Lucene search

K

Trendmicro Security Vulnerabilities

cve
cve

CVE-2010-5179

Race condition in Trend Micro Internet Security Pro 2010 17.50.1647.0000 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory....

6.9AI Score

0.0004EPSS

2022-10-03 04:21 PM
21
4
cve
cve

CVE-2022-40710

A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target...

7.8CVSS

7.7AI Score

0.0004EPSS

2022-09-28 09:15 PM
23
7
cve
cve

CVE-2022-40708

An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on....

3.3CVSS

3.7AI Score

0.0004EPSS

2022-09-28 09:15 PM
28
6
cve
cve

CVE-2022-40709

An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on....

3.3CVSS

3.7AI Score

0.0004EPSS

2022-09-28 09:15 PM
28
7
cve
cve

CVE-2022-40707

An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on....

3.3CVSS

3.7AI Score

0.0004EPSS

2022-09-28 09:15 PM
29
8
cve
cve

CVE-2008-2433

The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business Security 5.0, and Client/Server/Messaging Suite 3.5 and 3.6 creates a random session token based only on the login time, which makes it easier for remote attackers to hijack sessions via brute-force attacks. ....

9.8CVSS

9.7AI Score

0.109EPSS

2008-08-27 08:41 PM
34
cve
cve

CVE-2006-1380

ISNTSmtp directory in Trend Micro InterScan Messaging Security Suite (IMSS) 5.5 build 1183 and possibly other versions before 5.7.0.1121, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying...

6.7AI Score

0.0004EPSS

2006-03-24 11:02 AM
25
cve
cve

CVE-2024-23940

Trend Micro uiAirSupport, included in the Trend Micro Security 2023 family of consumer products, version 6.0.2092 and below is vulnerable to a DLL hijacking/proxying vulnerability, which if exploited could allow an attacker to impersonate and modify a library to execute code on the system and...

7.8CVSS

7.8AI Score

0.001EPSS

2024-01-29 07:15 PM
14
cve
cve

CVE-2023-52338

A link following vulnerability in the Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code....

7.8CVSS

7.7AI Score

0.0004EPSS

2024-01-23 09:15 PM
17
cve
cve

CVE-2023-52337

An improper access control vulnerability in Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute...

7.8CVSS

7.7AI Score

0.0004EPSS

2024-01-23 09:15 PM
15
cve
cve

CVE-2023-52331

A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to...

7.1CVSS

7AI Score

0.001EPSS

2024-01-23 09:15 PM
13
cve
cve

CVE-2023-52325

A local file inclusion vulnerability in one of Trend Micro Apex Central's widgets could allow a remote attacker to execute arbitrary code on affected installations. Please note: this vulnerability must be used in conjunction with another one to exploit an affected system. In addition, an attacker.....

7.5CVSS

7.6AI Score

0.006EPSS

2024-01-23 09:15 PM
14
cve
cve

CVE-2023-52324

An unrestricted file upload vulnerability in Trend Micro Apex Central could allow a remote attacker to create arbitrary files on affected installations. Please note: although authentication is required to exploit this vulnerability, this vulnerability could be exploited when the attacker has any...

8.8CVSS

9AI Score

0.003EPSS

2024-01-23 09:15 PM
17
cve
cve

CVE-2023-52330

A cross-site scripting vulnerability in Trend Micro Apex Central could allow a remote attacker to execute arbitrary code on affected installations of Trend Micro Apex Central. Please note: user interaction is required to exploit this vulnerability in that the target must visit a malicious page or.....

6.1CVSS

6.2AI Score

0.001EPSS

2024-01-23 09:15 PM
16
cve
cve

CVE-2023-38625

A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the.....

5.4CVSS

5.5AI Score

0.001EPSS

2024-01-23 09:15 PM
14
cve
cve

CVE-2023-52329

Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to...

6.1CVSS

6.3AI Score

0.001EPSS

2024-01-23 09:15 PM
16
cve
cve

CVE-2023-38626

A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the.....

5.4CVSS

5.4AI Score

0.001EPSS

2024-01-23 09:15 PM
15
cve
cve

CVE-2023-52328

Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to...

6.1CVSS

6.3AI Score

0.001EPSS

2024-01-23 09:15 PM
16
cve
cve

CVE-2023-38624

A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the.....

5.4CVSS

5.4AI Score

0.001EPSS

2024-01-23 09:15 PM
20
cve
cve

CVE-2023-38627

A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the.....

5.4CVSS

5.5AI Score

0.001EPSS

2024-01-23 09:15 PM
15
cve
cve

CVE-2023-52327

Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to...

6.1CVSS

6.3AI Score

0.001EPSS

2024-01-23 09:15 PM
13
cve
cve

CVE-2023-52326

Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to...

6.1CVSS

6.3AI Score

0.001EPSS

2024-01-23 09:15 PM
17
cve
cve

CVE-2023-41176

Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to,...

6.1CVSS

5.9AI Score

0.001EPSS

2024-01-23 09:15 PM
14
cve
cve

CVE-2023-41177

Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to,...

