Filtered by vendor Trendmicro
Subscribe
Total
485 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-52326 | 1 Trendmicro | 1 Apex Central | 2024-01-29 | N/A | 6.1 MEDIUM |
Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to CVE-2023-52327. | |||||
CVE-2023-41179 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Worry-free Business Security and 1 more | 2023-12-10 | N/A | 7.2 HIGH |
A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation. Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability. | |||||
CVE-2023-32533 | 1 Trendmicro | 1 Apex Central | 2023-12-10 | N/A | 6.1 MEDIUM |
Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32531 through 32535. | |||||
CVE-2023-34147 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2023-12-10 | N/A | 7.8 HIGH |
An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34148. | |||||
CVE-2023-32525 | 1 Trendmicro | 1 Mobile Security | 2023-12-10 | N/A | 6.5 MEDIUM |
Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32526. | |||||
CVE-2023-28929 | 2 Microsoft, Trendmicro | 13 Windows, Antivirus\+ Security 2021, Antivirus\+ Security 2022 and 10 more | 2023-12-10 | N/A | 7.8 HIGH |
Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started. | |||||
CVE-2023-32529 | 1 Trendmicro | 1 Apex Central | 2023-12-10 | N/A | 8.8 HIGH |
Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection that could lead to remote code execution. Please note: an attacker must first obtain authentication on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32530. | |||||
CVE-2023-32535 | 1 Trendmicro | 1 Apex Central | 2023-12-10 | N/A | 6.1 MEDIUM |
Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32531 through 32534. | |||||
CVE-2023-32528 | 1 Trendmicro | 1 Mobile Security | 2023-12-10 | N/A | 8.8 HIGH |
Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32527. | |||||
CVE-2023-32534 | 1 Trendmicro | 1 Apex Central | 2023-12-10 | N/A | 6.1 MEDIUM |
Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32531 through 32535. | |||||
CVE-2023-32527 | 1 Trendmicro | 1 Mobile Security | 2023-12-10 | N/A | 8.8 HIGH |
Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32528. | |||||
CVE-2023-32531 | 1 Trendmicro | 1 Apex Central | 2023-12-10 | N/A | 6.1 MEDIUM |
Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32532 through 32535. | |||||
CVE-2023-34146 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2023-12-10 | N/A | 7.8 HIGH |
An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34147 and CVE-2023-34148. | |||||
CVE-2023-30902 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2023-12-10 | N/A | 5.5 MEDIUM |
A privilege escalation vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to unintentionally delete privileged Trend Micro registry keys including its own protected registry keys on affected installations. | |||||
CVE-2023-32526 | 1 Trendmicro | 1 Mobile Security | 2023-12-10 | N/A | 6.5 MEDIUM |
Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32525. | |||||
CVE-2023-32536 | 1 Trendmicro | 1 Apex Central | 2023-12-10 | N/A | 5.4 MEDIUM |
Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Please note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32537. | |||||
CVE-2023-35695 | 1 Trendmicro | 1 Mobile Security | 2023-12-10 | N/A | 7.5 HIGH |
A remote attacker could leverage a vulnerability in Trend Micro Mobile Security (Enterprise) 9.8 SP5 to download a particular log file which may contain sensitive information regarding the product. | |||||
CVE-2023-34144 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2023-12-10 | N/A | 7.8 HIGH |
An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34145. | |||||
CVE-2023-32524 | 1 Trendmicro | 1 Mobile Security | 2023-12-10 | N/A | 8.8 HIGH |
Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32523. | |||||
CVE-2023-32532 | 1 Trendmicro | 1 Apex Central | 2023-12-10 | N/A | 6.1 MEDIUM |
Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32531 through 32535. |