Vulnerabilities > Trendmicro > High

DATE CVE VULNERABILITY TITLE RISK
2021-05-12 CVE-2021-31519 Incorrect Default Permissions vulnerability in Trendmicro Housecall for Home Networks 5.3.0.1063/5.3.1179
An incorrect permission vulnerability in the product installer folders for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing arbitrary code on a specified folder and have that code be executed by an Administrator who is running a scan.
local
low complexity
trendmicro CWE-276
7.3
2021-05-10 CVE-2021-31520 Improper Authentication vulnerability in Trendmicro IM Security 1.6/1.6.5
A weak session token authentication bypass vulnerability in Trend Micro IM Security 1.6 and 1.6.5 could allow an remote attacker to guess currently logged-in administrators' session session token in order to gain access to the product's web management interface.
network
high complexity
trendmicro CWE-287
8.1
2021-05-05 CVE-2021-31518 Unspecified vulnerability in Trendmicro Home Network Security
Trend Micro Home Network Security 6.5.599 and earlier is vulnerable to a file-parsing vulnerability which could allow an attacker to exploit the vulnerability and cause a denial-of-service to the device.
network
low complexity
trendmicro
7.5
2021-05-05 CVE-2021-31517 Unspecified vulnerability in Trendmicro Home Network Security
Trend Micro Home Network Security 6.5.599 and earlier is vulnerable to a file-parsing vulnerability which could allow an attacker to exploit the vulnerability and cause a denial-of-service to the device.
network
low complexity
trendmicro
7.5
2021-04-22 CVE-2021-28648 Unspecified vulnerability in Trendmicro Antivirus 10.5/11.0
Trend Micro Antivirus for Mac 2020 v10.5 and 2021 v11 (Consumer) is vulnerable to an improper access control privilege escalation vulnerability that could allow an attacker to establish a connection that could lead to full local privilege escalation within the application.
local
low complexity
trendmicro
7.8
2021-04-13 CVE-2021-28647 Uncontrolled Search Path Element vulnerability in Trendmicro Password Manager 5.0/5.0.0.1076/5.0.0.1081
Trend Micro Password Manager version 5 (Consumer) is vulnerable to a DLL Hijacking vulnerability which could allow an attacker to inject a malicious DLL file during the installation progress and could execute a malicious program each time a user installs a program.
local
low complexity
trendmicro CWE-427
7.8
2021-04-13 CVE-2021-28645 Incorrect Permission Assignment for Critical Resource vulnerability in Trendmicro Apex ONE and Officescan
An incorrect permission assignment vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to escalate privileges on affected installations.
local
low complexity
trendmicro CWE-732
7.8
2021-04-13 CVE-2021-25253 Incorrect Permission Assignment for Critical Resource vulnerability in Trendmicro Apex ONE and Officescan
An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a resource used by the service could allow a local attacker to escalate privileges on affected installations.
local
low complexity
trendmicro CWE-732
7.8
2021-04-13 CVE-2021-25250 Incorrect Permission Assignment for Critical Resource vulnerability in Trendmicro Apex ONE and Officescan
An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a sensitive file could allow a local attacker to escalate privileges on affected installations.
local
low complexity
trendmicro CWE-732
7.8
2021-02-10 CVE-2021-25251 Code Injection vulnerability in Trendmicro products
The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program's password protection and disable protection.
network
low complexity
trendmicro CWE-94
7.2