 2020
    risk 0.00cvss epss 0.01

    A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load and run a script from a user-writable folder, which then would allow them to execute…

  • CVE-2020-24558Sep 1, 2020
    risk 0.00cvss epss 0.01

    A vulnerability in an Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services dll may allow an attacker to manipulate it to cause an out-of-bounds read that crashes multiple processes in the product. An attacker must first obtain the…

  • CVE-2020-24556Sep 1, 2020
    risk 0.00cvss epss 0.01

    A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a…

  • CVE-2020-8602Aug 27, 2020
    risk 0.00cvss epss 0.04

    A vulnerability in the management consoles of Trend Micro Deep Security 10.0-12.0 and Trend Micro Vulnerability Protection 2.0 SP2 may allow an authenticated attacker with full control privileges to bypass file integrity checks, leading to remote code execution.

  • CVE-2020-15605Aug 27, 2020
    risk 0.00cvss epss 0.03

    If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Vulnerability Protection 2.0 SP2 could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling multi-factor…

  • CVE-2020-15601Aug 27, 2020
    risk 0.00cvss epss 0.03

    If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Deep Security 10.x-12.x could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling multi-factor authentication…

  • CVE-2020-8607Aug 5, 2020
    risk 0.00cvss epss 0.01

    An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a…

  • CVE-2020-15603Jul 15, 2020
    risk 0.00cvss epss 0.01

    An invalid memory read vulnerability in a Trend Micro Secuity 2020 (v16.0.0.1302 and below) consumer family of products' driver could allow an attacker to manipulate the specific driver to do a system call operation with an invalid address, resulting in a potential system crash.

  • CVE-2020-15602Jul 15, 2020
    risk 0.00cvss epss 0.01

    An untrusted search path remote code execution (RCE) vulnerability in the Trend Micro Secuity 2020 (v16.0.0.1146 and below) consumer family of products could allow an attacker to run arbitrary code on a vulnerable system. As the Trend Micro installer tries to load DLL files from…

  • CVE-2020-8603May 27, 2020
    risk 0.00cvss epss 0.02

    A cross-site scripting vulnerability (XSS) in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow a remote attacker to tamper with the web interface of affected installations. User interaction is required to exploit this vulnerability in that the target must visit…

  • CVE-2020-8600Mar 18, 2020
    risk 0.00cvss epss 0.04

    Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected by a directory traversal vulnerability that could allow an attacker to manipulate a key file to bypass authentication.

  • CVE-2020-8470Mar 18, 2020
    risk 0.00cvss epss 0.04

    Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this…

  • CVE-2020-8469Mar 12, 2020
    risk 0.00cvss epss 0.00

    Trend Micro Password Manager for Windows version 5.0 is affected by a DLL hijacking vulnerability would could potentially allow an attacker privleged escalation.

  • CVE-2019-19694Feb 20, 2020
    risk 0.00cvss epss 0.00

    The Trend Micro Security 2019 (15.0.0.1163 and below) consumer family of products is vulnerable to a denial of service (DoS) attack in which a malicious actor could manipulate a key file at a certain time during the system startup process to disable the product's malware…

  • CVE-2020-8601Feb 20, 2020
    risk 0.00cvss epss 0.00

    Trend Micro Vulnerability Protection 2.0 is affected by a vulnerability that could allow an attack to use the product installer to load other DLL files located in the same directory.

  • CVE-2019-20358Jan 30, 2020
    risk 0.00cvss epss 0.05

    Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed. Another attack vector similar to…

  • CVE-2019-19697Jan 17, 2020
    risk 0.00cvss epss 0.01

    An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must…

  • CVE-2019-20357Jan 17, 2020
    risk 0.00cvss epss 0.01

    A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a…

  • CVE-2019-19696Jan 17, 2020
    risk 0.00cvss epss 0.00

    A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to…

  • CVE-2019-15625Jan 17, 2020
    risk 0.00cvss epss 0.01

    A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.