6.1CVSS

5.9AI Score

0.001EPSS

2024-01-23 09:15 PM
16
cve
cve

CVE-2023-41178

Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to,...

6.1CVSS

5.9AI Score

0.001EPSS

2024-01-23 09:15 PM
15
cve
cve

CVE-2023-47195

An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

7.8CVSS

7.6AI Score

0.0004EPSS

2024-01-23 09:15 PM
10
cve
cve

CVE-2023-52094

An updater link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to abuse the updater to delete an arbitrary folder, leading for a local privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute...

7.8CVSS

7.8AI Score

0.0004EPSS

2024-01-23 09:15 PM
11
cve
cve

CVE-2023-47197

An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

7.8CVSS

7.6AI Score

0.0004EPSS

2024-01-23 09:15 PM
12
cve
cve

CVE-2023-47193

An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

7.8CVSS

7.6AI Score

0.0004EPSS

2024-01-23 09:15 PM
12
cve
cve

CVE-2023-47200

A plug-in manager origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit....

7.8CVSS

7.6AI Score

0.0005EPSS

2024-01-23 09:15 PM
14
cve
cve

CVE-2023-47198

An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

7.8CVSS

7.6AI Score

0.0004EPSS

2024-01-23 09:15 PM
15
cve
cve

CVE-2023-47194

An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

7.8CVSS

7.6AI Score

0.0004EPSS

2024-01-23 09:15 PM
16
cve
cve

CVE-2023-47199

An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

7.8CVSS

7.6AI Score

0.0004EPSS

2024-01-23 09:15 PM
10
cve
cve

CVE-2023-47196

An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

7.8CVSS

7.6AI Score

0.0004EPSS

2024-01-23 09:15 PM
11
cve
cve

CVE-2023-47192

An agent link vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

7.8CVSS

7.7AI Score

0.0004EPSS

2024-01-23 09:15 PM
11
cve
cve

CVE-2023-52093

An exposed dangerous function vulnerability in the Trend Micro Apex One agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

7.8CVSS

7.7AI Score

0.0005EPSS

2024-01-23 09:15 PM
12
cve
cve

CVE-2023-47202

A local file inclusion vulnerability on the Trend Micro Apex One management server could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

7.8CVSS

7.7AI Score

0.0004EPSS

2024-01-23 09:15 PM
14
cve
cve

CVE-2023-47201

A plug-in manager origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit....

7.8CVSS

7.6AI Score

0.0005EPSS

2024-01-23 09:15 PM
12
cve
cve

CVE-2023-52092

A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

7.8CVSS

7.7AI Score

0.0004EPSS

2024-01-23 09:15 PM
15
cve
cve

CVE-2023-52090

A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

7.8CVSS

7.7AI Score

0.0004EPSS

2024-01-23 09:15 PM
16
cve
cve

CVE-2023-52091

An anti-spyware engine link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

7.8CVSS

7.7AI Score

0.0004EPSS

2024-01-23 09:15 PM
9
cve
cve

CVE-2021-36741

An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the...

8.8CVSS

8.5AI Score

0.032EPSS

2021-07-29 08:15 PM
917
In Wild
8
cve
cve

CVE-2019-14687

A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process. This process is very similar, yet not identical to...

7.8CVSS

7.5AI Score

0.001EPSS

2019-08-20 02:15 PM
26
cve
cve

CVE-2023-0587

A file upload vulnerability in exists in Trend Micro Apex One server build 11110. Using a malformed Content-Length header in an HTTP PUT message sent to URL /officescan/console/html/cgi/fcgiOfcDDA.exe, an unauthenticated remote attacker can upload arbitrary files to the SampleSubmission directory.....

9.1CVSS

9.3AI Score

0.002EPSS

2023-02-01 03:15 AM
158
cve
cve

CVE-2019-9491

Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when...

7.8CVSS

7.8AI Score

0.061EPSS

2019-10-21 07:15 PM
108
cve
cve

CVE-2022-44652

An improper handling of exceptional conditions vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system...

7.8CVSS

7.7AI Score

0.0004EPSS

2022-12-12 01:15 PM
23
cve
cve

CVE-2022-44651

A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order...

7CVSS

7AI Score

0.0004EPSS

2022-12-12 01:15 PM
29
cve
cve

CVE-2022-44653

A security agent directory traversal vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to....

7.8CVSS

7.8AI Score

0.0005EPSS

2022-12-12 01:15 PM
22
cve
cve

CVE-2022-40144

A vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service could allow an attacker to bypass the product's login authentication by falsifying request parameters on affected...

9.8CVSS

9.4AI Score

0.002EPSS

2022-09-19 06:15 PM
46
4
cve
cve

CVE-2023-25069

TXOne StellarOne has an improper access control privilege escalation vulnerability in every version before V2.0.1160 that could allow a malicious, falsely authenticated user to escalate his privileges to administrator level. With these privileges, an attacker could perform actions they are not...

8.8CVSS

8.8AI Score

0.001EPSS

2023-03-22 06:15 AM
13
Total number of security vulnerabilities485