Vendor CVEs
Trend Micro
All CVEs
696 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-25776 | 0.00 | — | 0.01 | Oct 2, 2020 | Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a symbolic link privilege escalation attack where an attacker could exploit a critical file on the system to escalate their privileges. An attacker must first obtain the ability to execute low-privileged code on the… | |||
| CVE-2020-25775 | 0.00 | — | 0.00 | Sep 28, 2020 | The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product's secure erase feature to delete files with a higher set of privileges. | |||
| CVE-2020-25774 | 0.00 | — | 0.02 | Sep 28, 2020 | A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to trigger an out-of-bounds red information disclosure which would disclose sensitive information to an unprivileged account. User interaction is required to exploit this… | |||
| CVE-2020-25773 | 0.00 | — | 0.02 | Sep 28, 2020 | A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to execute arbitrary code on affected products. User interaction is required to exploit this vulnerability in that the target must import a corrupted configuration file. | |||
| CVE-2020-25772 | 0.00 | — | 0.01 | Sep 28, 2020 | An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute… | |||
| CVE-2020-25770 | 0.00 | — | 0.01 | Sep 28, 2020 | An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute… | |||
| CVE-2020-25771 | 0.00 | — | 0.01 | Sep 28, 2020 | An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute… | |||
| CVE-2020-24565 | 0.00 | — | 0.01 | Sep 28, 2020 | An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute… | |||
| CVE-2020-24564 | 0.00 | — | 0.01 | Sep 28, 2020 | An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute… | |||
| CVE-2020-24563 | 0.00 | — | 0.00 | Sep 28, 2020 | A vulnerability in Trend Micro Apex One may allow a local attacker to manipulate the process of the security agent unload option (if configured), which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to… | |||
| CVE-2020-24562 | 0.00 | — | 0.01 | Sep 28, 2020 | A vulnerability in Trend Micro OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute… | |||
| CVE-2020-24560 | 0.00 | — | 0.02 | Sep 24, 2020 | An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of… | |||
| CVE-2020-15604 | 0.00 | — | 0.02 | Sep 24, 2020 | An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of… | |||
| CVE-2020-24561 | 0.00 | — | 0.05 | Sep 15, 2020 | A command injection vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow an attacker to execute arbitrary code on an affected system. An attacker must first obtain admin/root privileges on the SPLX console to exploit this vulnerability. | |||
| CVE-2020-24559 | 0.00 | — | 0.01 | Sep 1, 2020 | A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load and run a script from a user-writable folder, which then would allow them to execute… | |||
| CVE-2020-24558 | 0.00 | — | 0.01 | Sep 1, 2020 | A vulnerability in an Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services dll may allow an attacker to manipulate it to cause an out-of-bounds read that crashes multiple processes in the product. An attacker must first obtain the… | |||
| CVE-2020-24556 | 0.00 | — | 0.01 | Sep 1, 2020 | A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a… | |||
| CVE-2020-8602 | 0.00 | — | 0.04 | Aug 27, 2020 | A vulnerability in the management consoles of Trend Micro Deep Security 10.0-12.0 and Trend Micro Vulnerability Protection 2.0 SP2 may allow an authenticated attacker with full control privileges to bypass file integrity checks, leading to remote code execution. | |||
| CVE-2020-15605 | 0.00 | — | 0.03 | Aug 27, 2020 | If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Vulnerability Protection 2.0 SP2 could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling multi-factor… | |||
| CVE-2020-15601 | 0.00 | — | 0.03 | Aug 27, 2020 | If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Deep Security 10.x-12.x could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling multi-factor authentication… | |||
| CVE-2020-8607 | 0.00 | — | 0.01 | Aug 5, 2020 | An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a… | |||
| CVE-2020-15603 | 0.00 | — | 0.01 | Jul 15, 2020 | An invalid memory read vulnerability in a Trend Micro Secuity 2020 (v16.0.0.1302 and below) consumer family of products' driver could allow an attacker to manipulate the specific driver to do a system call operation with an invalid address, resulting in a potential system crash. | |||
