Skip to main content

Trend Micro

478 CVEs product

Monthly

CVE-2021-42012 HIGH PATCH This Week

A stack-based buffer overflow vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Trend Micro Apex One Worry Free Business Security +1
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-42011 HIGH PATCH This Week

An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Trend Micro Apex One
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-23139 HIGH PATCH This Week

A null pointer vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an attacker to crash the CGI program on affected installations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Trend Micro Apex One Worry Free Business Security +1
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-3848 MEDIUM PATCH This Month

An arbitrary file creation by privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1, and Worry-Free Business Security Services could. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Privilege Escalation Trend Micro Apex One Worry Free Business Security
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-36745 CRITICAL PATCH Act Now

A vulnerability in Trend Micro ServerProtect for Storage 6.0, ServerProtect for EMC Celerra 5.8, ServerProtect for Network Appliance Filers 5.8, and ServerProtect for Microsoft Windows / Novell. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Trend Micro Authentication Bypass Serverprotect
NVD
CVSS 3.1
9.8
EPSS
9.0%
CVE-2021-32466 HIGH PATCH This Week

An uncontrolled search path element privilege escalation vulnerability in Trend Micro HouseCall for Home Networks version 5.3.1225 and below could allow an attacker to escalate privileges by placing. Rated high severity (CVSS 7.0).

Privilege Escalation Trend Micro Housecall For Home Networks
NVD
CVSS 3.1
7.0
EPSS
0.5%
CVE-2021-36744 HIGH PATCH This Week

Trend Micro Security (Consumer) 2021 and 2020 are vulnerable to a directory junction vulnerability which could allow an attacker to exploit the system to escalate privileges and create a denial of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Trend Micro Maximum Security 2019 Maximum Security 2020 Maximum Security 2021 +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-32465 HIGH This Week

An incorrect permission preservation vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a remote user to perform an attack and bypass authentication on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Trend Micro Authentication Bypass Apex One Officescan
NVD
CVSS 3.1
8.8
EPSS
4.3%
CVE-2021-32464 HIGH This Week

An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security Services could allow an attacker to modify a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Apex One Officescan
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-36742 HIGH KEV THREAT This Week

A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Officescan Officescan Business Security Apex One +1
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2021-36741 HIGH KEV THREAT This Week

An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Trend Micro File Upload Officescan Officescan Business Security Apex One +1
NVD
CVSS 3.1
8.8
EPSS
5.0%
CVE-2021-32463 HIGH PATCH This Week

An incorrect permission assignment denial-of-service vulnerability in Trend Micro Apex One, Apex One as a Service (SaaS), Worry-Free Business Security 10.0 SP1 and Worry-Free Servgices could allow a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Trend Micro Apex One Worry Free Business Security
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-32462 HIGH This Week

Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Exposed Hazardous Function Remote Code Execution vulnerability which could allow an unprivileged client to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Trend Micro Password Manager
NVD
CVSS 3.1
8.8
EPSS
5.2%
CVE-2021-32461 HIGH This Week

Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Integer Truncation Privilege Escalation vulnerability which could allow a local attacker to trigger a buffer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Trend Micro Password Manager
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-31521 MEDIUM PATCH This Month

Trend Micro InterScan Web Security Virtual Appliance version 6.5 was found to have a reflected cross-site scripting (XSS) vulnerability in the product's Captive Portal. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Trend Micro Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
5.4
EPSS
1.4%
CVE-2021-32460 HIGH This Week

The Trend Micro Maximum Security 2021 (v17) consumer product is vulnerable to an improper access control vulnerability in the installer which could allow a local attacker to escalate privileges on a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Maximum Security 2021
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-32459 MEDIUM This Month

Trend Micro Home Network Security version 6.6.604 and earlier contains a hard-coded password vulnerability in the log collection server which could allow an attacker to use a specially crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Trend Micro Authentication Bypass Home Network Security
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-32458 HIGH This Week

Trend Micro Home Network Security version 6.6.604 and earlier is vulnerable to an iotcl stack-based buffer overflow vulnerability which could allow an attacker to issue a specially crafted iotcl. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Trend Micro Home Network Security
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-32457 HIGH POC This Week

Trend Micro Home Network Security version 6.6.604 and earlier is vulnerable to an iotcl stack-based buffer overflow vulnerability which could allow an attacker to issue a specially crafted iotcl to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Trend Micro Home Network Security
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-31519 HIGH This Week

An incorrect permission vulnerability in the product installer folders for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation Trend Micro Housecall For Home Networks
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2021-28649 HIGH This Week

