Vulnerabilities > Trendmicro > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-18 | CVE-2020-28579 | Out-of-bounds Write vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5 A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges. | 6.5 |
| 2020-11-18 | CVE-2020-28574 | Path Traversal vulnerability in Trendmicro Worry-Free Business Security 10.0 A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-Free Business Security 10 SP1 could allow an unauthenticated attacker to exploit the vulnerability and modify or delete arbitrary files on the product's management console. | 6.4 |
| 2020-11-18 | CVE-2020-28572 | Improper Privilege Management vulnerability in Trendmicro Apex ONE 2019 A vulnerability in Trend Micro Apex One could allow an unprivileged user to abuse the product installer to reinstall the agent with additional malicious code in the context of a higher privilege. | 4.6 |
| 2020-11-18 | CVE-2020-27697 | Link Following vulnerability in Trendmicro products Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a non-protected location with high privileges (symlink attack) which can lead to obtaining administrative privileges during the installation of the product. | 6.9 |
| 2020-11-18 | CVE-2020-27696 | Unspecified vulnerability in Trendmicro products Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a specific Windows system directory which can lead to obtaining administrative privileges during the installation of the product. local trendmicro | 6.9 |
| 2020-11-18 | CVE-2020-27695 | Untrusted Search Path vulnerability in Trendmicro products Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a local directory which can lead to obtaining administrative privileges during the installation of the product. | 6.9 |
| 2020-11-09 | CVE-2020-27694 | Unspecified vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 8.5.1.1516/9.0/9.1 Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 has updated a specific critical library that may vulnerable to attack. | 6.5 |
| 2020-11-09 | CVE-2020-27017 | XML Entity Expansion vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 8.5.1.1516/9.0/9.1 Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an XML External Entity Processing (XXE) vulnerability which could allow an authenticated administrator to read arbitrary local files. | 4.0 |
| 2020-11-09 | CVE-2020-27016 | Cross-Site Request Forgery (CSRF) vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 8.5.1.1516/9.0/9.1 Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a cross-site request forgery (CSRF) vulnerability which could allow an attacker to modify policy rules by tricking an authenticated administrator into accessing an attacker-controlled web page. | 6.8 |
| 2020-10-30 | CVE-2020-27014 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Trendmicro Antivirus 2020 Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash.\n\n\r\nAn attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. | 6.9 |