Vulnerabilities > Trendmicro
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-12 | CVE-2022-44654 | Unspecified vulnerability in Trendmicro Apex ONE 14.0.10349/2019 Affected builds of Trend Micro Apex One and Apex One as a Service contain a monitor engine component that is complied without the /SAFESEH memory protection mechanism which helps to monitor for malicious payloads. | 7.5 |
| 2022-12-12 | CVE-2022-45797 | Unspecified vulnerability in Trendmicro Apex ONE 2019 An arbitrary file deletion vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges and delete files on affected installations. | 7.1 |
| 2022-10-10 | CVE-2022-41744 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Trendmicro Apex ONE 2019 A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One Vulnerability Protection integrated component could allow a local attacker to escalate privileges and turn a specific working directory into a mount point on affected installations. | 7.0 |
| 2022-10-10 | CVE-2022-41745 | Out-of-bounds Read vulnerability in Trendmicro Apex ONE 2019 An Out-of-Bounds access vulnerability in Trend Micro Apex One could allow a local attacker to create a specially crafted message to cause memory corruption on a certain service process which could lead to local privilege escalation on affected installations. | 7.0 |
| 2022-10-10 | CVE-2022-41746 | Forced Browsing vulnerability in Trendmicro Apex ONE 2019 A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to the Apex One console on affected installations to escalate privileges and modify certain agent groupings. | 9.1 |
| 2022-10-10 | CVE-2022-41747 | Improper Certificate Validation vulnerability in Trendmicro Apex ONE 2019 An improper certification validation vulnerability in Trend Micro Apex One agents could allow a local attacker to load a DLL file with system service privileges on affected installations. | 7.8 |
| 2022-10-10 | CVE-2022-41748 | Incorrect Default Permissions vulnerability in Trendmicro Apex ONE 2019 A registry permissions vulnerability in the Trend Micro Apex One Data Loss Prevention (DLP) module could allow a local attacker with administrative credentials to bypass certain elements of the product's anti-tampering mechanisms on affected installations. | 6.7 |
| 2022-10-10 | CVE-2022-41749 | Origin Validation Error vulnerability in Trendmicro Apex ONE 2019 An origin validation error vulnerability in Trend Micro Apex One agents could allow a local attacker to escalate privileges on affected installations. | 7.8 |
| 2022-09-28 | CVE-2022-40707 | Out-of-bounds Read vulnerability in Trendmicro Deep Security 20.0 An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. | 3.3 |
| 2022-09-28 | CVE-2022-40708 | Out-of-bounds Read vulnerability in Trendmicro Deep Security 20.0 An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. | 3.3 |