| CVE-2020-15602 | 0.00 | — | 0.01 | Jul 15, 2020 | An untrusted search path remote code execution (RCE) vulnerability in the Trend Micro Secuity 2020 (v16.0.0.1146 and below) consumer family of products could allow an attacker to run arbitrary code on a vulnerable system. As the Trend Micro installer tries to load DLL files from… | |||
| CVE-2020-8603 | 0.00 | — | 0.02 | May 27, 2020 | A cross-site scripting vulnerability (XSS) in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow a remote attacker to tamper with the web interface of affected installations. User interaction is required to exploit this vulnerability in that the target must visit… | |||
| CVE-2020-8600 | 0.00 | — | 0.04 | Mar 18, 2020 | Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected by a directory traversal vulnerability that could allow an attacker to manipulate a key file to bypass authentication. | |||
| CVE-2020-8470 | 0.00 | — | 0.04 | Mar 18, 2020 | Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this… | |||
| CVE-2020-8469 | 0.00 | — | 0.00 | Mar 12, 2020 | Trend Micro Password Manager for Windows version 5.0 is affected by a DLL hijacking vulnerability would could potentially allow an attacker privleged escalation. | |||
| CVE-2019-19694 | 0.00 | — | 0.00 | Feb 20, 2020 | The Trend Micro Security 2019 (15.0.0.1163 and below) consumer family of products is vulnerable to a denial of service (DoS) attack in which a malicious actor could manipulate a key file at a certain time during the system startup process to disable the product's malware… | |||
| CVE-2020-8601 | 0.00 | — | 0.00 | Feb 20, 2020 | Trend Micro Vulnerability Protection 2.0 is affected by a vulnerability that could allow an attack to use the product installer to load other DLL files located in the same directory. | |||
| CVE-2019-20358 | 0.00 | — | 0.05 | Jan 30, 2020 | Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed. Another attack vector similar to… | |||
| CVE-2019-19697 | 0.00 | — | 0.01 | Jan 17, 2020 | An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must… | |||
| CVE-2019-20357 | 0.00 | — | 0.01 | Jan 17, 2020 | A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a… | |||
| CVE-2019-19696 | 0.00 | — | 0.00 | Jan 17, 2020 | A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to… | |||
| CVE-2019-15625 | 0.00 | — | 0.01 | Jan 17, 2020 | A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information. | |||
| CVE-2019-18894 | 0.00 | — | 0.02 | Jan 13, 2020 | In Avast Premium Security 19.8.2393, attackers can send a specially crafted request to the local web server run by Avast Antivirus on port 27275 to support Bank Mode functionality. A flaw in the processing of a command allows execution of arbitrary OS commands with the… | |||
| CVE-2019-19695 | 0.00 | — | 0.03 | Dec 24, 2019 | A privilege escalation vulnerability in Trend Micro Antivirus for Mac 2019 (v9.0.1379 and below) could potentially allow an attacker to create a symbolic link to a target file and modify it. | |||
| CVE-2019-19692 | 0.00 | — | 0.01 | Dec 20, 2019 | Trend Micro Apex One (2019) is affected by a cross-site scripting (XSS) vulnerability on the product console. Note that the Japanese version of the product is NOT affected. | |||
| CVE-2019-19693 | 0.00 | — | 0.01 | Dec 20, 2019 | The Trend Micro Security 2020 consumer family of products contains a vulnerability that could allow a local attacker to disclose sensitive information or to create a denial-of-service condition on affected installations. An attacker must first obtain the ability to execute… | |||
| CVE-2019-19691 | 0.00 | — | 0.01 | Dec 20, 2019 | A vulnerability in Trend Micro Apex One and OfficeScan XG could allow an attacker to expose a masked credential key by manipulating page elements using development tools. Note that the attacker must already have admin/root privileges on the product console to exploit this… | |||
| CVE-2019-19690 | 0.00 | — | 0.01 | Dec 18, 2019 | Trend Micro Mobile Security for Android (Consumer) versions 10.3.1 and below on Android 8.0+ has an issue in which an attacker could bypass the product's App Password Protection feature. | |||
| CVE-2019-19689 | 0.00 | — | 0.01 | Dec 18, 2019 | Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited via a DLL Hijack related to a vulnerability on the packer that the program uses. | |||
| CVE-2019-19688 | 0.00 | — | 0.01 | Dec 18, 2019 | A privilege escalation vulnerability in Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited allowing an attacker to place a malicious DLL file into the application directory and elevate privileges. | |||
