Filtered by vendor Trendmicro
Subscriptions
Total
498 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-32527 | 1 Trendmicro | 1 Mobile Security | 2024-12-04 | 8.8 High |
Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32528. | ||||
CVE-2023-32526 | 1 Trendmicro | 1 Mobile Security | 2024-12-04 | 6.5 Medium |
Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32525. | ||||
CVE-2023-32522 | 1 Trendmicro | 1 Mobile Security | 2024-12-04 | 8.1 High |
A path traversal exists in a specific dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an authenticated remote attacker to delete arbitrary files. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
CVE-2023-32529 | 1 Trendmicro | 1 Apex Central | 2024-12-04 | 8.8 High |
Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection that could lead to remote code execution. Please note: an attacker must first obtain authentication on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32530. | ||||
CVE-2023-32530 | 1 Trendmicro | 1 Apex Central | 2024-12-04 | 8.8 High |
Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection that could lead to remote code execution. Please note: an attacker must first obtain authentication on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32529. | ||||
CVE-2023-41179 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Worry-free Business Security and 1 more | 2024-11-29 | 7.2 High |
A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation. Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability. | ||||
CVE-2024-37289 | 1 Trendmicro | 1 Apex One | 2024-11-21 | 7.8 High |
An improper access control vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
CVE-2024-36359 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2024-11-21 | 5.4 Medium |
A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
CVE-2024-36306 | 1 Trendmicro | 1 Apex One | 2024-11-21 | 6.1 Medium |
A link following vulnerability in the Trend Micro Apex One and Apex One as a Service Damage Cleanup Engine could allow a local attacker to create a denial-of-service condition on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
CVE-2024-36305 | 1 Trendmicro | 1 Apex One | 2024-11-21 | 7.8 High |
A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
CVE-2024-36303 | 1 Trendmicro | 1 Apex One | 2024-11-21 | 7.8 High |
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2024-36302. | ||||
CVE-2024-32849 | 1 Trendmicro | 1 Maximum Security | 2024-11-21 | 7.8 High |
Trend Micro Security 17.x (Consumer) is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. | ||||
CVE-2024-23940 | 2 Microsoft, Trendmicro | 6 Windows, Air Support, Antivirus \+ Security and 3 more | 2024-11-21 | 7.8 High |
Trend Micro uiAirSupport, included in the Trend Micro Security 2023 family of consumer products, version 6.0.2092 and below is vulnerable to a DLL hijacking/proxying vulnerability, which if exploited could allow an attacker to impersonate and modify a library to execute code on the system and ultimately escalate privileges on an affected system. | ||||
CVE-2023-52338 | 1 Trendmicro | 2 Deep Security, Deep Security Agent | 2024-11-21 | 7.8 High |
A link following vulnerability in the Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
CVE-2023-52337 | 1 Trendmicro | 2 Deep Security, Deep Security Agent | 2024-11-21 | 7.8 High |
An improper access control vulnerability in Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
CVE-2023-52331 | 1 Trendmicro | 1 Apex Central | 2024-11-21 | 7.1 High |
A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
CVE-2023-52330 | 1 Trendmicro | 1 Apex One | 2024-11-21 | 6.1 Medium |
A cross-site scripting vulnerability in Trend Micro Apex Central could allow a remote attacker to execute arbitrary code on affected installations of Trend Micro Apex Central. Please note: user interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | ||||
CVE-2023-52329 | 1 Trendmicro | 1 Apex Central | 2024-11-21 | 6.1 Medium |
Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to CVE-2023-52326. | ||||
CVE-2023-52328 | 1 Trendmicro | 1 Apex Central | 2024-11-21 | 6.1 Medium |
Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to CVE-2023-52329. | ||||
CVE-2023-52327 | 1 Trendmicro | 1 Apex Central | 2024-11-21 | 6.1 Medium |
Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to CVE-2023-52328. |