Vulnerabilities > Trendmicro > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-10-14 CVE-2020-25777 Unspecified vulnerability in Trendmicro Antivirus 2019/2020
Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a specific kernel extension request attack where an attacker could bypass the Web Threat Protection feature of the product.
network
trendmicro
5.8
2020-09-29 CVE-2020-25775 Race Condition vulnerability in Trendmicro products
The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product's secure erase feature to delete files with a higher set of privileges.
6.3
2020-09-29 CVE-2020-25774 Out-of-bounds Read vulnerability in Trendmicro Apex ONE 2019/Saas
A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to trigger an out-of-bounds red information disclosure which would disclose sensitive information to an unprivileged account.
4.3
2020-09-29 CVE-2020-25773 Double Free vulnerability in Trendmicro Apex ONE 2019/Saas
A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to execute arbitrary code on affected products.
6.8
2020-09-24 CVE-2020-24560 Improper Certificate Validation vulnerability in Trendmicro products
An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one.
network
low complexity
trendmicro CWE-295
5.0
2020-09-24 CVE-2020-15604 Improper Certificate Validation vulnerability in Trendmicro products
An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one.
network
low complexity
trendmicro CWE-295
5.0
2020-08-27 CVE-2020-8602 Incorrect Permission Assignment for Critical Resource vulnerability in Trendmicro Deep Security Manager and vulnerability Protection
A vulnerability in the management consoles of Trend Micro Deep Security 10.0-12.0 and Trend Micro Vulnerability Protection 2.0 SP2 may allow an authenticated attacker with full control privileges to bypass file integrity checks, leading to remote code execution.
network
low complexity
trendmicro CWE-732
6.5
2020-08-27 CVE-2020-15605 Improper Authentication vulnerability in Trendmicro Deep Security Manager and vulnerability Protection
If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Vulnerability Protection 2.0 SP2 could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication.
network
high complexity
trendmicro CWE-287
5.1
2020-08-27 CVE-2020-15601 Improper Authentication vulnerability in Trendmicro Deep Security Manager and vulnerability Protection
If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Deep Security 10.x-12.x could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication.
network
high complexity
trendmicro CWE-287
5.1
2020-07-15 CVE-2020-15602 Untrusted Search Path vulnerability in Trendmicro products
An untrusted search path remote code execution (RCE) vulnerability in the Trend Micro Secuity 2020 (v16.0.0.1146 and below) consumer family of products could allow an attacker to run arbitrary code on a vulnerable system.
6.9