Skip to main content

Trend Micro

478 CVEs product

Monthly

CVE-2020-25776 HIGH This Week

Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a symbolic link privilege escalation attack where an attacker could exploit a critical file on the system to escalate their privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Privilege Escalation Antivirus
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-25775 MEDIUM This Month

The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate. Rated medium severity (CVSS 6.3). No vendor patch available.

Race Condition Trend Micro Information Disclosure Antivirus 2020 Internet Security 2020 +2
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2020-25774 MEDIUM This Month

A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to trigger an out-of-bounds red information disclosure which would disclose sensitive information to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Trend Micro Information Disclosure Apex One
NVD
CVSS 3.1
4.3
EPSS
2.1%
CVE-2020-25773 HIGH This Week

A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to execute arbitrary code on affected products. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Trend Micro Apex One
NVD
CVSS 3.1
7.8
EPSS
2.4%
CVE-2020-25772 MEDIUM This Month

An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Trend Micro Information Disclosure Apex One
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2020-25771 MEDIUM This Month

An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Trend Micro Information Disclosure Apex One
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2020-25770 MEDIUM This Month

An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Trend Micro Information Disclosure Apex One
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2020-24565 MEDIUM This Month

An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Trend Micro Information Disclosure Apex One
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2020-24564 MEDIUM This Month

An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Trend Micro Information Disclosure Apex One
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2020-24563 HIGH This Week

A vulnerability in Trend Micro Apex One may allow a local attacker to manipulate the process of the security agent unload option (if configured), which then could be manipulated to gain a privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Trend Micro Privilege Escalation Authentication Bypass Apex One
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-24562 HIGH This Week

A vulnerability in Trend Micro OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Trend Micro Privilege Escalation Microsoft Officescan
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-24560 HIGH This Week

An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Antivirus 2019 Internet Security 2019 Maximum Security 2019 +2
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-15604 HIGH This Week

An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Antivirus 2019 Internet Security 2019 Maximum Security 2019 +2
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-24561 CRITICAL Act Now

A command injection vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow an attacker to execute arbitrary code on an affected system. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Trend Micro Command Injection Serverprotect
NVD
CVSS 3.1
9.1
EPSS
5.2%
CVE-2020-24559 HIGH This Week

A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load and run. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Trend Micro Apple Apex One Officescan +2
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-24558 HIGH This Week

A vulnerability in an Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services dll may allow an attacker to manipulate it to cause an out-of-bounds read. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Trend Micro Information Disclosure Apex One Worry Free Business Security +1
NVD
CVSS 3.1
7.1
EPSS
0.6%
CVE-2020-24557 HIGH KEV THREAT This Week

A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Privilege Escalation Microsoft Apex One Worry Free Business Security
NVD
CVSS 3.1
7.8
EPSS
2.6%
CVE-2020-24556 HIGH This Week

A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows may allow an attacker to create a hard. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Trend Micro Privilege Escalation Microsoft Apex One +2
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-8602 HIGH PATCH This Week

A vulnerability in the management consoles of Trend Micro Deep Security 10.0-12.0 and Trend Micro Vulnerability Protection 2.0 SP2 may allow an authenticated attacker with full control privileges to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE Trend Micro Deep Security Manager Vulnerability Protection
NVD
CVSS 3.1
7.2
EPSS
4.2%
CVE-2020-15605 HIGH PATCH This Week

If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Vulnerability Protection 2.0 SP2 could allow an unauthenticated attacker with prior knowledge of the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Trend Micro Authentication Bypass Deep Security Manager Vulnerability Protection
NVD
CVSS 3.1
8.1
EPSS
2.8%
CVE-2020-15601 HIGH PATCH This Week

If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Deep Security 10.x-12.x could allow an unauthenticated attacker with prior knowledge of the targeted. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Trend Micro Authentication Bypass Deep Security Manager Vulnerability Protection
NVD
CVSS 3.1
8.1
EPSS
2.8%
CVE-2020-8607 MEDIUM PATCH This Month

An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

RCE Trend Micro Antivirus Toolkit Apex One Deep Security +9
NVD
CVSS 3.1
6.7
EPSS
0.7%
CVE-2020-15603 HIGH This Week

An invalid memory read vulnerability in a Trend Micro Secuity 2020 (v16.0.0.1302 and below) consumer family of products' driver could allow an attacker to manipulate the specific driver to do a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Trend Micro Information Disclosure Antivirus 2020 Internet Security 2020 +2
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-15602 HIGH This Week

An untrusted search path remote code execution (RCE) vulnerability in the Trend Micro Secuity 2020 (v16.0.0.1146 and below) consumer family of products could allow an attacker to run arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Trend Micro Antivirus 2020 Internet Security 2020 Maximum Security 2020 +1
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2020-8606 CRITICAL POC PATCH THREAT Act Now

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authentication on affected installations of Trend Micro InterScan Web Security Virtual. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Trend Micro Authentication Bypass Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
9.8
EPSS
72.7%
CVE-2020-8605 HIGH POC PATCH THREAT Act Now

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to execute arbitrary code on affected installations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Trend Micro Command Injection Interscan Web Security Virtual Appliance
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
87.6%
CVE-2020-8604 HIGH POC PATCH THREAT Act Now

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to disclose sensitive informatoin on affected installations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Trend Micro Path Traversal Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
7.5
EPSS
89.7%
CVE-2020-8603 MEDIUM PATCH This Month

A cross-site scripting vulnerability (XSS) in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow a remote attacker to tamper with the web interface of affected installations. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Trend Micro Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
6.1
EPSS
2.0%
CVE-2020-8600 CRITICAL PATCH Act Now

Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected by a directory traversal vulnerability that could allow an attacker to manipulate a key file to bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Trend Micro Path Traversal Worry Free Business Security
NVD
CVSS 3.1
9.8
EPSS
4.2%
CVE-2020-8599 CRITICAL KEV PATCH THREAT Act Now

Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Authentication Bypass Apex One Officescan
NVD
CVSS 3.1
9.8
EPSS
11.6%
CVE-2020-8598 CRITICAL PATCH Act Now

Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

RCE Trend Micro Authentication Bypass Apex One Officescan +1
NVD
CVSS 3.1
9.8
EPSS
13.2%
CVE-2020-8470 HIGH PATCH This Week

Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One Officescan Worry Free Business Security
NVD
CVSS 3.1
7.5
EPSS
4.5%
CVE-2020-8467 HIGH KEV PATCH THREAT This Week

A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Trend Micro Apex One Officescan
NVD
CVSS 3.1
8.8
EPSS
10.8%
CVE-2020-8469 HIGH This Week

Trend Micro Password Manager for Windows version 5.0 is affected by a DLL hijacking vulnerability would could potentially allow an attacker privleged escalation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Trend Micro Privilege Escalation Microsoft Password Manager
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-8601 HIGH This Week

Trend Micro Vulnerability Protection 2.0 is affected by a vulnerability that could allow an attack to use the product installer to load other DLL files located in the same directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Vulnerability Protection
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-19695 HIGH This Week

A privilege escalation vulnerability in Trend Micro Antivirus for Mac 2019 (v9.0.1379 and below) could potentially allow an attacker to create a symbolic link to a target file and modify it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Antivirus
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2019-19693 HIGH This Week

The Trend Micro Security 2020 consumer family of products contains a vulnerability that could allow a local attacker to disclose sensitive information or to create a denial-of-service condition on. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Antivirus Security 2020 Internet Security 2020 Maximum Security 2020 +1
NVD
CVSS 3.1
7.1
EPSS
0.6%
CVE-2019-19692 MEDIUM This Month

Trend Micro Apex One (2019) is affected by a cross-site scripting (XSS) vulnerability on the product console. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Trend Micro Apex One
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-19691 MEDIUM This Month

A vulnerability in Trend Micro Apex One and OfficeScan XG could allow an attacker to expose a masked credential key by manipulating page elements using development tools. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One Officescan
NVD
CVSS 3.1
4.9
EPSS
1.2%
CVE-2019-19690 CRITICAL Act Now

Trend Micro Mobile Security for Android (Consumer) versions 10.3.1 and below on Android 8.0+ has an issue in which an attacker could bypass the product's App Password Protection feature. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Brute Force Trend Micro Google Mobile Security
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-19689 HIGH This Week

Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited via a DLL Hijack related to a vulnerability on the packer that the program uses. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Housecall For Home Networks
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2019-19688 HIGH This Week

A privilege escalation vulnerability in Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited allowing an attacker to place a malicious DLL file into the application. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Housecall For Home Networks
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2019-18191 HIGH This Week

A privilege escalation vulnerability in the Trend Micro Deep Security as a Service Quick Setup cloud formation template could allow an authenticated entity with certain unrestricted AWS execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Deep Security As A Service
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2019-18190 CRITICAL Act Now

Trend Micro Security (Consumer) 2020 (v16.x) is affected by a vulnerability in where null pointer dereference errors result in the crash of application, which could potentially lead to possible. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Trend Micro RCE Antivirus Security 2020 +3
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-15628 HIGH This Week

Trend Micro Security (Consumer) 2020 (v16.0.1221 and below) is affected by a DLL hijacking vulnerability that could allow an attacker to use a specific service as an execution and/or persistence. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Antivirus Security 2020 Internet Security 2020 Maximum Security 2020 +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-15629 HIGH This Week

Trend Micro Password Manager versions 3.x, 5.0, and 5.1 for Android is affected by a FLAG_MISUSE vulnerability that could be exploited to allow the application to share information to third-party. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Trend Micro Information Disclosure Password Manager
NVD
CVSS 3.1
7.5
EPSS
2.9%
CVE-2019-18189 CRITICAL Act Now

A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Trend Micro Apex One Officescan Worry Free Business Security
NVD
CVSS 3.1
9.8
EPSS
4.5%
CVE-2019-18188 HIGH This Week

Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Trend Micro Command Injection Apex One
NVD
CVSS 3.1
7.5
EPSS
4.7%
CVE-2019-18187 HIGH KEV THREAT This Week

Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Trend Micro RCE Officescan
NVD
CVSS 3.1
7.5
EPSS
25.1%
CVE-2019-9491 HIGH POC THREAT This Week

Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro RCE Anti Threat Toolkit
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
12.9%
CVE-2019-15627 HIGH POC This Week

Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security Agent are vulnerable to an arbitrary file delete attack, which may lead to availability impact. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Microsoft Information Disclosure Deep Security
NVD Exploit-DB
CVSS 3.1
7.1
EPSS
1.3%
CVE-2019-9488 MEDIUM PATCH This Month

Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Protection (2.0) are vulnerable to a XML External Entity Attack. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Trend Micro Deep Security Manager Vulnerability Protection
NVD
CVSS 3.1
4.9
EPSS
1.2%
CVE-2019-14686 HIGH This Week

A DLL hijacking vulnerability exists in the Trend Micro Security's 2019 consumer family of products (v15) Folder Shield component and the standalone Trend Micro Ransom Buster (1.0) tool in which, if. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Antivirus Security 2019 Internet Security 2019 Maximum Security 2019 +2
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-14685 HIGH This Week

A local privilege escalation vulnerability exists in Trend Micro Security 2019 (v15.0) in which, if exploited, would allow an attacker to manipulate a specific product feature to load a malicious. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Antivirus Security 2019 Internet Security 2019 Maximum Security 2019 +1
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2019-14687 HIGH This Week

A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Password Manager
NVD
CVSS 3.0
7.8
EPSS
1.6%
CVE-2019-14684 HIGH POC This Week

A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Information Disclosure Password Manager
NVD
CVSS 3.0
7.8
EPSS
1.5%
CVE-2019-9492 HIGH PATCH This Week

A DLL side-loading vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow an authenticated attacker to gain code execution and terminate the product's process - disabling endpoint. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Trend Micro RCE Officescan
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2019-9490 HIGH This Week

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance version 6.5 SP2 could allow an non-authorized user to disclose administrative credentials. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Interscan Web Security Virtual Appliance
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2019-6541 HIGH PATCH This Week

A memory corruption vulnerability has been identified in WECON LeviStudioU version 1.8.56 and prior, which may allow arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Trend Micro RCE Levistudiou
NVD
CVSS 3.1
7.8
EPSS
1.6%
CVE-2019-6539 HIGH PATCH This Week

Several heap-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior have been identified, which may allow arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Heap Overflow Trend Micro RCE Levistudiou
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2019-6537 HIGH PATCH This Week

Multiple stack-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior may be exploited when parsing strings within project files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Trend Micro Stack Overflow Levistudiou
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2018-18332 HIGH This Week

A Trend Micro OfficeScan XG weak file permissions vulnerability may allow an attacker to potentially manipulate permissions on some key files to modify other files and folders on vulnerable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Officescan
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-18331 HIGH PATCH This Week

A Trend Micro OfficeScan XG weak file permissions vulnerability on a particular folder for a particular group may allow an attacker to alter the files, which could lead to other exploits on. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Trend Micro Information Disclosure Officescan
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-18330 MEDIUM This Month

An Address Bar Spoofing vulnerability in Trend Micro Dr. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Trend Micro Information Disclosure Dr Safety
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-18329 HIGH This Week

A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Null Pointer Dereference Denial Of Service Trend Micro Antivirus For Mac 2017 +2
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2018-18328 HIGH This Week

A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Null Pointer Dereference Denial Of Service Trend Micro Antivirus For Mac 2017 +2
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2018-18327 HIGH This Week

A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Null Pointer Dereference Denial Of Service Trend Micro Antivirus For Mac 2017 +2
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2018-15367 HIGH This Week

A ctl_set KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Null Pointer Dereference Denial Of Service Trend Micro Antivirus For Mac 2017 +2
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2018-15366 HIGH This Week

A UrlfWTPPagePtr KERedirect Use-After-Free Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Use After Free Trend Micro Antivirus For Mac 2017 +2
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-15365 MEDIUM POC This Month

A Reflected Cross-Site Scripting (XSS) vulnerability in Trend Micro Deep Discovery Inspector 3.85 and below could allow an attacker to bypass CSRF protection and conduct an attack on vulnerable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro XSS CSRF Deep Discovery Inspector
NVD GitHub
CVSS 3.0
5.4
EPSS
0.8%
CVE-2018-15364 MEDIUM This Month

A Named Pipe Request Processing Out-of-Bounds Read Information Disclosure vulnerability in Trend Micro OfficeScan XG (12.0) could allow a local attacker to disclose sensitive information on. Rated medium severity (CVSS 4.7). No vendor patch available.

Trend Micro Information Disclosure Buffer Overflow Officescan Xg
NVD
CVSS 3.0
4.7
EPSS
2.1%
CVE-2018-15363 HIGH This Week

An Out-of-Bounds Read Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Information Disclosure Buffer Overflow Antivirus Security +3
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-10514 HIGH This Week

A Missing Impersonation Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Antivirus Security Internet Security Maximum Security +1
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-10513 HIGH This Week

A Deserialization of Untrusted Data Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Deserialization Antivirus Security Internet Security +2
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2018-10512 HIGH PATCH This Week

A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to manipulate a reverse proxy .dll on vulnerable installations, which may lead to a denial of server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Control Manager
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-10511 CRITICAL PATCH Act Now

A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request forgery (SSRF) attack on vulnerable installations. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro SSRF Control Manager
NVD
CVSS 3.1
10.0
EPSS
2.7%
CVE-2018-10510 CRITICAL PATCH Act Now

A Directory Traversal Remote Code Execution vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to execute arbitrary code on vulnerable installations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Trend Micro RCE Path Traversal Control Manager
NVD
CVSS 3.0
9.8
EPSS
6.5%
CVE-2018-3608 CRITICAL Act Now

A vulnerability in Trend Micro Maximum Security's (Consumer) 2018 (versions 12.0.1191 and below) User-Mode Hooking (UMH) driver could allow an attacker to create a specially crafted packet that could. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Trend Micro RCE Antivirus Security Internet Security +4
NVD
CVSS 3.0
9.8
EPSS
3.4%
CVE-2018-10509 HIGH This Week

A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to exploit it via a Browser Refresh attack on vulnerable installations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Officescan
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-10508 HIGH PATCH This Week

A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to use a specially crafted URL to elevate account permissions on vulnerable installations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Trend Micro Information Disclosure Officescan
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-10507 MEDIUM POC PATCH This Month

A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to take a series of steps to bypass or render the OfficeScan Unauthorized Change Prevention inoperable on vulnerable. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Trend Micro Officescan
NVD Exploit-DB
CVSS 3.0
4.4
EPSS
1.4%
CVE-2018-10506 MEDIUM PATCH This Month

A out-of-bounds read information disclosure vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to disclose sensitive information on vulnerable installations due to a. Rated medium severity (CVSS 4.7).

Trend Micro Information Disclosure Buffer Overflow Officescan
NVD
CVSS 3.0
4.7
EPSS
1.1%
CVE-2018-10505 MEDIUM PATCH This Month

A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the. Rated medium severity (CVSS 6.3). This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Privilege Escalation Trend Micro Buffer Overflow Officescan
NVD
CVSS 3.0
6.3
EPSS
0.4%
CVE-2018-10359 MEDIUM PATCH This Month

A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the. Rated medium severity (CVSS 6.3). This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Privilege Escalation Trend Micro Buffer Overflow Officescan
NVD
CVSS 3.0
6.3
EPSS
0.4%
CVE-2018-10358 MEDIUM PATCH This Month

A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the. Rated medium severity (CVSS 6.3). This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Privilege Escalation Trend Micro Buffer Overflow Officescan
NVD
CVSS 3.0
6.3
EPSS
0.4%
CVE-2018-6237 HIGH POC This Week

A vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow an unauthenticated remote attacker to manipulate the product to send a large number of specially crafted HTTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Denial Of Service Smart Protection Server
NVD
CVSS 3.0
7.5
EPSS
6.4%
CVE-2018-6236 HIGH This Week

A Time-of-Check Time-of-Use privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Trend Micro Privilege Escalation Antivirus Internet Security +2
NVD
CVSS 3.0
7.0
EPSS
0.3%
CVE-2018-6235 HIGH This Week

An Out-of-Bounds write privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Buffer Overflow Trend Micro Antivirus +3
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-6234 MEDIUM This Month

An Out-of-Bounds Read Information Disclosure vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to disclose sensitive information on vulnerable installations. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Buffer Overflow Antivirus Internet Security +2
NVD
CVSS 3.0
5.5
EPSS
0.7%
CVE-2018-6233 HIGH This Week

A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Buffer Overflow Antivirus Internet Security +2
NVD
CVSS 3.0
7.8
EPSS
0.5%
EPSS 1% CVSS 7.8
HIGH This Week

Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a symbolic link privilege escalation attack where an attacker could exploit a critical file on the system to escalate their privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Privilege Escalation Antivirus
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate. Rated medium severity (CVSS 6.3). No vendor patch available.

Race Condition Trend Micro Information Disclosure +4
NVD
EPSS 2% CVSS 4.3
MEDIUM This Month

A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to trigger an out-of-bounds red information disclosure which would disclose sensitive information to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Trend Micro Information Disclosure +1
NVD
EPSS 2% CVSS 7.8
HIGH This Week

A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to execute arbitrary code on affected products. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Trend Micro Apex One
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Trend Micro Information Disclosure +1
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Trend Micro Information Disclosure +1
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Trend Micro Information Disclosure +1
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Trend Micro Information Disclosure +1
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Trend Micro Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability in Trend Micro Apex One may allow a local attacker to manipulate the process of the security agent unload option (if configured), which then could be manipulated to gain a privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Trend Micro Privilege Escalation +2
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A vulnerability in Trend Micro OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Trend Micro Privilege Escalation +2
NVD
EPSS 2% CVSS 7.5
HIGH This Week

An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Antivirus 2019 +4
NVD
EPSS 2% CVSS 7.5
HIGH This Week

An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Antivirus 2019 +4
NVD
EPSS 5% CVSS 9.1
CRITICAL Act Now

A command injection vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow an attacker to execute arbitrary code on an affected system. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Trend Micro Command Injection +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load and run. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Trend Micro Apple +4
NVD
EPSS 1% CVSS 7.1
HIGH This Week

A vulnerability in an Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services dll may allow an attacker to manipulate it to cause an out-of-bounds read. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Trend Micro Information Disclosure +3
NVD
EPSS 3% CVSS 7.8
HIGH KEV THREAT This Week

A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Privilege Escalation Microsoft +2
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows may allow an attacker to create a hard. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Trend Micro Privilege Escalation +4
NVD
EPSS 4% CVSS 7.2
HIGH PATCH This Week

A vulnerability in the management consoles of Trend Micro Deep Security 10.0-12.0 and Trend Micro Vulnerability Protection 2.0 SP2 may allow an authenticated attacker with full control privileges to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE Trend Micro Deep Security Manager +1
NVD
EPSS 3% CVSS 8.1
HIGH PATCH This Week

If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Vulnerability Protection 2.0 SP2 could allow an unauthenticated attacker with prior knowledge of the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Trend Micro Authentication Bypass Deep Security Manager +1
NVD
EPSS 3% CVSS 8.1
HIGH PATCH This Week

If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Deep Security 10.x-12.x could allow an unauthenticated attacker with prior knowledge of the targeted. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Trend Micro Authentication Bypass Deep Security Manager +1
NVD
EPSS 1% CVSS 6.7
MEDIUM PATCH This Month

An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

RCE Trend Micro Antivirus Toolkit +11
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An invalid memory read vulnerability in a Trend Micro Secuity 2020 (v16.0.0.1302 and below) consumer family of products' driver could allow an attacker to manipulate the specific driver to do a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Trend Micro Information Disclosure +4
NVD
EPSS 1% CVSS 7.8
HIGH This Week

An untrusted search path remote code execution (RCE) vulnerability in the Trend Micro Secuity 2020 (v16.0.0.1146 and below) consumer family of products could allow an attacker to run arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Trend Micro Antivirus 2020 +3
NVD
EPSS 73% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authentication on affected installations of Trend Micro InterScan Web Security Virtual. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Trend Micro Authentication Bypass Interscan Web Security Virtual Appliance
NVD
EPSS 88% CVSS 8.8
HIGH POC PATCH THREAT Act Now

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to execute arbitrary code on affected installations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Trend Micro Command Injection +1
NVD Exploit-DB
EPSS 90% CVSS 7.5
HIGH POC PATCH THREAT Act Now

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to disclose sensitive informatoin on affected installations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Trend Micro Path Traversal Interscan Web Security Virtual Appliance
NVD
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

A cross-site scripting vulnerability (XSS) in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow a remote attacker to tamper with the web interface of affected installations. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Trend Micro Interscan Web Security Virtual Appliance
NVD
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected by a directory traversal vulnerability that could allow an attacker to manipulate a key file to bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Trend Micro Path Traversal Worry Free Business Security
NVD
EPSS 12% CVSS 9.8
CRITICAL KEV PATCH THREAT Act Now

Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Authentication Bypass Apex One +1
NVD
EPSS 13% CVSS 9.8
CRITICAL PATCH Act Now

Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

RCE Trend Micro Authentication Bypass +3
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One +2
NVD
EPSS 11% CVSS 8.8
HIGH KEV PATCH THREAT This Week

A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Trend Micro Apex One +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Trend Micro Password Manager for Windows version 5.0 is affected by a DLL hijacking vulnerability would could potentially allow an attacker privleged escalation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Trend Micro Privilege Escalation Microsoft +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Trend Micro Vulnerability Protection 2.0 is affected by a vulnerability that could allow an attack to use the product installer to load other DLL files located in the same directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Vulnerability Protection
NVD
EPSS 3% CVSS 7.5
HIGH This Week

A privilege escalation vulnerability in Trend Micro Antivirus for Mac 2019 (v9.0.1379 and below) could potentially allow an attacker to create a symbolic link to a target file and modify it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Antivirus
NVD
EPSS 1% CVSS 7.1
HIGH This Week

The Trend Micro Security 2020 consumer family of products contains a vulnerability that could allow a local attacker to disclose sensitive information or to create a denial-of-service condition on. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Antivirus Security 2020 +3
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Trend Micro Apex One (2019) is affected by a cross-site scripting (XSS) vulnerability on the product console. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Trend Micro Apex One
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

A vulnerability in Trend Micro Apex One and OfficeScan XG could allow an attacker to expose a masked credential key by manipulating page elements using development tools. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Trend Micro Mobile Security for Android (Consumer) versions 10.3.1 and below on Android 8.0+ has an issue in which an attacker could bypass the product's App Password Protection feature. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Brute Force Trend Micro +2
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited via a DLL Hijack related to a vulnerability on the packer that the program uses. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Housecall For Home Networks
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A privilege escalation vulnerability in Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited allowing an attacker to place a malicious DLL file into the application. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Housecall For Home Networks
NVD
EPSS 2% CVSS 8.8
HIGH This Week

A privilege escalation vulnerability in the Trend Micro Deep Security as a Service Quick Setup cloud formation template could allow an authenticated entity with certain unrestricted AWS execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Deep Security As A Service
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

Trend Micro Security (Consumer) 2020 (v16.x) is affected by a vulnerability in where null pointer dereference errors result in the crash of application, which could potentially lead to possible. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Trend Micro +5
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Trend Micro Security (Consumer) 2020 (v16.0.1221 and below) is affected by a DLL hijacking vulnerability that could allow an attacker to use a specific service as an execution and/or persistence. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Antivirus Security 2020 +3
NVD
EPSS 3% CVSS 7.5
HIGH This Week

Trend Micro Password Manager versions 3.x, 5.0, and 5.1 for Android is affected by a FLAG_MISUSE vulnerability that could be exploited to allow the application to share information to third-party. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Trend Micro Information Disclosure +1
NVD
EPSS 5% CVSS 9.8
CRITICAL Act Now

A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Trend Micro Apex One +2
NVD
EPSS 5% CVSS 7.5
HIGH This Week

Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Trend Micro Command Injection +1
NVD
EPSS 25% CVSS 7.5
HIGH KEV THREAT This Week

Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Trend Micro RCE +1
NVD
EPSS 13% CVSS 7.8
HIGH POC THREAT This Week

Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro RCE Anti Threat Toolkit
NVD Exploit-DB
EPSS 1% CVSS 7.1
HIGH POC This Week

Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security Agent are vulnerable to an arbitrary file delete attack, which may lead to availability impact. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Microsoft Information Disclosure +1
NVD Exploit-DB
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Protection (2.0) are vulnerable to a XML External Entity Attack. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Trend Micro Deep Security Manager +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A DLL hijacking vulnerability exists in the Trend Micro Security's 2019 consumer family of products (v15) Folder Shield component and the standalone Trend Micro Ransom Buster (1.0) tool in which, if. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Antivirus Security 2019 +4
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A local privilege escalation vulnerability exists in Trend Micro Security 2019 (v15.0) in which, if exploited, would allow an attacker to manipulate a specific product feature to load a malicious. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Antivirus Security 2019 +3
NVD
EPSS 2% CVSS 7.8
HIGH This Week

A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Password Manager
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Information Disclosure Password Manager
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A DLL side-loading vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow an authenticated attacker to gain code execution and terminate the product's process - disabling endpoint. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Trend Micro RCE Officescan
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance version 6.5 SP2 could allow an non-authorized user to disclose administrative credentials. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Interscan Web Security Virtual Appliance
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

A memory corruption vulnerability has been identified in WECON LeviStudioU version 1.8.56 and prior, which may allow arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Trend Micro RCE +1
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

Several heap-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior have been identified, which may allow arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Heap Overflow Trend Micro +2
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

Multiple stack-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior may be exploited when parsing strings within project files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Trend Micro Stack Overflow +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A Trend Micro OfficeScan XG weak file permissions vulnerability may allow an attacker to potentially manipulate permissions on some key files to modify other files and folders on vulnerable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Officescan
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A Trend Micro OfficeScan XG weak file permissions vulnerability on a particular folder for a particular group may allow an attacker to alter the files, which could lead to other exploits on. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Trend Micro Information Disclosure Officescan
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

An Address Bar Spoofing vulnerability in Trend Micro Dr. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Trend Micro Information Disclosure +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Null Pointer Dereference Denial Of Service +4
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Null Pointer Dereference Denial Of Service +4
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Null Pointer Dereference Denial Of Service +4
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A ctl_set KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Null Pointer Dereference Denial Of Service +4
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A UrlfWTPPagePtr KERedirect Use-After-Free Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Use After Free +4
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

A Reflected Cross-Site Scripting (XSS) vulnerability in Trend Micro Deep Discovery Inspector 3.85 and below could allow an attacker to bypass CSRF protection and conduct an attack on vulnerable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro XSS CSRF +1
NVD GitHub
EPSS 2% CVSS 4.7
MEDIUM This Month

A Named Pipe Request Processing Out-of-Bounds Read Information Disclosure vulnerability in Trend Micro OfficeScan XG (12.0) could allow a local attacker to disclose sensitive information on. Rated medium severity (CVSS 4.7). No vendor patch available.

Trend Micro Information Disclosure Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An Out-of-Bounds Read Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Information Disclosure +5
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A Missing Impersonation Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Antivirus Security +3
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A Deserialization of Untrusted Data Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Deserialization +4
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to manipulate a reverse proxy .dll on vulnerable installations, which may lead to a denial of server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Control Manager
NVD
EPSS 3% CVSS 10.0
CRITICAL PATCH Act Now

A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request forgery (SSRF) attack on vulnerable installations. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro SSRF Control Manager
NVD
EPSS 6% CVSS 9.8
CRITICAL PATCH Act Now

A Directory Traversal Remote Code Execution vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to execute arbitrary code on vulnerable installations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Trend Micro RCE Path Traversal +1
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

A vulnerability in Trend Micro Maximum Security's (Consumer) 2018 (versions 12.0.1191 and below) User-Mode Hooking (UMH) driver could allow an attacker to create a specially crafted packet that could. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Trend Micro RCE +6
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to exploit it via a Browser Refresh attack on vulnerable installations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Officescan
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to use a specially crafted URL to elevate account permissions on vulnerable installations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Trend Micro Information Disclosure Officescan
NVD
EPSS 1% CVSS 4.4
MEDIUM POC PATCH This Month

A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to take a series of steps to bypass or render the OfficeScan Unauthorized Change Prevention inoperable on vulnerable. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Trend Micro Officescan
NVD Exploit-DB
EPSS 1% CVSS 4.7
MEDIUM PATCH This Month

A out-of-bounds read information disclosure vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to disclose sensitive information on vulnerable installations due to a. Rated medium severity (CVSS 4.7).

Trend Micro Information Disclosure Buffer Overflow +1
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the. Rated medium severity (CVSS 6.3). This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Privilege Escalation Trend Micro Buffer Overflow +1
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the. Rated medium severity (CVSS 6.3). This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Privilege Escalation Trend Micro Buffer Overflow +1
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the. Rated medium severity (CVSS 6.3). This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Privilege Escalation Trend Micro Buffer Overflow +1
NVD
EPSS 6% CVSS 7.5
HIGH POC This Week

A vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow an unauthenticated remote attacker to manipulate the product to send a large number of specially crafted HTTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Denial Of Service Smart Protection Server
NVD
EPSS 0% CVSS 7.0
HIGH This Week

A Time-of-Check Time-of-Use privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Trend Micro Privilege Escalation +4
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An Out-of-Bounds write privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Buffer Overflow +5
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

An Out-of-Bounds Read Information Disclosure vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to disclose sensitive information on vulnerable installations. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Buffer Overflow +4
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Buffer Overflow +4
NVD
Prev Page 4 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy