Filtered by vendor Trendmicro
Subscribe
Total
493 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-32556 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | N/A | 5.5 MEDIUM |
| A link following vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to disclose sensitive information. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2023-32555 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | N/A | 7.0 HIGH |
| A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: a local attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32554. | |||||
| CVE-2023-32554 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | N/A | 7.0 HIGH |
| A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: a local attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32555. | |||||
| CVE-2023-32537 | 1 Trendmicro | 1 Apex Central | 2024-11-21 | N/A | 5.4 MEDIUM |
| Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Please note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32536. | |||||
| CVE-2023-32536 | 1 Trendmicro | 1 Apex Central | 2024-11-21 | N/A | 5.4 MEDIUM |
| Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Please note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32537. | |||||
| CVE-2023-32535 | 1 Trendmicro | 1 Apex Central | 2024-11-21 | N/A | 6.1 MEDIUM |
| Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32531 through 32534. | |||||
| CVE-2023-32534 | 1 Trendmicro | 1 Apex Central | 2024-11-21 | N/A | 6.1 MEDIUM |
| Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32531 through 32535. | |||||
| CVE-2023-32533 | 1 Trendmicro | 1 Apex Central | 2024-11-21 | N/A | 6.1 MEDIUM |
| Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32531 through 32535. | |||||
| CVE-2023-32532 | 1 Trendmicro | 1 Apex Central | 2024-11-21 | N/A | 6.1 MEDIUM |
| Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32531 through 32535. | |||||
| CVE-2023-32531 | 1 Trendmicro | 1 Apex Central | 2024-11-21 | N/A | 6.1 MEDIUM |
| Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32532 through 32535. | |||||
| CVE-2023-32530 | 1 Trendmicro | 1 Apex Central | 2024-11-21 | N/A | 8.8 HIGH |
| Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection that could lead to remote code execution. Please note: an attacker must first obtain authentication on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32529. | |||||
| CVE-2023-32529 | 1 Trendmicro | 1 Apex Central | 2024-11-21 | N/A | 8.8 HIGH |
| Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection that could lead to remote code execution. Please note: an attacker must first obtain authentication on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32530. | |||||
| CVE-2023-32524 | 1 Trendmicro | 1 Mobile Security | 2024-11-21 | N/A | 8.8 HIGH |
| Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32523. | |||||
| CVE-2023-32523 | 1 Trendmicro | 1 Mobile Security | 2024-11-21 | N/A | 8.8 HIGH |
| Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32524. | |||||
| CVE-2023-32522 | 1 Trendmicro | 1 Mobile Security | 2024-11-21 | N/A | 8.1 HIGH |
| A path traversal exists in a specific dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an authenticated remote attacker to delete arbitrary files. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2023-32521 | 1 Trendmicro | 1 Mobile Security | 2024-11-21 | N/A | 9.1 CRITICAL |
| A path traversal exists in a specific service dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an unauthenticated remote attacker to delete arbitrary files. | |||||
| CVE-2023-28929 | 2 Microsoft, Trendmicro | 13 Windows, Antivirus\+ Security 2021, Antivirus\+ Security 2022 and 10 more | 2024-11-21 | N/A | 7.8 HIGH |
| Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started. | |||||
| CVE-2023-28005 | 2 Microsoft, Trendmicro | 2 Windows, Trend Micro Endpoint Encryption | 2024-11-21 | N/A | 6.8 MEDIUM |
| A vulnerability in Trend Micro Endpoint Encryption Full Disk Encryption version 6.0.0.3204 and below could allow an attacker with physical access to an affected device to bypass Microsoft Windows� Secure Boot process in an attempt to execute other attacks to obtain access to the contents of the device. An attacker must first obtain physical access to the target system in order to exploit this vulnerability. It is also important to note that the contents of the drive(s) encrypted with TMEE FDE would still be protected and would NOT be accessible by the attacker by exploitation of this vulnerability alone. | |||||
| CVE-2022-44654 | 1 Trendmicro | 1 Apex One | 2024-11-21 | N/A | 7.5 HIGH |
| Affected builds of Trend Micro Apex One and Apex One as a Service contain a monitor engine component that is complied without the /SAFESEH memory protection mechanism which helps to monitor for malicious payloads. The affected component's memory protection mechanism has been updated to enhance product security. | |||||
| CVE-2022-44653 | 1 Trendmicro | 1 Apex One | 2024-11-21 | N/A | 7.8 HIGH |
| A security agent directory traversal vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||