Vulnerabilities > Trendmicro > High

DATE CVE VULNERABILITY TITLE RISK
2019-12-24 CVE-2019-19695 Link Following vulnerability in Trendmicro Antivirus 9.0/9.0.1379
A privilege escalation vulnerability in Trend Micro Antivirus for Mac 2019 (v9.0.1379 and below) could potentially allow an attacker to create a symbolic link to a target file and modify it.
network
low complexity
trendmicro CWE-59
7.5
2019-12-20 CVE-2019-19693 Link Following vulnerability in Trendmicro products
The Trend Micro Security 2020 consumer family of products contains a vulnerability that could allow a local attacker to disclose sensitive information or to create a denial-of-service condition on affected installations.
local
low complexity
trendmicro CWE-59
7.1
2019-12-18 CVE-2019-19689 Uncontrolled Search Path Element vulnerability in Trendmicro Housecall for Home Networks
Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited via a DLL Hijack related to a vulnerability on the packer that the program uses.
local
low complexity
trendmicro CWE-427
7.8
2019-12-18 CVE-2019-19688 Unspecified vulnerability in Trendmicro Housecall for Home Networks
A privilege escalation vulnerability in Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited allowing an attacker to place a malicious DLL file into the application directory and elevate privileges.
local
low complexity
trendmicro
7.8
2019-12-16 CVE-2019-18191 Incomplete Cleanup vulnerability in Trendmicro Deep Security AS a Service
A privilege escalation vulnerability in the Trend Micro Deep Security as a Service Quick Setup cloud formation template could allow an authenticated entity with certain unrestricted AWS execution privileges to escalate to full privileges within the target AWS account.
network
low complexity
trendmicro CWE-459
8.8
2019-12-02 CVE-2019-15628 Untrusted Search Path vulnerability in Trendmicro products
Trend Micro Security (Consumer) 2020 (v16.0.1221 and below) is affected by a DLL hijacking vulnerability that could allow an attacker to use a specific service as an execution and/or persistence mechanism which could execute a malicious program each time the service is started.
local
low complexity
trendmicro CWE-426
7.8
2019-11-25 CVE-2019-15629 Unspecified vulnerability in Trendmicro Password Manager
Trend Micro Password Manager versions 3.x, 5.0, and 5.1 for Android is affected by a FLAG_MISUSE vulnerability that could be exploited to allow the application to share information to third-party applications on the device.
network
low complexity
trendmicro
7.5
2019-10-28 CVE-2019-18188 Command Injection vulnerability in Trendmicro Apex ONE 2019
Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could potentially lead to remote code execution (RCE).
network
low complexity
trendmicro CWE-77
7.5
2019-10-28 CVE-2019-18187 Path Traversal vulnerability in Trendmicro Officescan 11.0/Xg
Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution (RCE).
network
low complexity
trendmicro CWE-22
7.5
2019-10-21 CVE-2019-9491 Uncontrolled Search Path Element vulnerability in Trendmicro Anti-Threat Toolkit 1.62.0.1218
Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed.
local
low complexity
trendmicro CWE-427
7.8