Vulnerabilities > Trendmicro > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-12-20 CVE-2019-19692 Cross-site Scripting vulnerability in Trendmicro Apex ONE 2019
Trend Micro Apex One (2019) is affected by a cross-site scripting (XSS) vulnerability on the product console.
network
trendmicro CWE-79
4.3
2019-12-20 CVE-2019-19691 Unspecified vulnerability in Trendmicro Apex ONE and Officescan
A vulnerability in Trend Micro Apex One and OfficeScan XG could allow an attacker to expose a masked credential key by manipulating page elements using development tools.
network
low complexity
trendmicro
4.0
2019-12-18 CVE-2019-19689 Uncontrolled Search Path Element vulnerability in Trendmicro Housecall for Home Networks
Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited via a DLL Hijack related to a vulnerability on the packer that the program uses.
4.4
2019-12-18 CVE-2019-19688 Unspecified vulnerability in Trendmicro Housecall FOR Home Networks
A privilege escalation vulnerability in Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited allowing an attacker to place a malicious DLL file into the application directory and elevate privileges.
local
trendmicro
4.4
2019-12-16 CVE-2019-18191 Incomplete Cleanup vulnerability in Trendmicro Deep Security AS A Service
A privilege escalation vulnerability in the Trend Micro Deep Security as a Service Quick Setup cloud formation template could allow an authenticated entity with certain unrestricted AWS execution privileges to escalate to full privileges within the target AWS account.
network
low complexity
trendmicro CWE-459
6.5
2019-12-02 CVE-2019-15628 Untrusted Search Path vulnerability in Trendmicro products
Trend Micro Security (Consumer) 2020 (v16.0.1221 and below) is affected by a DLL hijacking vulnerability that could allow an attacker to use a specific service as an execution and/or persistence mechanism which could execute a malicious program each time the service is started.
6.9
2019-11-25 CVE-2019-15629 Information Exposure vulnerability in Trendmicro Password Manager
Trend Micro Password Manager versions 3.x, 5.0, and 5.1 for Android is affected by a FLAG_MISUSE vulnerability that could be exploited to allow the application to share information to third-party applications on the device.
network
low complexity
trendmicro CWE-200
5.0
2019-10-28 CVE-2019-18188 Unrestricted Upload of File with Dangerous Type vulnerability in Trendmicro Apex ONE 2019
Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could potentially lead to remote code execution (RCE).
network
low complexity
trendmicro CWE-434
5.0
2019-10-28 CVE-2019-18187 Path Traversal vulnerability in Trendmicro Officescan 11.0/Xg
Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution (RCE).
network
low complexity
trendmicro CWE-22
5.0
2019-10-17 CVE-2019-15627 Link Following vulnerability in Trendmicro Deep Security 10.0/11.0/12.0
Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security Agent are vulnerable to an arbitrary file delete attack, which may lead to availability impact.
local
low complexity
trendmicro CWE-59
6.6