An incorrect permission vulnerability in the product installer for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation Trend Micro Housecall For Home Networks
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2021-31520 HIGH PATCH This Week

A weak session token authentication bypass vulnerability in Trend Micro IM Security 1.6 and 1.6.5 could allow an remote attacker to guess currently logged-in administrators' session session token in. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Trend Micro Authentication Bypass Im Security
NVD
CVSS 3.1
8.1
EPSS
3.9%
CVE-2021-31518 HIGH This Week

Trend Micro Home Network Security 6.5.599 and earlier is vulnerable to a file-parsing vulnerability which could allow an attacker to exploit the vulnerability and cause a denial-of-service to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Home Network Security
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-31517 HIGH This Week

Trend Micro Home Network Security 6.5.599 and earlier is vulnerable to a file-parsing vulnerability which could allow an attacker to exploit the vulnerability and cause a denial-of-service to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Home Network Security
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-28648 HIGH PATCH This Week

Trend Micro Antivirus for Mac 2020 v10.5 and 2021 v11 (Consumer) is vulnerable to an improper access control privilege escalation vulnerability that could allow an attacker to establish a connection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Trend Micro Antivirus
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-28647 HIGH This Week

Trend Micro Password Manager version 5 (Consumer) is vulnerable to a DLL Hijacking vulnerability which could allow an attacker to inject a malicious DLL file during the installation progress and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Trend Micro Code Injection Password Manager
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-28646 MEDIUM This Month

An insecure file permissions vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to take control of a specific log file on affected. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One Officescan
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-28645 HIGH This Week

An incorrect permission assignment vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Apex One Officescan
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-25253 HIGH This Week

An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a resource used by the service could allow a local attacker to escalate. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Apex One Officescan
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2021-25250 HIGH This Week

An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a sensitive file could allow a local attacker to escalate privileges on. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One Officescan
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-25252 MEDIUM PATCH This Month

Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Trend Micro Apex Central Apex One Cloud Edge +16
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-25251 HIGH This Week

The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program's password protection and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Trend Micro Code Injection Antivirus Security 2020 Antivirus Security 2021 +6
NVD
CVSS 3.1
7.2
EPSS
2.5%
CVE-2021-25249 HIGH PATCH This Week

An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow a local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Memory Corruption Trend Micro Information Disclosure Apex One +2
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-25248 MEDIUM PATCH This Month

An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Trend Micro Information Disclosure Apex One Officescan +1
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-25246 MEDIUM PATCH This Month

An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security could allow an unauthenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One Officescan Worry Free Business Security
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2021-25243 MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain patch. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One Officescan Worry Free Business Security
NVD
CVSS 3.1
5.3
EPSS
2.2%
CVE-2021-25242 MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain version. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One Officescan Worry Free Business Security
NVD
CVSS 3.1
5.3
EPSS
2.2%
CVE-2021-25241 MEDIUM PATCH This Month

A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro SSRF Information Disclosure Apex One Worry Free Business Security
NVD
CVSS 3.1
5.3
EPSS
1.9%
CVE-2021-25240 MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain x64. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One Officescan Worry Free Business Security
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2021-25239 MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One Officescan Worry Free Business Security
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2021-25238 MEDIUM PATCH This Month

An improper access control information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Officescan Worry Free Business Security
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2021-25237 MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem) could allow an unauthenticated user to obtain information about the managing port used by agents. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2021-25236 MEDIUM PATCH This Month

A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro SSRF Information Disclosure Officescan Worry Free Business Security
NVD
CVSS 3.1
5.3
EPSS
1.9%
CVE-2021-25235 MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about a content inspection. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One Officescan
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2021-25234 MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One Officescan Worry Free Business Security
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2021-25233 MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One Officescan Worry Free Business Security
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2021-25232 MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the SQL database. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One Officescan
NVD
CVSS 3.1
5.3
EPSS
2.0%
CVE-2021-25231 MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One Officescan Worry Free Business Security
NVD
CVSS 3.1
5.3
EPSS
2.2%
CVE-2021-25230 MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the contents of a scan. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One Officescan
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2021-25229 MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the database server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One Officescan
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2021-25228 MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One Officescan Worry Free Business Security
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2021-25227 LOW PATCH Monitor

Trend Micro Antivirus for Mac 2021 (Consumer) is vulnerable to a memory exhaustion vulnerability that could lead to disabling all the scanning functionality within the application. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Trend Micro Antivirus
NVD
CVSS 3.1
3.3
EPSS
0.5%
CVE-2021-25247 HIGH This Week

