Vulnerabilities > Trendmicro
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-18 | CVE-2019-19690 | Weak Password Requirements vulnerability in Trendmicro Mobile Security 10.3.1/9.7/9.8 Trend Micro Mobile Security for Android (Consumer) versions 10.3.1 and below on Android 8.0+ has an issue in which an attacker could bypass the product's App Password Protection feature. | 9.8 |
| 2019-12-18 | CVE-2019-19689 | Uncontrolled Search Path Element vulnerability in Trendmicro Housecall for Home Networks Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited via a DLL Hijack related to a vulnerability on the packer that the program uses. | 7.8 |
| 2019-12-18 | CVE-2019-19688 | Unspecified vulnerability in Trendmicro Housecall for Home Networks A privilege escalation vulnerability in Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited allowing an attacker to place a malicious DLL file into the application directory and elevate privileges. | 7.8 |
| 2019-12-16 | CVE-2019-18191 | Incomplete Cleanup vulnerability in Trendmicro Deep Security AS a Service A privilege escalation vulnerability in the Trend Micro Deep Security as a Service Quick Setup cloud formation template could allow an authenticated entity with certain unrestricted AWS execution privileges to escalate to full privileges within the target AWS account. | 8.8 |
| 2019-12-09 | CVE-2019-18190 | NULL Pointer Dereference vulnerability in Trendmicro products Trend Micro Security (Consumer) 2020 (v16.x) is affected by a vulnerability in where null pointer dereference errors result in the crash of application, which could potentially lead to possible unsigned code execution under certain circumstances. | 9.8 |
| 2019-12-02 | CVE-2019-15628 | Untrusted Search Path vulnerability in Trendmicro products Trend Micro Security (Consumer) 2020 (v16.0.1221 and below) is affected by a DLL hijacking vulnerability that could allow an attacker to use a specific service as an execution and/or persistence mechanism which could execute a malicious program each time the service is started. | 7.8 |
| 2019-11-25 | CVE-2019-15629 | Unspecified vulnerability in Trendmicro Password Manager Trend Micro Password Manager versions 3.x, 5.0, and 5.1 for Android is affected by a FLAG_MISUSE vulnerability that could be exploited to allow the application to share information to third-party applications on the device. | 7.5 |
| 2019-10-28 | CVE-2019-18189 | Path Traversal vulnerability in Trendmicro Apex One, Officescan and Worry-Free Business Security A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. | 9.8 |
| 2019-10-28 | CVE-2019-18188 | Command Injection vulnerability in Trendmicro Apex ONE 2019 Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could potentially lead to remote code execution (RCE). | 7.5 |
| 2019-10-28 | CVE-2019-18187 | Path Traversal vulnerability in Trendmicro Officescan 11.0/Xg Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution (RCE). | 7.5 |