Vulnerabilities > Trendmicro > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-20 | CVE-2019-19692 | Cross-site Scripting vulnerability in Trendmicro Apex ONE 2019 Trend Micro Apex One (2019) is affected by a cross-site scripting (XSS) vulnerability on the product console. | 4.3 |
| 2019-12-20 | CVE-2019-19691 | Unspecified vulnerability in Trendmicro Apex ONE and Officescan A vulnerability in Trend Micro Apex One and OfficeScan XG could allow an attacker to expose a masked credential key by manipulating page elements using development tools. | 4.0 |
| 2019-12-18 | CVE-2019-19689 | Uncontrolled Search Path Element vulnerability in Trendmicro Housecall for Home Networks Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited via a DLL Hijack related to a vulnerability on the packer that the program uses. | 4.4 |
| 2019-12-18 | CVE-2019-19688 | Unspecified vulnerability in Trendmicro Housecall FOR Home Networks A privilege escalation vulnerability in Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited allowing an attacker to place a malicious DLL file into the application directory and elevate privileges. local trendmicro | 4.4 |
| 2019-12-16 | CVE-2019-18191 | Incomplete Cleanup vulnerability in Trendmicro Deep Security AS A Service A privilege escalation vulnerability in the Trend Micro Deep Security as a Service Quick Setup cloud formation template could allow an authenticated entity with certain unrestricted AWS execution privileges to escalate to full privileges within the target AWS account. | 6.5 |
| 2019-12-02 | CVE-2019-15628 | Untrusted Search Path vulnerability in Trendmicro products Trend Micro Security (Consumer) 2020 (v16.0.1221 and below) is affected by a DLL hijacking vulnerability that could allow an attacker to use a specific service as an execution and/or persistence mechanism which could execute a malicious program each time the service is started. | 6.9 |
| 2019-11-25 | CVE-2019-15629 | Information Exposure vulnerability in Trendmicro Password Manager Trend Micro Password Manager versions 3.x, 5.0, and 5.1 for Android is affected by a FLAG_MISUSE vulnerability that could be exploited to allow the application to share information to third-party applications on the device. | 5.0 |
| 2019-10-28 | CVE-2019-18188 | Unrestricted Upload of File with Dangerous Type vulnerability in Trendmicro Apex ONE 2019 Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could potentially lead to remote code execution (RCE). | 5.0 |
| 2019-10-28 | CVE-2019-18187 | Path Traversal vulnerability in Trendmicro Officescan 11.0/Xg Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution (RCE). | 5.0 |
| 2019-10-17 | CVE-2019-15627 | Link Following vulnerability in Trendmicro Deep Security 10.0/11.0/12.0 Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security Agent are vulnerable to an arbitrary file delete attack, which may lead to availability impact. | 6.6 |