Vulnerabilities > Trendmicro > Antivirus Security 2020

DATE CVE VULNERABILITY TITLE RISK
2021-02-10 CVE-2021-25251 Code Injection vulnerability in Trendmicro products
The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program's password protection and disable protection.
network
low complexity
trendmicro CWE-94
6.5
2020-11-18 CVE-2020-27697 Link Following vulnerability in Trendmicro products
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a non-protected location with high privileges (symlink attack) which can lead to obtaining administrative privileges during the installation of the product.
6.9
2020-11-18 CVE-2020-27696 Unspecified vulnerability in Trendmicro products
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a specific Windows system directory which can lead to obtaining administrative privileges during the installation of the product.
local
trendmicro
6.9
2020-11-18 CVE-2020-27695 Untrusted Search Path vulnerability in Trendmicro products
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a local directory which can lead to obtaining administrative privileges during the installation of the product.
6.9
2020-01-18 CVE-2019-20357 Improper Input Validation vulnerability in Trendmicro products
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.
local
low complexity
trendmicro CWE-20
7.2
2019-12-20 CVE-2019-19693 Information Exposure vulnerability in Trendmicro products
The Trend Micro Security 2020 consumer family of products contains a vulnerability that could allow a local attacker to disclose sensitive information or to create a denial-of-service condition on affected installations.
local
low complexity
trendmicro CWE-200
3.6
2019-12-09 CVE-2019-18190 NULL Pointer Dereference vulnerability in Trendmicro products
Trend Micro Security (Consumer) 2020 (v16.x) is affected by a vulnerability in where null pointer dereference errors result in the crash of application, which could potentially lead to possible unsigned code execution under certain circumstances.
network
low complexity
trendmicro CWE-476
7.5
2019-12-02 CVE-2019-15628 Untrusted Search Path vulnerability in Trendmicro products
Trend Micro Security (Consumer) 2020 (v16.0.1221 and below) is affected by a DLL hijacking vulnerability that could allow an attacker to use a specific service as an execution and/or persistence mechanism which could execute a malicious program each time the service is started.
6.9