Filtered by vendor Trendmicro
Subscriptions
Total
506 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-25232 | 2 Microsoft, Trendmicro | 3 Windows, Apex One, Officescan | 2024-11-21 | 5.3 Medium |
| An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the SQL database. | ||||
| CVE-2021-25231 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Officescan and 1 more | 2024-11-21 | 5.3 Medium |
| An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific hotfix history file. | ||||
| CVE-2021-25230 | 2 Microsoft, Trendmicro | 3 Windows, Apex One, Officescan | 2024-11-21 | 5.3 Medium |
| An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the contents of a scan connection exception file. | ||||
| CVE-2021-25229 | 1 Trendmicro | 2 Apex One, Officescan | 2024-11-21 | 5.3 Medium |
| An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the database server. | ||||
| CVE-2021-25228 | 1 Trendmicro | 3 Apex One, Officescan, Worry-free Business Security | 2024-11-21 | 5.3 Medium |
| An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about hotfix history. | ||||
| CVE-2021-25227 | 1 Trendmicro | 1 Antivirus | 2024-11-21 | 3.3 Low |
| Trend Micro Antivirus for Mac 2021 (Consumer) is vulnerable to a memory exhaustion vulnerability that could lead to disabling all the scanning functionality within the application. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability - i.e. the attacker must already have access to the target system (either legitimately or via another exploit). | ||||
| CVE-2021-25226 | 1 Trendmicro | 1 Serverprotect | 2024-11-21 | 5.5 Medium |
| A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a scan engine component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2021-25225 | 1 Trendmicro | 1 Serverprotect | 2024-11-21 | 5.5 Medium |
| A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a scheduled scan component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2021-25224 | 1 Trendmicro | 1 Serverprotect | 2024-11-21 | 5.5 Medium |
| A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a manual scan component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2021-23139 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Worry-free Business Security and 1 more | 2024-11-21 | 7.5 High |
| A null pointer vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an attacker to crash the CGI program on affected installations. | ||||
| CVE-2020-8607 | 2 Microsoft, Trendmicro | 13 Windows, Antivirus Toolkit, Apex One and 10 more | 2024-11-21 | 6.7 Medium |
| An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or potentially lead to code execution in kernel mode. An attacker must already have obtained administrator access on the target machine (either legitimately or via a separate unrelated attack) to exploit this vulnerability. | ||||
| CVE-2020-8606 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2024-11-21 | 9.8 Critical |
| A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authentication on affected installations of Trend Micro InterScan Web Security Virtual Appliance. | ||||
| CVE-2020-8605 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2024-11-21 | 8.8 High |
| A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to execute arbitrary code on affected installations. Authentication is required to exploit this vulnerability. | ||||
| CVE-2020-8604 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2024-11-21 | 7.5 High |
| A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to disclose sensitive informatoin on affected installations. | ||||
| CVE-2020-8603 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2024-11-21 | 6.1 Medium |
| A cross-site scripting vulnerability (XSS) in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow a remote attacker to tamper with the web interface of affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | ||||
| CVE-2020-8602 | 2 Microsoft, Trendmicro | 3 Windows, Deep Security Manager, Vulnerability Protection | 2024-11-21 | 7.2 High |
| A vulnerability in the management consoles of Trend Micro Deep Security 10.0-12.0 and Trend Micro Vulnerability Protection 2.0 SP2 may allow an authenticated attacker with full control privileges to bypass file integrity checks, leading to remote code execution. | ||||
| CVE-2020-8601 | 2 Microsoft, Trendmicro | 2 Windows, Vulnerability Protection | 2024-11-21 | 7.8 High |
| Trend Micro Vulnerability Protection 2.0 is affected by a vulnerability that could allow an attack to use the product installer to load other DLL files located in the same directory. | ||||
| CVE-2020-8600 | 1 Trendmicro | 1 Worry-free Business Security | 2024-11-21 | 9.8 Critical |
| Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected by a directory traversal vulnerability that could allow an attacker to manipulate a key file to bypass authentication. | ||||
| CVE-2020-8598 | 1 Trendmicro | 3 Apex One, Officescan, Worry-free Business Security | 2024-11-21 | 9.8 Critical |
| Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges. Authentication is not required to exploit this vulnerability. | ||||
| CVE-2020-8470 | 1 Trendmicro | 3 Apex One, Officescan, Worry-free Business Security | 2024-11-21 | 7.5 High |
| Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this vulnerability. | ||||