Vulnerabilities (CVE)

Filtered by vendor Trendmicro Subscribe
Filtered by product Deep Security
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-52338 1 Trendmicro 2 Deep Security, Deep Security Agent 2024-11-21 N/A 7.8 HIGH
A link following vulnerability in the Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2023-52337 1 Trendmicro 2 Deep Security, Deep Security Agent 2024-11-21 N/A 7.8 HIGH
An improper access control vulnerability in Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2021-25252 7 Apple, Emc, Linux and 4 more 25 Macos, Celerra Network Attached Storage, Linux Kernel and 22 more 2024-11-21 4.9 MEDIUM 5.5 MEDIUM
Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.
CVE-2020-8607 2 Microsoft, Trendmicro 13 Windows, Antivirus Toolkit, Apex One and 10 more 2024-11-21 7.2 HIGH 6.7 MEDIUM
An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or potentially lead to code execution in kernel mode. An attacker must already have obtained administrator access on the target machine (either legitimately or via a separate unrelated attack) to exploit this vulnerability.
CVE-2019-15627 2 Microsoft, Trendmicro 2 Windows, Deep Security 2024-11-21 6.6 MEDIUM 7.1 HIGH
Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security Agent are vulnerable to an arbitrary file delete attack, which may lead to availability impact. Local OS access is required. Please note that only Windows agents are affected.
CVE-2019-15626 1 Trendmicro 1 Deep Security 2024-11-21 4.3 MEDIUM 7.5 HIGH
The Deep Security Manager application (Versions 10.0, 11.0 and 12.0), when configured in a certain way, may transmit initial LDAP communication in clear text. This may result in confidentiality impact but does not impact integrity or availability.
CVE-2018-6218 1 Trendmicro 5 Deep Security, Endpoint Sensor, Officescan and 2 more 2024-11-21 5.1 MEDIUM 7.0 HIGH
A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system.