Vulnerabilities > Trendmicro
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-28 | CVE-2019-18187 | Path Traversal vulnerability in Trendmicro Officescan 11.0/Xg Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution (RCE). | 5.0 |
| 2019-10-21 | CVE-2019-9491 | Uncontrolled Search Path Element vulnerability in Trendmicro Anti-Threat Toolkit 1.62.0.1218 Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed. | 7.8 |
| 2019-10-17 | CVE-2019-15627 | Link Following vulnerability in Trendmicro Deep Security 10.0/11.0/12.0 Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security Agent are vulnerable to an arbitrary file delete attack, which may lead to availability impact. | 6.6 |
| 2019-10-17 | CVE-2019-15626 | Cleartext Transmission of Sensitive Information vulnerability in Trendmicro Deep Security 10.0/11.0/12.0 The Deep Security Manager application (Versions 10.0, 11.0 and 12.0), when configured in a certain way, may transmit initial LDAP communication in clear text. | 4.3 |
| 2019-09-11 | CVE-2019-9488 | XXE vulnerability in Trendmicro Deep Security Manager and vulnerability Protection Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Protection (2.0) are vulnerable to a XML External Entity Attack. | 4.0 |
| 2019-08-21 | CVE-2019-14686 | Untrusted Search Path vulnerability in Trendmicro products A DLL hijacking vulnerability exists in the Trend Micro Security's 2019 consumer family of products (v15) Folder Shield component and the standalone Trend Micro Ransom Buster (1.0) tool in which, if exploited, would allow an attacker to load a malicious DLL, leading to elevated privileges. | 6.8 |
| 2019-08-21 | CVE-2019-14685 | Unquoted Search Path or Element vulnerability in Trendmicro products A local privilege escalation vulnerability exists in Trend Micro Security 2019 (v15.0) in which, if exploited, would allow an attacker to manipulate a specific product feature to load a malicious service. | 7.2 |
| 2019-08-20 | CVE-2019-14687 | Uncontrolled Search Path Element vulnerability in Trendmicro Password Manager 5.0 A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process. | 7.8 |
| 2019-08-20 | CVE-2019-14684 | Untrusted Search Path vulnerability in Trendmicro Password Manager 5.0 A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process. | 9.3 |
| 2019-07-26 | CVE-2019-9492 | Untrusted Search Path vulnerability in Trendmicro Officescan 11.0/Xg A DLL side-loading vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow an authenticated attacker to gain code execution and terminate the product's process - disabling endpoint protection. | 4.6 |