Vulnerabilities > Trendmicro > High

DATE CVE VULNERABILITY TITLE RISK
2019-10-17 CVE-2019-15627 Link Following vulnerability in Trendmicro Deep Security 10.0/11.0/12.0
Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security Agent are vulnerable to an arbitrary file delete attack, which may lead to availability impact.
local
low complexity
trendmicro CWE-59
7.1
2019-10-17 CVE-2019-15626 Cleartext Transmission of Sensitive Information vulnerability in Trendmicro Deep Security 10.0/11.0/12.0
The Deep Security Manager application (Versions 10.0, 11.0 and 12.0), when configured in a certain way, may transmit initial LDAP communication in clear text.
network
low complexity
trendmicro CWE-319
7.5
2019-08-21 CVE-2019-14686 Uncontrolled Search Path Element vulnerability in Trendmicro products
A DLL hijacking vulnerability exists in the Trend Micro Security's 2019 consumer family of products (v15) Folder Shield component and the standalone Trend Micro Ransom Buster (1.0) tool in which, if exploited, would allow an attacker to load a malicious DLL, leading to elevated privileges.
local
low complexity
trendmicro CWE-427
7.8
2019-08-21 CVE-2019-14685 Unquoted Search Path or Element vulnerability in Trendmicro products
A local privilege escalation vulnerability exists in Trend Micro Security 2019 (v15.0) in which, if exploited, would allow an attacker to manipulate a specific product feature to load a malicious service.
local
low complexity
trendmicro CWE-428
7.8
2019-08-20 CVE-2019-14687 Uncontrolled Search Path Element vulnerability in Trendmicro Password Manager 5.0
A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process.
local
low complexity
trendmicro CWE-427
7.8
2019-08-20 CVE-2019-14684 Uncontrolled Search Path Element vulnerability in Trendmicro Password Manager 5.0
A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process.
local
low complexity
trendmicro CWE-427
7.8
2019-07-26 CVE-2019-9492 Untrusted Search Path vulnerability in Trendmicro Officescan 11.0/Xg
A DLL side-loading vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow an authenticated attacker to gain code execution and terminate the product's process - disabling endpoint protection.
local
low complexity
trendmicro CWE-426
7.8
2019-04-05 CVE-2019-9490 Unspecified vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance version 6.5 SP2 could allow an non-authorized user to disclose administrative credentials.
network
low complexity
trendmicro
8.8
2019-04-05 CVE-2019-9489 Path Traversal vulnerability in Trendmicro products
A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0) could allow an attacker to modify arbitrary files on the affected product's management console.
network
low complexity
trendmicro CWE-22
7.5
2019-02-05 CVE-2018-18334 Information Exposure vulnerability in Trendmicro DR. Safety
A vulnerability in the Private Browser of Trend Micro Dr.
network
low complexity
trendmicro CWE-200
7.5