| CVE-2019-18191 | 0.00 | — | 0.02 | Dec 16, 2019 | A privilege escalation vulnerability in the Trend Micro Deep Security as a Service Quick Setup cloud formation template could allow an authenticated entity with certain unrestricted AWS execution privileges to escalate to full privileges within the target AWS account. | |||
| CVE-2019-18190 | 0.00 | — | 0.03 | Dec 9, 2019 | Trend Micro Security (Consumer) 2020 (v16.x) is affected by a vulnerability in where null pointer dereference errors result in the crash of application, which could potentially lead to possible unsigned code execution under certain circumstances. | |||
| CVE-2019-19546 | 0.00 | — | 0.01 | Dec 5, 2019 | Norton Password Manager, prior to 6.6.2.5, may be susceptible to an information disclosure issue, which is a type of vulnerability whereby there is an unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information. | |||
| CVE-2019-15628 | 0.00 | — | 0.01 | Dec 2, 2019 | Trend Micro Security (Consumer) 2020 (v16.0.1221 and below) is affected by a DLL hijacking vulnerability that could allow an attacker to use a specific service as an execution and/or persistence mechanism which could execute a malicious program each time the service is started. | |||
| CVE-2019-15629 | 0.00 | — | 0.03 | Nov 25, 2019 | Trend Micro Password Manager versions 3.x, 5.0, and 5.1 for Android is affected by a FLAG_MISUSE vulnerability that could be exploited to allow the application to share information to third-party applications on the device. | |||
| CVE-2019-18188 | 0.00 | — | 0.05 | Oct 28, 2019 | Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could potentially lead to remote code execution (RCE). The remote process execution… | |||
| CVE-2019-18189 | 0.00 | — | 0.05 | Oct 28, 2019 | A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulnerability does not… | |||
| CVE-2019-15626 | 0.00 | — | 0.02 | Oct 17, 2019 | The Deep Security Manager application (Versions 10.0, 11.0 and 12.0), when configured in a certain way, may transmit initial LDAP communication in clear text. This may result in confidentiality impact but does not impact integrity or availability. |
- CVE-2020-25776Oct 2, 2020risk 0.00cvss —epss 0.01
Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a symbolic link privilege escalation attack where an attacker could exploit a critical file on the system to escalate their privileges. An attacker must first obtain the ability to execute low-privileged code on the…
- CVE-2020-25775Sep 28, 2020risk 0.00cvss —epss 0.00
The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product's secure erase feature to delete files with a higher set of privileges.
- CVE-2020-25774Sep 28, 2020risk 0.00cvss —epss 0.02
A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to trigger an out-of-bounds red information disclosure which would disclose sensitive information to an unprivileged account. User interaction is required to exploit this…
- CVE-2020-25773Sep 28, 2020risk 0.00cvss —epss 0.02
A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to execute arbitrary code on affected products. User interaction is required to exploit this vulnerability in that the target must import a corrupted configuration file.
- CVE-2020-25772Sep 28, 2020risk 0.00cvss —epss 0.01
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute…
- CVE-2020-25770Sep 28, 2020risk 0.00cvss —epss 0.01
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute…
- CVE-2020-25771Sep 28, 2020risk 0.00cvss —epss 0.01
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute…
- CVE-2020-24565Sep 28, 2020risk 0.00cvss —epss 0.01
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute…
- CVE-2020-24564Sep 28, 2020risk 0.00cvss —epss 0.01
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute…
- CVE-2020-24563Sep 28, 2020risk 0.00cvss —epss 0.00
A vulnerability in Trend Micro Apex One may allow a local attacker to manipulate the process of the security agent unload option (if configured), which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to…
- CVE-2020-24562Sep 28, 2020risk 0.00cvss —epss 0.01
A vulnerability in Trend Micro OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute…
- CVE-2020-24560Sep 24, 2020risk 0.00cvss —epss 0.02
An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of…
- CVE-2020-15604Sep 24, 2020risk 0.00cvss —epss 0.02
An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of…
- CVE-2020-24561Sep 15, 2020risk 0.00cvss —epss 0.05
A command injection vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow an attacker to execute arbitrary code on an affected system. An attacker must first obtain admin/root privileges on the SPLX console to exploit this vulnerability.
- CVE-2020-24559Sep 1, 2020risk 0.00cvss —epss 0.01
A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load and run a script from a user-writable folder, which then would allow them to execute…
- CVE-2020-24558Sep 1, 2020risk 0.00cvss —epss 0.01
A vulnerability in an Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services dll may allow an attacker to manipulate it to cause an out-of-bounds read that crashes multiple processes in the product. An attacker must first obtain the…
- CVE-2020-24556Sep 1, 2020risk 0.00cvss —epss 0.01
A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a…
- CVE-2020-8602Aug 27, 2020risk 0.00cvss —epss 0.04
A vulnerability in the management consoles of Trend Micro Deep Security 10.0-12.0 and Trend Micro Vulnerability Protection 2.0 SP2 may allow an authenticated attacker with full control privileges to bypass file integrity checks, leading to remote code execution.
- CVE-2020-15605Aug 27, 2020risk 0.00cvss —epss 0.03
If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Vulnerability Protection 2.0 SP2 could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling multi-factor…
- CVE-2020-15601Aug 27, 2020risk 0.00cvss —epss 0.03
If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Deep Security 10.x-12.x could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling multi-factor authentication…
- CVE-2020-8607Aug 5, 2020risk 0.00cvss —epss 0.01
An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a…
- CVE-2020-15603Jul 15, 2020risk 0.00cvss —epss 0.01
An invalid memory read vulnerability in a Trend Micro Secuity 2020 (v16.0.0.1302 and below) consumer family of products' driver could allow an attacker to manipulate the specific driver to do a system call operation with an invalid address, resulting in a potential system crash.
- CVE-2020-15602Jul 15, 2020risk 0.00cvss —epss 0.01
An untrusted search path remote code execution (RCE) vulnerability in the Trend Micro Secuity 2020 (v16.0.0.1146 and below) consumer family of products could allow an attacker to run arbitrary code on a vulnerable system. As the Trend Micro installer tries to load DLL files from…
- CVE-2020-8603May 27, 2020risk 0.00cvss —epss 0.02
A cross-site scripting vulnerability (XSS) in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow a remote attacker to tamper with the web interface of affected installations. User interaction is required to exploit this vulnerability in that the target must visit…
- CVE-2020-8600Mar 18, 2020risk 0.00cvss —epss 0.04
Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected by a directory traversal vulnerability that could allow an attacker to manipulate a key file to bypass authentication.
- CVE-2020-8470Mar 18, 2020risk 0.00cvss —epss 0.04
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this…
- CVE-2020-8469Mar 12, 2020risk 0.00cvss —epss 0.00
Trend Micro Password Manager for Windows version 5.0 is affected by a DLL hijacking vulnerability would could potentially allow an attacker privleged escalation.
- CVE-2019-19694Feb 20, 2020risk 0.00cvss —epss 0.00
The Trend Micro Security 2019 (15.0.0.1163 and below) consumer family of products is vulnerable to a denial of service (DoS) attack in which a malicious actor could manipulate a key file at a certain time during the system startup process to disable the product's malware…
- CVE-2020-8601Feb 20, 2020risk 0.00cvss —epss 0.00
Trend Micro Vulnerability Protection 2.0 is affected by a vulnerability that could allow an attack to use the product installer to load other DLL files located in the same directory.