  • CVE-2019-18894Jan 13, 2020
    risk 0.00cvss epss 0.02

    In Avast Premium Security 19.8.2393, attackers can send a specially crafted request to the local web server run by Avast Antivirus on port 27275 to support Bank Mode functionality. A flaw in the processing of a command allows execution of arbitrary OS commands with the…

  • CVE-2019-19695Dec 24, 2019
    risk 0.00cvss epss 0.03

    A privilege escalation vulnerability in Trend Micro Antivirus for Mac 2019 (v9.0.1379 and below) could potentially allow an attacker to create a symbolic link to a target file and modify it.

  • CVE-2019-19692Dec 20, 2019
    risk 0.00cvss epss 0.01

    Trend Micro Apex One (2019) is affected by a cross-site scripting (XSS) vulnerability on the product console. Note that the Japanese version of the product is NOT affected.

  • CVE-2019-19693Dec 20, 2019
    risk 0.00cvss epss 0.01

    The Trend Micro Security 2020 consumer family of products contains a vulnerability that could allow a local attacker to disclose sensitive information or to create a denial-of-service condition on affected installations. An attacker must first obtain the ability to execute…

  • CVE-2019-19691Dec 20, 2019
    risk 0.00cvss epss 0.01

    A vulnerability in Trend Micro Apex One and OfficeScan XG could allow an attacker to expose a masked credential key by manipulating page elements using development tools. Note that the attacker must already have admin/root privileges on the product console to exploit this…

  • CVE-2019-19690Dec 18, 2019
    risk 0.00cvss epss 0.01

    Trend Micro Mobile Security for Android (Consumer) versions 10.3.1 and below on Android 8.0+ has an issue in which an attacker could bypass the product's App Password Protection feature.

  • CVE-2019-19689Dec 18, 2019
    risk 0.00cvss epss 0.01

    Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited via a DLL Hijack related to a vulnerability on the packer that the program uses.

  • CVE-2019-19688Dec 18, 2019
    risk 0.00cvss epss 0.01

    A privilege escalation vulnerability in Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited allowing an attacker to place a malicious DLL file into the application directory and elevate privileges.

  • CVE-2019-18191Dec 16, 2019
    risk 0.00cvss epss 0.02

    A privilege escalation vulnerability in the Trend Micro Deep Security as a Service Quick Setup cloud formation template could allow an authenticated entity with certain unrestricted AWS execution privileges to escalate to full privileges within the target AWS account.

  • CVE-2019-18190Dec 9, 2019
    risk 0.00cvss epss 0.03

    Trend Micro Security (Consumer) 2020 (v16.x) is affected by a vulnerability in where null pointer dereference errors result in the crash of application, which could potentially lead to possible unsigned code execution under certain circumstances.

  • CVE-2019-19546Dec 5, 2019
    risk 0.00cvss epss 0.01

    Norton Password Manager, prior to 6.6.2.5, may be susceptible to an information disclosure issue, which is a type of vulnerability whereby there is an unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information.

  • CVE-2019-15628Dec 2, 2019
    risk 0.00cvss epss 0.01

    Trend Micro Security (Consumer) 2020 (v16.0.1221 and below) is affected by a DLL hijacking vulnerability that could allow an attacker to use a specific service as an execution and/or persistence mechanism which could execute a malicious program each time the service is started.

  • CVE-2019-15629Nov 25, 2019
    risk 0.00cvss epss 0.03

    Trend Micro Password Manager versions 3.x, 5.0, and 5.1 for Android is affected by a FLAG_MISUSE vulnerability that could be exploited to allow the application to share information to third-party applications on the device.

  • CVE-2019-18188Oct 28, 2019
    risk 0.00cvss epss 0.05

    Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could potentially lead to remote code execution (RCE). The remote process execution…

  • CVE-2019-18189Oct 28, 2019
    risk 0.00cvss epss 0.05

    A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulnerability does not…

  • CVE-2019-15626Oct 17, 2019
    risk 0.00cvss epss 0.02

    The Deep Security Manager application (Versions 10.0, 11.0 and 12.0), when configured in a certain way, may transmit initial LDAP communication in clear text. This may result in confidentiality impact but does not impact integrity or availability.