Filtered by vendor Trendmicro
Subscribe
Total
485 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-52093 | 1 Trendmicro | 1 Apex One | 2024-08-29 | N/A | 7.8 HIGH |
An exposed dangerous function vulnerability in the Trend Micro Apex One agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
CVE-2023-47201 | 1 Trendmicro | 1 Apex One | 2024-08-29 | N/A | 7.8 HIGH |
A plug-in manager origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47200. | |||||
CVE-2021-36741 | 2 Microsoft, Trendmicro | 5 Windows, Apex One, Officescan and 2 more | 2024-08-14 | 6.5 MEDIUM | 8.8 HIGH |
An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product?s management console in order to exploit this vulnerability. | |||||
CVE-2010-5179 | 2 Microsoft, Trendmicro | 2 Windows Xp, Internet Security 2010 | 2024-08-07 | 6.2 MEDIUM | N/A |
Race condition in Trend Micro Internet Security Pro 2010 17.50.1647.0000 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute | |||||
CVE-2023-52338 | 1 Trendmicro | 2 Deep Security, Deep Security Agent | 2024-07-03 | N/A | 7.8 HIGH |
A link following vulnerability in the Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
CVE-2023-41176 | 1 Trendmicro | 1 Mobile Security | 2024-02-28 | N/A | 6.1 MEDIUM |
Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to, CVE-2023-41177. | |||||
CVE-2023-52330 | 1 Trendmicro | 1 Apex One | 2024-02-28 | N/A | 6.1 MEDIUM |
A cross-site scripting vulnerability in Trend Micro Apex Central could allow a remote attacker to execute arbitrary code on affected installations of Trend Micro Apex Central. Please note: user interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | |||||
CVE-2023-47199 | 1 Trendmicro | 1 Apex One | 2024-02-28 | N/A | 7.8 HIGH |
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47193. | |||||
CVE-2023-47196 | 1 Trendmicro | 1 Apex One | 2024-02-28 | N/A | 7.8 HIGH |
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47197. | |||||
CVE-2023-52326 | 1 Trendmicro | 1 Apex Central | 2024-02-28 | N/A | 6.1 MEDIUM |
Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to CVE-2023-52327. | |||||
CVE-2023-52327 | 1 Trendmicro | 1 Apex Central | 2024-02-28 | N/A | 6.1 MEDIUM |
Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to CVE-2023-52328. | |||||
CVE-2023-52324 | 1 Trendmicro | 1 Apex Central | 2024-02-28 | N/A | 8.8 HIGH |
An unrestricted file upload vulnerability in Trend Micro Apex Central could allow a remote attacker to create arbitrary files on affected installations. Please note: although authentication is required to exploit this vulnerability, this vulnerability could be exploited when the attacker has any valid set of credentials. Also, this vulnerability could be potentially used in combination with another vulnerability to execute arbitrary code. | |||||
CVE-2023-52337 | 1 Trendmicro | 2 Deep Security, Deep Security Agent | 2024-02-28 | N/A | 7.8 HIGH |
An improper access control vulnerability in Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
CVE-2023-47198 | 1 Trendmicro | 1 Apex One | 2024-02-28 | N/A | 7.8 HIGH |
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47199. | |||||
CVE-2023-52329 | 1 Trendmicro | 1 Apex Central | 2024-02-28 | N/A | 6.1 MEDIUM |
Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to CVE-2023-52326. | |||||
CVE-2023-41177 | 1 Trendmicro | 1 Mobile Security | 2024-02-28 | N/A | 6.1 MEDIUM |
Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to, CVE-2023-41178. | |||||
CVE-2023-47197 | 1 Trendmicro | 1 Apex One | 2024-02-28 | N/A | 7.8 HIGH |
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47198. | |||||
CVE-2023-38624 | 1 Trendmicro | 1 Apex Central | 2024-02-28 | N/A | 5.4 MEDIUM |
A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-38625 through CVE-2023-38627. | |||||
CVE-2023-41178 | 1 Trendmicro | 1 Mobile Security | 2024-02-28 | N/A | 6.1 MEDIUM |
Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to, CVE-2023-41176. | |||||
CVE-2023-52092 | 1 Trendmicro | 1 Apex One | 2024-02-28 | N/A | 7.8 HIGH |
A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |