Vulnerabilities > Trendmicro > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-14 | CVE-2020-25777 | Unspecified vulnerability in Trendmicro Antivirus 2019/2020 Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a specific kernel extension request attack where an attacker could bypass the Web Threat Protection feature of the product. network trendmicro | 5.8 |
| 2020-09-29 | CVE-2020-25775 | Race Condition vulnerability in Trendmicro products The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product's secure erase feature to delete files with a higher set of privileges. | 6.3 |
| 2020-09-29 | CVE-2020-25774 | Out-of-bounds Read vulnerability in Trendmicro Apex ONE 2019/Saas A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to trigger an out-of-bounds red information disclosure which would disclose sensitive information to an unprivileged account. | 4.3 |
| 2020-09-29 | CVE-2020-25773 | Double Free vulnerability in Trendmicro Apex ONE 2019/Saas A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to execute arbitrary code on affected products. | 6.8 |
| 2020-09-24 | CVE-2020-24560 | Improper Certificate Validation vulnerability in Trendmicro products An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. | 5.0 |
| 2020-09-24 | CVE-2020-15604 | Improper Certificate Validation vulnerability in Trendmicro products An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. | 5.0 |
| 2020-08-27 | CVE-2020-8602 | Incorrect Permission Assignment for Critical Resource vulnerability in Trendmicro Deep Security Manager and vulnerability Protection A vulnerability in the management consoles of Trend Micro Deep Security 10.0-12.0 and Trend Micro Vulnerability Protection 2.0 SP2 may allow an authenticated attacker with full control privileges to bypass file integrity checks, leading to remote code execution. | 6.5 |
| 2020-08-27 | CVE-2020-15605 | Improper Authentication vulnerability in Trendmicro Deep Security Manager and vulnerability Protection If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Vulnerability Protection 2.0 SP2 could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. | 5.1 |
| 2020-08-27 | CVE-2020-15601 | Improper Authentication vulnerability in Trendmicro Deep Security Manager and vulnerability Protection If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Deep Security 10.x-12.x could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. | 5.1 |
| 2020-07-15 | CVE-2020-15602 | Untrusted Search Path vulnerability in Trendmicro products An untrusted search path remote code execution (RCE) vulnerability in the Trend Micro Secuity 2020 (v16.0.0.1146 and below) consumer family of products could allow an attacker to run arbitrary code on a vulnerable system. | 6.9 |