Filtered by vendor Trendmicro
Subscriptions
Total
497 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-38627 | 1 Trendmicro | 1 Apex Central | 2024-08-02 | 5.4 Medium |
A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-38626. | ||||
CVE-2023-35695 | 1 Trendmicro | 1 Mobile Security | 2024-08-02 | 7.5 High |
A remote attacker could leverage a vulnerability in Trend Micro Mobile Security (Enterprise) 9.8 SP5 to download a particular log file which may contain sensitive information regarding the product. | ||||
CVE-2023-34144 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-08-02 | 7.8 High |
An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34145. | ||||
CVE-2023-34147 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-08-02 | 7.8 High |
An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34148. | ||||
CVE-2023-34148 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-08-02 | 7.8 High |
An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34147. | ||||
CVE-2023-34145 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-08-02 | 7.8 High |
An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34144. | ||||
CVE-2023-34146 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-08-02 | 7.8 High |
An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34147 and CVE-2023-34148. | ||||
CVE-2023-32605 | 1 Trendmicro | 1 Apex Central | 2024-08-02 | 5.4 Medium |
Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Please note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32604. | ||||
CVE-2023-32524 | 1 Trendmicro | 1 Mobile Security | 2024-08-02 | 8.8 High |
Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32523. | ||||
CVE-2023-32530 | 1 Trendmicro | 1 Apex Central | 2024-08-02 | 8.8 High |
Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection that could lead to remote code execution. Please note: an attacker must first obtain authentication on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32529. | ||||
CVE-2023-32522 | 1 Trendmicro | 1 Mobile Security | 2024-08-02 | 8.1 High |
A path traversal exists in a specific dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an authenticated remote attacker to delete arbitrary files. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
CVE-2023-32554 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-08-02 | 7.0 High |
A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: a local attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32555. | ||||
CVE-2023-32556 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-08-02 | 5.5 Medium |
A link following vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to disclose sensitive information. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
CVE-2023-32521 | 1 Trendmicro | 1 Mobile Security | 2024-08-02 | 9.1 Critical |
A path traversal exists in a specific service dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an unauthenticated remote attacker to delete arbitrary files. | ||||
CVE-2023-32528 | 1 Trendmicro | 1 Mobile Security | 2024-08-02 | 8.8 High |
Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32527. | ||||
CVE-2023-32529 | 1 Trendmicro | 1 Apex Central | 2024-08-02 | 8.8 High |
Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection that could lead to remote code execution. Please note: an attacker must first obtain authentication on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32530. | ||||
CVE-2023-32555 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-08-02 | 7.0 High |
A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: a local attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32554. | ||||
CVE-2023-32552 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-08-02 | 5.3 Medium |
An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. This is similar to, but not identical to CVE-2023-32553 | ||||
CVE-2023-32523 | 1 Trendmicro | 1 Mobile Security | 2024-08-02 | 8.8 High |
Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32524. | ||||
CVE-2023-32553 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-08-02 | 5.3 Medium |
An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. This is similar to, but not identical to CVE-2023-32552. |