Vulnerabilities > Trendmicro
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-01 | CVE-2020-28575 | Out-of-bounds Write vulnerability in Trendmicro Serverprotect 3.0 A heap-based buffer overflow privilege escalation vulnerability in Trend Micro ServerProtect for Linux 3.0 may allow an attacker to escalate privileges on affected installations. | 6.7 |
| 2020-12-01 | CVE-2020-28573 | Unspecified vulnerability in Trendmicro Apex ONE and Officescan An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal the total agents managed by the server. | 5.3 |
| 2020-11-18 | CVE-2020-28581 | OS Command Injection vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5 A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges. | 7.2 |
| 2020-11-18 | CVE-2020-28580 | OS Command Injection vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5 A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges. | 7.2 |
| 2020-11-18 | CVE-2020-28579 | Out-of-bounds Write vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5 A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges. | 8.8 |
| 2020-11-18 | CVE-2020-28578 | Out-of-bounds Write vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5 A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges. | 9.8 |
| 2020-11-18 | CVE-2020-28574 | Path Traversal vulnerability in Trendmicro Worry-Free Business Security 10.0 A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-Free Business Security 10 SP1 could allow an unauthenticated attacker to exploit the vulnerability and modify or delete arbitrary files on the product's management console. | 7.5 |
| 2020-11-18 | CVE-2020-28572 | Unspecified vulnerability in Trendmicro Apex ONE 2019 A vulnerability in Trend Micro Apex One could allow an unprivileged user to abuse the product installer to reinstall the agent with additional malicious code in the context of a higher privilege. | 7.8 |
| 2020-11-18 | CVE-2020-27697 | Link Following vulnerability in Trendmicro products Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a non-protected location with high privileges (symlink attack) which can lead to obtaining administrative privileges during the installation of the product. | 7.8 |
| 2020-11-18 | CVE-2020-27696 | Unspecified vulnerability in Trendmicro products Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a specific Windows system directory which can lead to obtaining administrative privileges during the installation of the product. | 7.8 |