Vulnerabilities > Trendmicro > High

DATE CVE VULNERABILITY TITLE RISK
2022-12-12 CVE-2022-44650 Out-of-bounds Write vulnerability in Trendmicro Apex ONE 14.0.10349/2019
A memory corruption vulnerability in the Unauthorized Change Prevention service of Trend Micro Apex One and Apex One as a Service could allow a local attacker to elevate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
local
low complexity
trendmicro CWE-787
7.8
2022-12-12 CVE-2022-44651 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Trendmicro Apex ONE 14.0.10349/2019
A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
local
high complexity
trendmicro CWE-367
7.0
2022-12-12 CVE-2022-44652 Improper Handling of Exceptional Conditions vulnerability in Trendmicro Apex ONE 14.0.10349/2019
An improper handling of exceptional conditions vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
local
low complexity
trendmicro CWE-755
7.8
2022-12-12 CVE-2022-44653 Path Traversal vulnerability in Trendmicro Apex ONE 14.0.10349/2019
A security agent directory traversal vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
local
low complexity
trendmicro CWE-22
7.8
2022-12-12 CVE-2022-44654 Unspecified vulnerability in Trendmicro Apex ONE 14.0.10349/2019
Affected builds of Trend Micro Apex One and Apex One as a Service contain a monitor engine component that is complied without the /SAFESEH memory protection mechanism which helps to monitor for malicious payloads.
network
low complexity
trendmicro
7.5
2022-12-12 CVE-2022-45797 Unspecified vulnerability in Trendmicro Apex ONE 2019
An arbitrary file deletion vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges and delete files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
local
low complexity
trendmicro
7.1
2022-10-10 CVE-2022-41744 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Trendmicro Apex ONE 2019
A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One Vulnerability Protection integrated component could allow a local attacker to escalate privileges and turn a specific working directory into a mount point on affected installations.
local
high complexity
trendmicro CWE-367
7.0
2022-10-10 CVE-2022-41745 Out-of-bounds Read vulnerability in Trendmicro Apex ONE 2019
An Out-of-Bounds access vulnerability in Trend Micro Apex One could allow a local attacker to create a specially crafted message to cause memory corruption on a certain service process which could lead to local privilege escalation on affected installations.
local
high complexity
trendmicro CWE-125
7.0
2022-10-10 CVE-2022-41747 Improper Certificate Validation vulnerability in Trendmicro Apex ONE 2019
An improper certification validation vulnerability in Trend Micro Apex One agents could allow a local attacker to load a DLL file with system service privileges on affected installations.
local
low complexity
trendmicro CWE-295
7.8
2022-10-10 CVE-2022-41749 Origin Validation Error vulnerability in Trendmicro Apex ONE 2019
An origin validation error vulnerability in Trend Micro Apex One agents could allow a local attacker to escalate privileges on affected installations.
local
low complexity
trendmicro CWE-346
7.8