Lucene search

K

Trend Micro Vulnerability Protection Security Vulnerabilities

cve
cve

CVE-2022-41744

A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One Vulnerability Protection integrated component could allow a local attacker to escalate privileges and turn a specific working directory into a mount point on affected installations. Please note: an attacker must first obtain the....

7CVSS

6.9AI Score

0.0004EPSS

2022-10-10 09:15 PM
31
6
cve
cve

CVE-2021-25251

The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program's password protection and disable protection. An attacker must already have administrator privileges on the machine to exploit.....

7.2CVSS

7.1AI Score

0.001EPSS

2021-02-10 10:15 PM
39
2
cve
cve

CVE-2020-8461

A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim's browser to send a specifically encoded request without requiring a valid CSRF...

8.8CVSS

9AI Score

0.001EPSS

2020-12-17 09:15 PM
27
2
cve
cve

CVE-2020-27014

Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash.\n\n\r\nAn attacker must first obtain the ability to execute high-privileged code on...

6.4CVSS

6.3AI Score

0.0004EPSS

2020-10-30 12:15 AM
22
cve
cve

CVE-2020-25777

Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a specific kernel extension request attack where an attacker could bypass the Web Threat Protection feature of the product. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...

5.4CVSS

5.1AI Score

0.004EPSS

2020-10-14 03:15 PM
24
cve
cve

CVE-2020-25779

Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in which a Internationalized Domain Name homograph attack (Puny-code) could be used to add a malicious website to the approved websites list of Trend Micro Antivirus for Mac to bypass the web threat protection...

3.3CVSS

4.2AI Score

0.0004EPSS

2020-10-13 04:15 PM
23
cve
cve

CVE-2020-15605

If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Vulnerability Protection 2.0 SP2 could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling multi-factor authentication prevents...

8.1CVSS

8.1AI Score

0.003EPSS

2020-08-27 09:15 PM
20
cve
cve

CVE-2020-15601

If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Deep Security 10.x-12.x could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling multi-factor authentication prevents this...

8.1CVSS

8.2AI Score

0.003EPSS

2020-08-27 09:15 PM
23
cve
cve

CVE-2020-8602

A vulnerability in the management consoles of Trend Micro Deep Security 10.0-12.0 and Trend Micro Vulnerability Protection 2.0 SP2 may allow an authenticated attacker with full control privileges to bypass file integrity checks, leading to remote code...

7.2CVSS

7.2AI Score

0.003EPSS

2020-08-27 09:15 PM
22
cve
cve

CVE-2020-8607

An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or...

6.7CVSS

6.6AI Score

0.001EPSS

2020-08-05 02:15 PM
16
cve
cve

CVE-2020-8601

Trend Micro Vulnerability Protection 2.0 is affected by a vulnerability that could allow an attack to use the product installer to load other DLL files located in the same...

7.8CVSS

7.3AI Score

0.0004EPSS

2020-02-20 11:15 PM
63
cve
cve

CVE-2019-9488

Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Protection (2.0) are vulnerable to a XML External Entity Attack. However, for the attack to be possible, the attacker must have root/admin access to a protected host which is authorized to communicate with the Deep Security Manager...

4.9CVSS

5AI Score

0.001EPSS

2019-09-11 06:15 PM
25
cve
cve

CVE-2019-9492

A DLL side-loading vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow an authenticated attacker to gain code execution and terminate the product's process - disabling endpoint protection. The attacker must have already gained authentication and have local access to the vulnerable.....

7.8CVSS

7.8AI Score

0.0005EPSS

2019-07-26 02:15 PM
323
cve
cve

CVE-2018-15365

A Reflected Cross-Site Scripting (XSS) vulnerability in Trend Micro Deep Discovery Inspector 3.85 and below could allow an attacker to bypass CSRF protection and conduct an attack on vulnerable installations. An attacker must be an authenticated user in order to exploit the...

5.4CVSS

5.2AI Score

0.001EPSS

2018-09-28 05:29 PM
19
cve
cve

CVE-2018-6237

A vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow an unauthenticated remote attacker to manipulate the product to send a large number of specially crafted HTTP requests to potentially cause the file system to fill up, eventually causing a denial of service (DoS)...

7.5CVSS

7.4AI Score

0.013EPSS

2018-05-25 03:29 PM
18
cve
cve

CVE-2018-10350

A SQL injection remote code execution vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw within the handling of parameters provided to wcs_bwlists_handler.php. Authentication is...

8.8CVSS

9.1AI Score

0.009EPSS

2018-05-25 03:29 PM
18
cve
cve

CVE-2018-6231

A server auth command injection authentication bypass vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.3 and below could allow remote attackers to escalate privileges on vulnerable...

9.8CVSS

9.9AI Score

0.004EPSS

2018-03-15 07:29 PM
27
cve
cve

CVE-2018-6224

A lack of cross-site request forgery (CSRF) protection vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to submit authenticated requests to a user browsing an attacker-controlled...

8.8CVSS

9AI Score

0.002EPSS

2018-03-15 07:29 PM
32
cve
cve

CVE-2017-14094

A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a cron job injection on a vulnerable...

9.8CVSS

9.4AI Score

0.026EPSS

2018-01-19 07:29 PM
40
cve
cve

CVE-2017-14096

A stored cross site scripting (XSS) vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to execute a malicious payload on vulnerable...

6.1CVSS

6.9AI Score

0.002EPSS

2018-01-19 07:29 PM
36
cve
cve

CVE-2017-14095

A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a local file inclusion on a vulnerable...

8.1CVSS

8.6AI Score

0.006EPSS

2018-01-19 07:29 PM
51
cve
cve

CVE-2017-14097

An improper access control vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to decrypt contents of a database with information that could be used to access a vulnerable...

9.8CVSS

9AI Score

0.008EPSS

2018-01-19 07:29 PM
37
cve
cve

CVE-2017-11398

A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable...

8.8CVSS

8.8AI Score

0.005EPSS

2018-01-19 07:29 PM
45