A DLL hijacking vulnerability Trend Micro HouseCall for Home Networks version 5.3.1063 and below could allow an attacker to use a malicious DLL to escalate privileges and perform arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Trend Micro Housecall For Home Networks
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-25226 MEDIUM PATCH This Month

A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Trend Micro Serverprotect
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-25225 MEDIUM PATCH This Month

A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Trend Micro Serverprotect
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-25224 MEDIUM PATCH This Month

A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Trend Micro Serverprotect
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-8466 CRITICAL POC THREAT Act Now

A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Command Injection Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
9.8
EPSS
63.7%
CVE-2020-8465 CRITICAL POC Act Now

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro CSRF Authentication Bypass Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-8464 HIGH POC This Week

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro SSRF Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
7.5
EPSS
6.3%
CVE-2020-8463 HIGH POC This Week

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to bypass a global authorization check for anonymous users by manipulating request paths. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Path Traversal Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
7.5
EPSS
5.9%
CVE-2020-8462 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Trend Micro Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
4.8
EPSS
1.1%
CVE-2020-8461 HIGH POC This Week

A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim's browser to send a specifically encoded request without. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro CSRF Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-27010 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product in a manner separate. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Trend Micro Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2020-28583 MEDIUM This Month

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One Officescan
NVD
CVSS 3.1
5.3
EPSS
3.2%
CVE-2020-28582 MEDIUM This Month

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One Officescan
NVD
CVSS 3.1
5.3
EPSS
3.2%
CVE-2020-28577 MEDIUM This Month

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One Officescan
NVD
CVSS 3.1
5.3
EPSS
3.2%
CVE-2020-28576 MEDIUM This Month

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One Officescan
NVD
CVSS 3.1
5.3
EPSS
3.2%
CVE-2020-28575 MEDIUM This Month

A heap-based buffer overflow privilege escalation vulnerability in Trend Micro ServerProtect for Linux 3.0 may allow an attacker to escalate privileges on affected installations. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Trend Micro Privilege Escalation Memory Corruption Serverprotect
NVD
CVSS 3.1
6.7
EPSS
0.7%
CVE-2020-28573 MEDIUM This Month

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal the total. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One Officescan
NVD
CVSS 3.1
5.3
EPSS
3.2%
CVE-2020-28581 HIGH POC THREAT This Week

A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Command Injection Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
7.2
EPSS
44.5%
CVE-2020-28580 HIGH POC THREAT This Week

A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Command Injection Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
7.2
EPSS
44.5%
CVE-2020-28579 HIGH POC THREAT This Week

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Trend Micro Memory Corruption Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
8.8
EPSS
49.3%
CVE-2020-28578 CRITICAL POC THREAT Act Now

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Trend Micro Memory Corruption Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
9.8
EPSS
72.3%
CVE-2020-28574 HIGH POC This Week

A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-Free Business Security 10 SP1 could allow an unauthenticated attacker to exploit the vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Path Traversal Worry Free Business Security
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2020-28572 HIGH This Week

A vulnerability in Trend Micro Apex One could allow an unprivileged user to abuse the product installer to reinstall the agent with additional malicious code in the context of a higher privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-27697 HIGH This Week

Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a non-protected location with high privileges (symlink. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Antivirus Security 2020 Internet Security 2020 Maximum Security 2020 +1
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-27696 HIGH This Week

Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a specific Windows system directory which can lead to obtaining. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Trend Micro Microsoft Information Disclosure Antivirus Security 2020 Internet Security 2020 +2
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-27695 HIGH This Week

Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a local directory which can lead to obtaining. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Antivirus Security 2020 Internet Security 2020 Maximum Security 2020 +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-27694 HIGH POC This Week

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 has updated a specific critical library that may vulnerable to attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Information Disclosure Interscan Messaging Security Virtual Appliance
NVD
CVSS 3.1
8.8
EPSS
7.3%
CVE-2020-27693 MEDIUM POC This Month

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 stores administrative passwords using a hash that is considered outdated. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Information Disclosure Interscan Messaging Security Virtual Appliance
NVD
CVSS 3.1
4.4
EPSS
1.8%
CVE-2020-27019 MEDIUM POC THREAT This Month

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an information disclosure vulnerability which could allow an attacker to access a specific database and key. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Authentication Bypass Information Disclosure Interscan Messaging Security Virtual Appliance
NVD
CVSS 3.1
5.5
EPSS
17.9%
CVE-2020-27018 MEDIUM POC This Month

