Vulnerabilities > Trendmicro

DATE CVE VULNERABILITY TITLE RISK
2021-07-08 CVE-2021-32461 Incorrect Conversion Between Numeric Types vulnerability in Trendmicro Password Manager
Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Integer Truncation Privilege Escalation vulnerability which could allow a local attacker to trigger a buffer overflow and escalate privileges on affected installations.
local
low complexity
trendmicro CWE-681
7.2
2021-07-08 CVE-2021-32462 Unspecified vulnerability in Trendmicro Password Manager
Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Exposed Hazardous Function Remote Code Execution vulnerability which could allow an unprivileged client to manipulate the registry and escalate privileges to SYSTEM on affected installations.
network
low complexity
trendmicro
critical
9.0
2021-06-17 CVE-2021-31521 Cross-Site Scripting vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
Trend Micro InterScan Web Security Virtual Appliance version 6.5 was found to have a reflected cross-site scripting (XSS) vulnerability in the product's Captive Portal.
network
trendmicro CWE-79
3.5
2021-06-03 CVE-2021-32460 Incorrect Authorization vulnerability in Trendmicro Maximum Security 2021 17.0
The Trend Micro Maximum Security 2021 (v17) consumer product is vulnerable to an improper access control vulnerability in the installer which could allow a local attacker to escalate privileges on a target machine.
local
low complexity
trendmicro CWE-863
7.2
2021-05-27 CVE-2021-32458 Out-Of-Bounds Write vulnerability in Trendmicro Home Network Security
Trend Micro Home Network Security version 6.6.604 and earlier is vulnerable to an iotcl stack-based buffer overflow vulnerability which could allow an attacker to issue a specially crafted iotcl which could lead to code execution on affected devices.
local
low complexity
trendmicro CWE-787
7.2
2021-05-27 CVE-2021-32459 USE of Hard-Coded Credentials vulnerability in Trendmicro Home Network Security
Trend Micro Home Network Security version 6.6.604 and earlier contains a hard-coded password vulnerability in the log collection server which could allow an attacker to use a specially crafted network request to lead to arbitrary authentication.
network
low complexity
trendmicro CWE-798
5.5
2021-05-26 CVE-2021-32457 Improper Privilege Management vulnerability in Trendmicro Home Network Security 6.1.567
Trend Micro Home Network Security version 6.6.604 and earlier is vulnerable to an iotcl stack-based buffer overflow vulnerability which could allow an attacker to issue a specially crafted iotcl to escalate privileges on affected devices.
local
low complexity
trendmicro CWE-269
4.6
2021-05-12 CVE-2021-28649 Incorrect Default Permissions vulnerability in Trendmicro Housecall for Home Networks 5.3.0.1063
An incorrect permission vulnerability in the product installer for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing arbitrary code on a specified folder and have that code be executed by an Administrator who is running a scan.
4.4
2021-05-12 CVE-2021-31519 Incorrect Default Permissions vulnerability in Trendmicro Housecall for Home Networks 5.3.0.1063
An incorrect permission vulnerability in the product installer folders for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing arbitrary code on a specified folder and have that code be executed by an Administrator who is running a scan.
4.4
2021-05-10 CVE-2021-31520 Improper Authentication vulnerability in Trendmicro IM Security 1.6/1.6.5
A weak session token authentication bypass vulnerability in Trend Micro IM Security 1.6 and 1.6.5 could allow an remote attacker to guess currently logged-in administrators' session session token in order to gain access to the product's web management interface.
6.8