- CVE-2019-20358Jan 30, 2020risk 0.00cvss —epss 0.05
Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed. Another attack vector similar to…
- CVE-2019-19697Jan 17, 2020risk 0.00cvss —epss 0.01
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must…
- CVE-2019-20357Jan 17, 2020risk 0.00cvss —epss 0.01
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a…
- CVE-2019-19696Jan 17, 2020risk 0.00cvss —epss 0.00
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to…
- CVE-2019-15625Jan 17, 2020risk 0.00cvss —epss 0.01
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
- CVE-2019-18894Jan 13, 2020risk 0.00cvss —epss 0.02
In Avast Premium Security 19.8.2393, attackers can send a specially crafted request to the local web server run by Avast Antivirus on port 27275 to support Bank Mode functionality. A flaw in the processing of a command allows execution of arbitrary OS commands with the…
- CVE-2019-19695Dec 24, 2019risk 0.00cvss —epss 0.03
A privilege escalation vulnerability in Trend Micro Antivirus for Mac 2019 (v9.0.1379 and below) could potentially allow an attacker to create a symbolic link to a target file and modify it.
- CVE-2019-19692Dec 20, 2019risk 0.00cvss —epss 0.01
Trend Micro Apex One (2019) is affected by a cross-site scripting (XSS) vulnerability on the product console. Note that the Japanese version of the product is NOT affected.
- CVE-2019-19693Dec 20, 2019risk 0.00cvss —epss 0.01
The Trend Micro Security 2020 consumer family of products contains a vulnerability that could allow a local attacker to disclose sensitive information or to create a denial-of-service condition on affected installations. An attacker must first obtain the ability to execute…
- CVE-2019-19691Dec 20, 2019risk 0.00cvss —epss 0.01
A vulnerability in Trend Micro Apex One and OfficeScan XG could allow an attacker to expose a masked credential key by manipulating page elements using development tools. Note that the attacker must already have admin/root privileges on the product console to exploit this…
- CVE-2019-19690Dec 18, 2019risk 0.00cvss —epss 0.01
Trend Micro Mobile Security for Android (Consumer) versions 10.3.1 and below on Android 8.0+ has an issue in which an attacker could bypass the product's App Password Protection feature.
- CVE-2019-19689Dec 18, 2019risk 0.00cvss —epss 0.01
Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited via a DLL Hijack related to a vulnerability on the packer that the program uses.
- CVE-2019-19688Dec 18, 2019risk 0.00cvss —epss 0.01
A privilege escalation vulnerability in Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited allowing an attacker to place a malicious DLL file into the application directory and elevate privileges.
- CVE-2019-18191Dec 16, 2019risk 0.00cvss —epss 0.02
A privilege escalation vulnerability in the Trend Micro Deep Security as a Service Quick Setup cloud formation template could allow an authenticated entity with certain unrestricted AWS execution privileges to escalate to full privileges within the target AWS account.
- CVE-2019-18190Dec 9, 2019risk 0.00cvss —epss 0.03
Trend Micro Security (Consumer) 2020 (v16.x) is affected by a vulnerability in where null pointer dereference errors result in the crash of application, which could potentially lead to possible unsigned code execution under certain circumstances.
- CVE-2019-19546Dec 5, 2019risk 0.00cvss —epss 0.01
Norton Password Manager, prior to 6.6.2.5, may be susceptible to an information disclosure issue, which is a type of vulnerability whereby there is an unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information.
- CVE-2019-15628Dec 2, 2019risk 0.00cvss —epss 0.01
Trend Micro Security (Consumer) 2020 (v16.0.1221 and below) is affected by a DLL hijacking vulnerability that could allow an attacker to use a specific service as an execution and/or persistence mechanism which could execute a malicious program each time the service is started.
- CVE-2019-15629Nov 25, 2019risk 0.00cvss —epss 0.03
Trend Micro Password Manager versions 3.x, 5.0, and 5.1 for Android is affected by a FLAG_MISUSE vulnerability that could be exploited to allow the application to share information to third-party applications on the device.
- CVE-2019-18188Oct 28, 2019risk 0.00cvss —epss 0.05
Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could potentially lead to remote code execution (RCE). The remote process execution…
- CVE-2019-18189Oct 28, 2019risk 0.00cvss —epss 0.05
A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulnerability does not…
- CVE-2019-15626Oct 17, 2019risk 0.00cvss —epss 0.02
The Deep Security Manager application (Versions 10.0, 11.0 and 12.0), when configured in a certain way, may transmit initial LDAP communication in clear text. This may result in confidentiality impact but does not impact integrity or availability.
Page 12 of 14