Filtered by vendor Trendmicro
Subscribe
Total
493 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-32524 | 1 Trendmicro | 1 Mobile Security | 2024-11-21 | N/A | 8.8 HIGH |
| Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32523. | |||||
| CVE-2023-32523 | 1 Trendmicro | 1 Mobile Security | 2024-11-21 | N/A | 8.8 HIGH |
| Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32524. | |||||
| CVE-2023-32522 | 1 Trendmicro | 1 Mobile Security | 2024-11-21 | N/A | 8.1 HIGH |
| A path traversal exists in a specific dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an authenticated remote attacker to delete arbitrary files. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2023-32521 | 1 Trendmicro | 1 Mobile Security | 2024-11-21 | N/A | 9.1 CRITICAL |
| A path traversal exists in a specific service dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an unauthenticated remote attacker to delete arbitrary files. | |||||
| CVE-2023-28929 | 2 Microsoft, Trendmicro | 13 Windows, Antivirus\+ Security 2021, Antivirus\+ Security 2022 and 10 more | 2024-11-21 | N/A | 7.8 HIGH |
| Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started. | |||||
| CVE-2023-28005 | 2 Microsoft, Trendmicro | 2 Windows, Trend Micro Endpoint Encryption | 2024-11-21 | N/A | 6.8 MEDIUM |
| A vulnerability in Trend Micro Endpoint Encryption Full Disk Encryption version 6.0.0.3204 and below could allow an attacker with physical access to an affected device to bypass Microsoft Windows? Secure Boot process in an attempt to execute other attacks to obtain access to the contents of the device. An attacker must first obtain physical access to the target system in order to exploit this vulnerability. It is also important to note that the contents of the drive(s) encrypted with TMEE FDE would still be protected and would NOT be accessible by the attacker by exploitation of this vulnerability alone. | |||||
| CVE-2022-41749 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | N/A | 7.8 HIGH |
| An origin validation error vulnerability in Trend Micro Apex One agents could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2022-41748 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | N/A | 6.7 MEDIUM |
| A registry permissions vulnerability in the Trend Micro Apex One Data Loss Prevention (DLP) module could allow a local attacker with administrative credentials to bypass certain elements of the product's anti-tampering mechanisms on affected installations. Please note: an attacker must first obtain administrative credentials on the target system in order to exploit this vulnerability. | |||||
| CVE-2022-41747 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | N/A | 7.8 HIGH |
| An improper certification validation vulnerability in Trend Micro Apex One agents could allow a local attacker to load a DLL file with system service privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2022-41746 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | N/A | 9.1 CRITICAL |
| A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to the Apex One console on affected installations to escalate privileges and modify certain agent groupings. Please note: an attacker must first obtain the ability to log onto the Apex One web console in order to exploit this vulnerability. | |||||
| CVE-2022-41745 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | N/A | 7.0 HIGH |
| An Out-of-Bounds access vulnerability in Trend Micro Apex One could allow a local attacker to create a specially crafted message to cause memory corruption on a certain service process which could lead to local privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2022-41744 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | N/A | 7.0 HIGH |
| A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One Vulnerability Protection integrated component could allow a local attacker to escalate privileges and turn a specific working directory into a mount point on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2022-40980 | 1 Trendmicro | 1 Mobile Security | 2024-11-21 | N/A | 9.1 CRITICAL |
| A potential unathenticated file deletion vulnerabilty on Trend Micro Mobile Security for Enterprise 9.8 SP5 could allow an attacker with access to the Management Server to delete files. This issue was resolved in 9.8 SP5 Critical Patch 2. | |||||
| CVE-2022-40710 | 2 Microsoft, Trendmicro | 2 Windows, Deep Security Agent | 2024-11-21 | N/A | 7.8 HIGH |
| A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2022-40709 | 2 Microsoft, Trendmicro | 2 Windows, Deep Security Agent | 2024-11-21 | N/A | 3.3 LOW |
| An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40707 and 40708. | |||||
| CVE-2022-40708 | 2 Microsoft, Trendmicro | 2 Windows, Deep Security Agent | 2024-11-21 | N/A | 3.3 LOW |
| An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40707. | |||||
| CVE-2022-40707 | 2 Microsoft, Trendmicro | 2 Windows, Deep Security Agent | 2024-11-21 | N/A | 3.3 LOW |
| An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40708. | |||||
| CVE-2022-40144 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | N/A | 9.8 CRITICAL |
| A vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service could allow an attacker to bypass the product's login authentication by falsifying request parameters on affected installations. | |||||
| CVE-2022-40143 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | N/A | 7.3 HIGH |
| A link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service servers could allow a local attacker to abuse an insecure directory that could allow a low-privileged user to run arbitrary code with elevated privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2022-40142 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | N/A | 7.8 HIGH |
| A security link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service agents could allow a local attacker to create a writable folder in an arbitrary location and escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||