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a server side request forgery vulnerability which could allow an authenticated attacker to abuse the product's. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro SSRF Interscan Messaging Security Virtual Appliance
NVD
CVSS 3.1
5.5
EPSS
3.5%
CVE-2020-27017 MEDIUM POC This Month

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an XML External Entity Processing (XXE) vulnerability which could allow an authenticated administrator to read. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro XXE Interscan Messaging Security Virtual Appliance
NVD
CVSS 3.1
4.9
EPSS
6.4%
CVE-2020-27016 HIGH POC This Week

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a cross-site request forgery (CSRF) vulnerability which could allow an attacker to modify policy rules by. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro CSRF Interscan Messaging Security Virtual Appliance
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-27015 MEDIUM This Month

Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Antivirus
NVD
CVSS 3.1
4.4
EPSS
0.9%
CVE-2020-27014 MEDIUM This Month

Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel. Rated medium severity (CVSS 6.4). No vendor patch available.

Trend Micro Denial Of Service Antivirus
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2020-27013 MEDIUM This Month

Trend Micro Antivirus for Mac 2020 (Consumer) contains a vulnerability in the product that occurs when a webserver is started that implements an API with several properties that can be read and. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Antivirus
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2020-25778 MEDIUM PATCH This Month

Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in a specific kernel extension where an attacker could supply a kernel pointer and leak several bytes of memory. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Trend Micro Information Disclosure Antivirus
NVD
CVSS 3.1
6.0
EPSS
0.6%
CVE-2020-25777 MEDIUM PATCH This Month

Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a specific kernel extension request attack where an attacker could bypass the Web Threat Protection feature of the product. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Authentication Bypass Antivirus
NVD
CVSS 3.1
5.4
EPSS
1.3%
CVE-2020-25779 LOW PATCH Monitor

Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in which a Internationalized Domain Name homograph attack (Puny-code) could be used to add a malicious website to the approved. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Trend Micro Authentication Bypass Antivirus
NVD
CVSS 3.1
3.3
EPSS
0.8%
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A stack-based buffer overflow vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Trend Micro +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Trend Micro Apex One
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A null pointer vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an attacker to crash the CGI program on affected installations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Trend Micro +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An arbitrary file creation by privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1, and Worry-Free Business Security Services could. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Privilege Escalation Trend Micro Apex One +1
NVD
EPSS 9% CVSS 9.8
CRITICAL PATCH Act Now

A vulnerability in Trend Micro ServerProtect for Storage 6.0, ServerProtect for EMC Celerra 5.8, ServerProtect for Network Appliance Filers 5.8, and ServerProtect for Microsoft Windows / Novell. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Trend Micro Authentication Bypass +1
NVD
EPSS 1% CVSS 7.0
HIGH PATCH This Week

An uncontrolled search path element privilege escalation vulnerability in Trend Micro HouseCall for Home Networks version 5.3.1225 and below could allow an attacker to escalate privileges by placing. Rated high severity (CVSS 7.0).

Privilege Escalation Trend Micro Housecall For Home Networks
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Trend Micro Security (Consumer) 2021 and 2020 are vulnerable to a directory junction vulnerability which could allow an attacker to exploit the system to escalate privileges and create a denial of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Trend Micro Maximum Security 2019 +3
NVD
EPSS 4% CVSS 8.8
HIGH This Week

An incorrect permission preservation vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a remote user to perform an attack and bypass authentication on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Trend Micro Authentication Bypass Apex One +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security Services could allow an attacker to modify a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Apex One +1
NVD
EPSS 1% CVSS 7.8
HIGH KEV THREAT This Week

A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Officescan +3
NVD
EPSS 5% CVSS 8.8
HIGH KEV THREAT This Week

An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Trend Micro File Upload Officescan +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An incorrect permission assignment denial-of-service vulnerability in Trend Micro Apex One, Apex One as a Service (SaaS), Worry-Free Business Security 10.0 SP1 and Worry-Free Servgices could allow a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Trend Micro Apex One +1
NVD
EPSS 5% CVSS 8.8
HIGH This Week

Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Exposed Hazardous Function Remote Code Execution vulnerability which could allow an unprivileged client to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Trend Micro Password Manager
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Integer Truncation Privilege Escalation vulnerability which could allow a local attacker to trigger a buffer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Trend Micro +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Trend Micro InterScan Web Security Virtual Appliance version 6.5 was found to have a reflected cross-site scripting (XSS) vulnerability in the product's Captive Portal. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Trend Micro Interscan Web Security Virtual Appliance
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The Trend Micro Maximum Security 2021 (v17) consumer product is vulnerable to an improper access control vulnerability in the installer which could allow a local attacker to escalate privileges on a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Maximum Security 2021
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Trend Micro Home Network Security version 6.6.604 and earlier contains a hard-coded password vulnerability in the log collection server which could allow an attacker to use a specially crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Trend Micro Authentication Bypass Home Network Security
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Trend Micro Home Network Security version 6.6.604 and earlier is vulnerable to an iotcl stack-based buffer overflow vulnerability which could allow an attacker to issue a specially crafted iotcl. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption +2
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

Trend Micro Home Network Security version 6.6.604 and earlier is vulnerable to an iotcl stack-based buffer overflow vulnerability which could allow an attacker to issue a specially crafted iotcl to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Trend Micro +1
NVD
EPSS 0% CVSS 7.3
HIGH This Week

An incorrect permission vulnerability in the product installer folders for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation Trend Micro +1
NVD
EPSS 0% CVSS 7.3
HIGH This Week

An incorrect permission vulnerability in the product installer for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation Trend Micro +1
NVD
EPSS 4% CVSS 8.1
HIGH PATCH This Week

A weak session token authentication bypass vulnerability in Trend Micro IM Security 1.6 and 1.6.5 could allow an remote attacker to guess currently logged-in administrators' session session token in. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Trend Micro Authentication Bypass Im Security
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Trend Micro Home Network Security 6.5.599 and earlier is vulnerable to a file-parsing vulnerability which could allow an attacker to exploit the vulnerability and cause a denial-of-service to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Home Network Security
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Trend Micro Home Network Security 6.5.599 and earlier is vulnerable to a file-parsing vulnerability which could allow an attacker to exploit the vulnerability and cause a denial-of-service to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Home Network Security
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Trend Micro Antivirus for Mac 2020 v10.5 and 2021 v11 (Consumer) is vulnerable to an improper access control privilege escalation vulnerability that could allow an attacker to establish a connection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Trend Micro Antivirus
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Trend Micro Password Manager version 5 (Consumer) is vulnerable to a DLL Hijacking vulnerability which could allow an attacker to inject a malicious DLL file during the installation progress and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Trend Micro Code Injection Password Manager
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An insecure file permissions vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to take control of a specific log file on affected. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

An incorrect permission assignment vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Apex One +1
NVD
EPSS 2% CVSS 7.8
HIGH This Week

An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a resource used by the service could allow a local attacker to escalate. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Apex One +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a sensitive file could allow a local attacker to escalate privileges on. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One +1
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Trend Micro Apex Central +18
NVD
EPSS 2% CVSS 7.2
HIGH This Week

The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program's password protection and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Trend Micro Code Injection +8
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow a local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Memory Corruption Trend Micro +4
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Trend Micro Information Disclosure +3
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security could allow an unauthenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One +2
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain patch. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One +2
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain version. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One +2
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro SSRF Information Disclosure +2
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain x64. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One +2
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One +2
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

An improper access control information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Officescan +1
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem) could allow an unauthenticated user to obtain information about the managing port used by agents. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro SSRF Information Disclosure +2
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about a content inspection. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One +1
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One +2
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One +2
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the SQL database. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One +1
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One +2
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the contents of a scan. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One +1
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the database server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One +1
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One +2
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

Trend Micro Antivirus for Mac 2021 (Consumer) is vulnerable to a memory exhaustion vulnerability that could lead to disabling all the scanning functionality within the application. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Trend Micro Antivirus
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A DLL hijacking vulnerability Trend Micro HouseCall for Home Networks version 5.3.1063 and below could allow an attacker to use a malicious DLL to escalate privileges and perform arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Trend Micro Housecall For Home Networks
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Trend Micro Serverprotect
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Trend Micro Serverprotect
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Trend Micro Serverprotect
NVD
EPSS 64% CVSS 9.8
CRITICAL POC THREAT Act Now

A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Command Injection Interscan Web Security Virtual Appliance
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro CSRF Authentication Bypass +1
NVD
EPSS 6% CVSS 7.5
HIGH POC This Week

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro SSRF Interscan Web Security Virtual Appliance
NVD
EPSS 6% CVSS 7.5
HIGH POC This Week

