Vulnerabilities (CVE)

Filtered by vendor Trendmicro Subscribe
Total 493 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-25779 1 Trendmicro 1 Antivirus 2024-11-21 2.1 LOW 3.3 LOW
Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in which a Internationalized Domain Name homograph attack (Puny-code) could be used to add a malicious website to the approved websites list of Trend Micro Antivirus for Mac to bypass the web threat protection feature.
CVE-2020-25778 1 Trendmicro 1 Antivirus 2024-11-21 2.1 LOW 6.0 MEDIUM
Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in a specific kernel extension where an attacker could supply a kernel pointer and leak several bytes of memory. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.
CVE-2020-25777 1 Trendmicro 1 Antivirus 2024-11-21 5.8 MEDIUM 5.4 MEDIUM
Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a specific kernel extension request attack where an attacker could bypass the Web Threat Protection feature of the product. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
CVE-2020-25776 1 Trendmicro 1 Antivirus 2024-11-21 7.2 HIGH 7.8 HIGH
Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a symbolic link privilege escalation attack where an attacker could exploit a critical file on the system to escalate their privileges. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2020-25775 2 Microsoft, Trendmicro 5 Windows, Antivirus\+ 2020, Internet Security 2020 and 2 more 2024-11-21 6.3 MEDIUM 6.3 MEDIUM
The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product's secure erase feature to delete files with a higher set of privileges.
CVE-2020-25774 2 Microsoft, Trendmicro 2 Windows, Apex One 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to trigger an out-of-bounds red information disclosure which would disclose sensitive information to an unprivileged account. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
CVE-2020-25773 2 Microsoft, Trendmicro 2 Windows, Apex One 2024-11-21 6.8 MEDIUM 7.8 HIGH
A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to execute arbitrary code on affected products. User interaction is required to exploit this vulnerability in that the target must import a corrupted configuration file.
CVE-2020-25772 2 Microsoft, Trendmicro 2 Windows, Apex One 2024-11-21 2.1 LOW 5.5 MEDIUM
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25771.
CVE-2020-25771 2 Microsoft, Trendmicro 2 Windows, Apex One 2024-11-21 2.1 LOW 5.5 MEDIUM
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25770.
CVE-2020-25770 2 Microsoft, Trendmicro 2 Windows, Apex One 2024-11-21 2.1 LOW 5.5 MEDIUM
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25771.
CVE-2020-24565 2 Microsoft, Trendmicro 2 Windows, Apex One 2024-11-21 2.1 LOW 5.5 MEDIUM
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25770.
CVE-2020-24564 2 Microsoft, Trendmicro 2 Windows, Apex One 2024-11-21 2.1 LOW 5.5 MEDIUM
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24565 and CVE-2020-25770.
CVE-2020-24563 2 Microsoft, Trendmicro 2 Windows, Apex One 2024-11-21 7.2 HIGH 7.8 HIGH
A vulnerability in Trend Micro Apex One may allow a local attacker to manipulate the process of the security agent unload option (if configured), which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit this vulnerability.
CVE-2020-24562 2 Microsoft, Trendmicro 2 Windows, Officescan 2024-11-21 7.2 HIGH 7.8 HIGH
A vulnerability in Trend Micro OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This CVE is similar, but not identical to CVE-2020-24556.
CVE-2020-24561 1 Trendmicro 1 Serverprotect 2024-11-21 9.0 HIGH 9.1 CRITICAL
A command injection vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow an attacker to execute arbitrary code on an affected system. An attacker must first obtain admin/root privileges on the SPLX console to exploit this vulnerability.
CVE-2020-24560 2 Microsoft, Trendmicro 6 Windows, Antivirus\+ 2019, Internet Security 2019 and 3 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CWE-295: Improper server certificate verification in the communication with the update server.
CVE-2020-24559 3 Apple, Microsoft, Trendmicro 6 Macos, Windows, Apex One and 3 more 2024-11-21 7.2 HIGH 7.8 HIGH
A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load and run a script from a user-writable folder, which then would allow them to execute arbitrary code as root. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2020-24558 3 Apple, Microsoft, Trendmicro 5 Macos, Windows, Apex One and 2 more 2024-11-21 3.6 LOW 7.1 HIGH
A vulnerability in an Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services dll may allow an attacker to manipulate it to cause an out-of-bounds read that crashes multiple processes in the product. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2020-24557 2 Microsoft, Trendmicro 3 Windows, Apex One, Worry-free Business Security 2024-11-21 7.2 HIGH 7.8 HIGH
A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function and attain privilege escalation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected.
CVE-2020-24556 3 Apple, Microsoft, Trendmicro 5 Macos, Windows, Apex One and 2 more 2024-11-21 7.2 HIGH 7.8 HIGH
A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected.