Vulnerabilities > Trendmicro > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-27 | CVE-2021-25247 | Uncontrolled Search Path Element vulnerability in Trendmicro Housecall for Home Networks 5.3.0.1063 A DLL hijacking vulnerability Trend Micro HouseCall for Home Networks version 5.3.1063 and below could allow an attacker to use a malicious DLL to escalate privileges and perform arbitrary code execution. | 4.4 |
| 2020-12-17 | CVE-2020-8464 | Server-Side Request Forgery (SSRF) vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5 A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access. | 5.0 |
| 2020-12-17 | CVE-2020-8463 | Incorrect Authorization vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5 A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to bypass a global authorization check for anonymous users by manipulating request paths. | 5.0 |
| 2020-12-17 | CVE-2020-8461 | Cross-Site Request Forgery (CSRF) vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5 A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim's browser to send a specifically encoded request without requiring a valid CSRF token. | 6.8 |
| 2020-12-01 | CVE-2020-28583 | Information Exposure vulnerability in Trendmicro Apex ONE and Officescan An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version, build and patch information. | 5.0 |
| 2020-12-01 | CVE-2020-28582 | Information Exposure vulnerability in Trendmicro Apex ONE and Officescan An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of managed agents. | 5.0 |
| 2020-12-01 | CVE-2020-28577 | Information Exposure vulnerability in Trendmicro Apex ONE and Officescan An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names. | 5.0 |
| 2020-12-01 | CVE-2020-28576 | Information Exposure vulnerability in Trendmicro Apex ONE and Officescan An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version and build information. | 5.0 |
| 2020-12-01 | CVE-2020-28575 | Out-of-bounds Write vulnerability in Trendmicro Serverprotect 3.0 A heap-based buffer overflow privilege escalation vulnerability in Trend Micro ServerProtect for Linux 3.0 may allow an attacker to escalate privileges on affected installations. | 4.6 |
| 2020-12-01 | CVE-2020-28573 | Information Exposure vulnerability in Trendmicro Apex ONE and Officescan An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal the total agents managed by the server. | 5.0 |