27 matches found
March "In the Trend of VM" (#25): once again, vulnerabilities are only in Microsoft products
March "In the Trend of VM" 25: once again, vulnerabilities are only in Microsoft products. I present the traditional monthly roundup of trending vulnerabilities according to Positive Technologies. As in February, it turned out to be quite compact and focused on a single vendor. š Post on Habr rus...
EUVD-2020-17282
Malware in sbrugna...
EUVD-2018-2581
Malware in sbrugna...
EUVD-2018-2586
Malware in sbrugna...
EUVD-2020-17278
Malware in sbrugna...
EUVD-2023-45696
Malicious code in bioql PyPI...
EUVD-2025-18528
Malicious code in bioql PyPI...
EUVD-2023-31730
Malicious code in bioql PyPI...
CVE-2025-54948
A vulnerability in Trend Micro Apex One on-premise management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations...
CVE-2025-49155
CVE-2025-49155 involves an uncontrolled search path vulnerability in the Trend Micro Apex One Data Loss Prevention module, enabling arbitrary code execution on affected installations. Affected software: Trend Micro Apex One Data Loss Prevention (module specified; no exact versions given in source...
CVE-2025-49155
An uncontrolled search path vulnerability in the Trend Micro Apex One Data Loss Prevention module could allow an attacker to inject malicious code leading to arbitrary code execution on affected installations...
CVE-2025-49220
An insecure deserialization operation in Trend Micro Apex Central below version 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49219 but is in a different method...
CVE-2022-40144
A vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service could allow an attacker to bypass the product's login authentication by falsifying request parameters on affected installations...
CVE-2022-40980
A potential unathenticated file deletion vulnerabilty on Trend Micro Mobile Security for Enterprise 9.8 SP5 could allow an attacker with access to the Management Server to delete files. This issue was resolved in 9.8 SP5 Critical Patch 2...
CVE-2022-40141
A vulnerability in Trend Micro Apex One and Apex One as a Service could allow an attacker to intercept and decode certain communication strings that may contain some identification attributes of a particular Apex One server...
CVE-2021-36745
A vulnerability in Trend Micro ServerProtect for Storage 6.0, ServerProtect for EMC Celerra 5.8, ServerProtect for Network Appliance Filers 5.8, and ServerProtect for Microsoft Windows / Novell Netware 5.8 could allow a remote attacker to bypass authentication on affected installations...
CVE-2020-8604
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to disclose sensitive informatoin on affected installations...
CVE-2020-28572
A vulnerability in Trend Micro Apex One could allow an unprivileged user to abuse the product installer to reinstall the agent with additional malicious code in the context of a higher privilege...
CVE-2020-27696
Trend Micro Security 2020 Consumer contains a vulnerability in the installer package that could be exploited by placing a specific Windows system directory which can lead to obtaining administrative privileges during the installation of the product...
CVE-2019-14684
A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process. This process is very similar, yet not identical to CVE-2019-14687...