Vulnerabilities > Trendmicro > Antivirus > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-30 | CVE-2020-27015 | Information Exposure Through an Error Message vulnerability in Trendmicro Antivirus 2020 Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland. | 4.4 |
| 2020-10-30 | CVE-2020-27014 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Trendmicro Antivirus 2020 Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash.\n\n\r\nAn attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. | 6.4 |
| 2020-10-14 | CVE-2020-27013 | Unspecified vulnerability in Trendmicro Antivirus 2020 Trend Micro Antivirus for Mac 2020 (Consumer) contains a vulnerability in the product that occurs when a webserver is started that implements an API with several properties that can be read and written to allowing the attacker to gather and modify sensitive product and user data. | 4.4 |
| 2020-10-14 | CVE-2020-25778 | Information Exposure Through an Error Message vulnerability in Trendmicro Antivirus 2019/2020 Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in a specific kernel extension where an attacker could supply a kernel pointer and leak several bytes of memory. | 6.0 |
| 2020-10-14 | CVE-2020-25777 | Unspecified vulnerability in Trendmicro Antivirus 2019/2020 Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a specific kernel extension request attack where an attacker could bypass the Web Threat Protection feature of the product. | 5.4 |
| 2018-05-25 | CVE-2018-6234 | Out-of-bounds Read vulnerability in Trendmicro products An Out-of-Bounds Read Information Disclosure vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to disclose sensitive information on vulnerable installations due to a flaw within processing of IOCTL 0x222814 by the tmnciesc.sys driver. | 5.5 |
| 2017-03-21 | CVE-2017-5565 | Uncontrolled Search Path Element vulnerability in Trendmicro products Code injection vulnerability in Trend Micro Maximum Security 11.0 (and earlier), Internet Security 11.0 (and earlier), and Antivirus+ Security 11.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Trend Micro process via a "DoubleAgent" attack. | 6.7 |