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to bypass a global authorization check for anonymous users by manipulating request paths. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Path Traversal Interscan Web Security Virtual Appliance
NVD
EPSS 1% CVSS 4.8
MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Trend Micro Interscan Web Security Virtual Appliance
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim's browser to send a specifically encoded request without. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro CSRF Interscan Web Security Virtual Appliance
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product in a manner separate. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Trend Micro Interscan Web Security Virtual Appliance
NVD
EPSS 3% CVSS 5.3
MEDIUM This Month

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One +1
NVD
EPSS 3% CVSS 5.3
MEDIUM This Month

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One +1
NVD
EPSS 3% CVSS 5.3
MEDIUM This Month

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One +1
NVD
EPSS 3% CVSS 5.3
MEDIUM This Month

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One +1
NVD
EPSS 1% CVSS 6.7
MEDIUM This Month

A heap-based buffer overflow privilege escalation vulnerability in Trend Micro ServerProtect for Linux 3.0 may allow an attacker to escalate privileges on affected installations. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Trend Micro Privilege Escalation +2
NVD
EPSS 3% CVSS 5.3
MEDIUM This Month

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal the total. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One +1
NVD
EPSS 45% CVSS 7.2
HIGH POC THREAT This Week

A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Command Injection Interscan Web Security Virtual Appliance
NVD
EPSS 45% CVSS 7.2
HIGH POC THREAT This Week

A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Command Injection Interscan Web Security Virtual Appliance
NVD
EPSS 49% CVSS 8.8
HIGH POC THREAT This Week

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Trend Micro +2
NVD
EPSS 72% CVSS 9.8
CRITICAL POC THREAT Act Now

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Trend Micro +2
NVD
EPSS 3% CVSS 7.5
HIGH POC This Week

A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-Free Business Security 10 SP1 could allow an unauthenticated attacker to exploit the vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Path Traversal Worry Free Business Security
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability in Trend Micro Apex One could allow an unprivileged user to abuse the product installer to reinstall the agent with additional malicious code in the context of a higher privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a non-protected location with high privileges (symlink. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Antivirus Security 2020 +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a specific Windows system directory which can lead to obtaining. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Trend Micro Microsoft Information Disclosure +4
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a local directory which can lead to obtaining. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Antivirus Security 2020 +3
NVD
EPSS 7% CVSS 8.8
HIGH POC This Week

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 has updated a specific critical library that may vulnerable to attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Information Disclosure Interscan Messaging Security Virtual Appliance
NVD
EPSS 2% CVSS 4.4
MEDIUM POC This Month

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 stores administrative passwords using a hash that is considered outdated. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Information Disclosure Interscan Messaging Security Virtual Appliance
NVD
EPSS 18% CVSS 5.5
MEDIUM POC THREAT This Month

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an information disclosure vulnerability which could allow an attacker to access a specific database and key. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Authentication Bypass Information Disclosure +1
NVD
EPSS 3% CVSS 5.5
MEDIUM POC This Month

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a server side request forgery vulnerability which could allow an authenticated attacker to abuse the product's. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro SSRF Interscan Messaging Security Virtual Appliance
NVD
EPSS 6% CVSS 4.9
MEDIUM POC This Month

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an XML External Entity Processing (XXE) vulnerability which could allow an authenticated administrator to read. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro XXE Interscan Messaging Security Virtual Appliance
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a cross-site request forgery (CSRF) vulnerability which could allow an attacker to modify policy rules by. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro CSRF Interscan Messaging Security Virtual Appliance
NVD
EPSS 1% CVSS 4.4
MEDIUM This Month

Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Antivirus
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel. Rated medium severity (CVSS 6.4). No vendor patch available.

Trend Micro Denial Of Service Antivirus
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Trend Micro Antivirus for Mac 2020 (Consumer) contains a vulnerability in the product that occurs when a webserver is started that implements an API with several properties that can be read and. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Antivirus
NVD
EPSS 1% CVSS 6.0
MEDIUM PATCH This Month

Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in a specific kernel extension where an attacker could supply a kernel pointer and leak several bytes of memory. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Trend Micro Information Disclosure Antivirus
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a specific kernel extension request attack where an attacker could bypass the Web Threat Protection feature of the product. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Authentication Bypass Antivirus
NVD
EPSS 1% CVSS 3.3
LOW PATCH Monitor

Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in which a Internationalized Domain Name homograph attack (Puny-code) could be used to add a malicious website to the approved. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Trend Micro Authentication Bypass Antivirus
NVD
Prev Page 3 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy