Trendmicro

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-19696 1Trendmicro 1Password Manager Nov 21, 2024 Jan 18, 2020 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious...Show more A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishing sites.Show less
CVE-2019-15625 1Trendmicro 1Password Manager Nov 21, 2024 Jan 18, 2020 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
CVE-2019-19695 1Trendmicro 1Antivirus+ Nov 21, 2024 Dec 24, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A privilege escalation vulnerability in Trend Micro Antivirus for Mac 2019 (v9.0.1379 and below) could potentially allow an attacker to create a symbolic link to a target file and modify it.
CVE-2019-19693 1Trendmicro 4Antivirus+ Security 2020 Internet Security 2020Maximum Security 2020+1 more Nov 21, 2024 Dec 20, 2019 N/A· v4 7.1 HIGH· v3 3.6 LOW· v2 The Trend Micro Security 2020 consumer family of products contains a vulnerability that could allow a local attacker to disclose sensitive information or to create a denial-of-service condition on affected installations....Show more The Trend Micro Security 2020 consumer family of products contains a vulnerability that could allow a local attacker to disclose sensitive information or to create a denial-of-service condition on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.Show less
CVE-2019-19692 1Trendmicro 1Apex One Nov 21, 2024 Dec 20, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Trend Micro Apex One (2019) is affected by a cross-site scripting (XSS) vulnerability on the product console. Note that the Japanese version of the product is NOT affected.
CVE-2019-19691 1Trendmicro 2Apex One Officescan Nov 21, 2024 Dec 20, 2019 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability in Trend Micro Apex One and OfficeScan XG could allow an attacker to expose a masked credential key by manipulating page elements using development tools. Note that the attacker must already have admin/ro...Show more A vulnerability in Trend Micro Apex One and OfficeScan XG could allow an attacker to expose a masked credential key by manipulating page elements using development tools. Note that the attacker must already have admin/root privileges on the product console to exploit this vulnerability.Show less
CVE-2019-19690 1Trendmicro 1Mobile Security Nov 21, 2024 Dec 18, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Trend Micro Mobile Security for Android (Consumer) versions 10.3.1 and below on Android 8.0+ has an issue in which an attacker could bypass the product's App Password Protection feature.
CVE-2019-19689 1Trendmicro 1Housecall For Home Networks Nov 21, 2024 Dec 18, 2019 N/A· v4 7.8 HIGH· v3 4.4 MEDIUM· v2 Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited via a DLL Hijack related to a vulnerability on the packer that the program uses.
CVE-2019-19688 1Trendmicro 1Housecall For Home Networks Nov 21, 2024 Dec 18, 2019 N/A· v4 7.8 HIGH· v3 4.4 MEDIUM· v2 A privilege escalation vulnerability in Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited allowing an attacker to place a malicious DLL file into the application directory and elevate...Show more A privilege escalation vulnerability in Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited allowing an attacker to place a malicious DLL file into the application directory and elevate privileges.Show less
CVE-2019-18191 1Trendmicro 1Deep Security As A Service Nov 21, 2024 Dec 16, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A privilege escalation vulnerability in the Trend Micro Deep Security as a Service Quick Setup cloud formation template could allow an authenticated entity with certain unrestricted AWS execution privileges to escalate t...Show more A privilege escalation vulnerability in the Trend Micro Deep Security as a Service Quick Setup cloud formation template could allow an authenticated entity with certain unrestricted AWS execution privileges to escalate to full privileges within the target AWS account.Show less
CVE-2019-18190 1Trendmicro 4Antivirus+ Security 2020 Internet Security 2020Maximum Security 2020+1 more Nov 21, 2024 Dec 9, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Trend Micro Security (Consumer) 2020 (v16.x) is affected by a vulnerability in where null pointer dereference errors result in the crash of application, which could potentially lead to possible unsigned code execution un...Show more Trend Micro Security (Consumer) 2020 (v16.x) is affected by a vulnerability in where null pointer dereference errors result in the crash of application, which could potentially lead to possible unsigned code execution under certain circumstances.Show less
CVE-2019-15628 1Trendmicro 4Antivirus + Security 2020 Internet Security 2020Maximum Security 2020+1 more Nov 21, 2024 Dec 2, 2019 N/A· v4 7.8 HIGH· v3 6.9 MEDIUM· v2 Trend Micro Security (Consumer) 2020 (v16.0.1221 and below) is affected by a DLL hijacking vulnerability that could allow an attacker to use a specific service as an execution and/or persistence mechanism which could exe...Show more Trend Micro Security (Consumer) 2020 (v16.0.1221 and below) is affected by a DLL hijacking vulnerability that could allow an attacker to use a specific service as an execution and/or persistence mechanism which could execute a malicious program each time the service is started.Show less
CVE-2019-15629 1Trendmicro 1Password Manager Nov 21, 2024 Nov 25, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Trend Micro Password Manager versions 3.x, 5.0, and 5.1 for Android is affected by a FLAG_MISUSE vulnerability that could be exploited to allow the application to share information to third-party applications on the devi...Show more Trend Micro Password Manager versions 3.x, 5.0, and 5.1 for Android is affected by a FLAG_MISUSE vulnerability that could be exploited to allow the application to share information to third-party applications on the device.Show less
CVE-2019-18189 1Trendmicro 3Apex One OfficescanWorry Free Business Security Nov 21, 2024 Oct 28, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's managemen...Show more A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulnerability does not require authentication.Show less
CVE-2019-18188 1Trendmicro 1Apex One Nov 21, 2024 Oct 28, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could potentially lead to...Show more Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to the IUSR account, which has restricted permission and is unable to make major system changes. An attempted attack requires user authentication.Show less
CVE-2019-18187 1Trendmicro 1Officescan Oct 30, 2025 Oct 28, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server...Show more Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to a web service account, which depending on the web platform used may have restricted permissions. An attempted attack requires user authentication.Show less
CVE-2019-9491 1Trendmicro 1Anti Threat Toolkit Nov 21, 2024 Oct 21, 2019 N/A· v4 7.8 HIGH· v3 5.1 MEDIUM· v2 Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution...Show more Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed.Show less
CVE-2019-15627 1Trendmicro 1Deep Security Nov 21, 2024 Oct 17, 2019 N/A· v4 7.1 HIGH· v3 6.6 MEDIUM· v2 Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security Agent are vulnerable to an arbitrary file delete attack, which may lead to availability impact. Local OS access is required. Please note that only Windows age...Show more Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security Agent are vulnerable to an arbitrary file delete attack, which may lead to availability impact. Local OS access is required. Please note that only Windows agents are affected.Show less
CVE-2019-15626 1Trendmicro 1Deep Security Nov 21, 2024 Oct 17, 2019 N/A· v4 7.5 HIGH· v3 4.3 MEDIUM· v2 The Deep Security Manager application (Versions 10.0, 11.0 and 12.0), when configured in a certain way, may transmit initial LDAP communication in clear text. This may result in confidentiality impact but does not impact...Show more The Deep Security Manager application (Versions 10.0, 11.0 and 12.0), when configured in a certain way, may transmit initial LDAP communication in clear text. This may result in confidentiality impact but does not impact integrity or availability.Show less
CVE-2019-9488 1Trendmicro 2Deep Security Manager Vulnerability Protection Nov 21, 2024 Sep 11, 2019 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Protection (2.0) are vulnerable to a XML External Entity Attack. However, for the attack to be possible, the attacker must have root/admin access to a prot...Show more Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Protection (2.0) are vulnerable to a XML External Entity Attack. However, for the attack to be possible, the attacker must have root/admin access to a protected host which is authorized to communicate with the Deep Security Manager (DSM).Show less

Previous 1...181920...28 Next